Previous | Table of Contents | Next
Problem – Describing Authorization and Action Scope
Authorization for an action often reflects formal organization structures. Levels of management control and chain of command influence how authorizations are granted. Permissions are frequently granted at a sufficiently fine-grained level to make distinctions between access, creation, modification, and deletion actions.
Solution
Action authorization may be defined through authorization types and actor sub-type mappings. Default authorizations are established that can be relaxed for roles higher up in the authorization hierarchy. Parameters define the scope in terms of create, read, update, and delete operations.
Example – Data Correction
The personnel department for an organization is responsible for maintaining data on all employees. Data is processed by them to keep employee classification, payroll, and personal data current. Historical corrections to this data are necessary from time to time. Any staff member making corrections must have their edits peer reviewed by another staff member. A supervisor making a correction does nor required review. This example also incorporates the Range Set rule pattern to distinguish between historical data and current data. The Ordering rule pattern places the supervisor at the top of the authorization hierarchy, which only consists of two levels here.
|
Role |
Staff |
|
|
Modification |
all |
|
|
New Data |
no approval |
|
|
Historical Data |
peer review |
|
|
Role |
Supervisor |
|
|
Historical Data |
no approval |
|
|
Hierarchy |
{supervisor, staff} |
|
UML Representation and Related Patterns
The Authorization business rule pattern maps an Actor model element. This pattern may collaborate with the Range Set and Ordering business rule patterns to establish authorization hierarchies and scope of authority.
Previous | Table of Contents | Next