The DEAT Business Rule Pattern Language

Russell R. Hurlbut, Ph.D.

Previous | Table of Contents | Next

Rule Pattern 24: Authorization

Problem Describing Authorization and Action Scope

Authorization for an action often reflects formal organization structures. Levels of management control and chain of command influence how authorizations are granted. Permissions are frequently granted at a sufficiently fine-grained level to make distinctions between access, creation, modification, and deletion actions.

Solution

Action authorization may be defined through authorization types and actor sub-type mappings. Default authorizations are established that can be relaxed for roles higher up in the authorization hierarchy. Parameters define the scope in terms of create, read, update, and delete operations.

Example Data Correction

The personnel department for an organization is responsible for maintaining data on all employees. Data is processed by them to keep employee classification, payroll, and personal data current. Historical corrections to this data are necessary from time to time. Any staff member making corrections must have their edits peer reviewed by another staff member. A supervisor making a correction does nor required review. This example also incorporates the Range Set rule pattern to distinguish between historical data and current data. The Ordering rule pattern places the supervisor at the top of the authorization hierarchy, which only consists of two levels here.
Data Correction Parameters
Role Staff
Modification all
New Data no approval
Historical Data peer review
Role Supervisor
Historical Data no approval
Hierarchy {supervisor, staff}

UML Representation and Related Patterns

The Authorization business rule pattern maps an Actor model element. This pattern may collaborate with the Range Set and Ordering business rule patterns to establish authorization hierarchies and scope of authority.
 

Previous | Table of Contents | Next

Copyright 1998 Expertech.Ltd. All Rights Reserved.
Legal