How to implement Authorization mechanism For Entity services

Hi ,

   Need suggestion to  implement Authorization mechanism For Entity services

Requirement

Suppose i have an Entity ( name as "SalesOrderHeader" )  and service available for this Entity are

GET ( Entity / EntitySet )

POST

PUT

Delete

Custom_operation1

Custom_operation2

Custom_operation3

now the there are 3 user (admin , supervisor , customer )

- Admin can use all service mentioned above

- Supervisor can use only services shown below

     GET ( Entity / EntitySet )

     PUT

     Custom_operation1

     Custom_operation2

- Now Customer can use read only service such as

     GET ( Entity / EntitySet )

     Custom_operation1 

    Hope this requirement is somewhat clear.... Plz let me know if anything else information is required .

Regards,

Jibin Joy