System Data Modeling Series: Identity Management System - Basic System

Gurvinder Pal SinghComputer Scientists
CERTIFIED EXPERT
Published:
Pretext and Context:
In this series, I wish to design the data model of systems in question. I will start by defining the scope and boundaries of the system, followed by subsystems involved, then finally the entities in those systems and subsystems. System in question is either made up based on real-life experiences or something that I might have heard before somewhere. Scope and boundaries of the system will have the definition and the different functionalities and roles in that system.

Scope and Boundaries:
Identity Management System (IDM) is a system meant to manage the identity of users in external systems. Scope of managing the identity ranges from usual CRUD (create, update, retrieve and delete) to other activities like:
managing the user's role and permissions (basic CRUD)
verifying user's permissions against an data entity or screen interface attributes

Other features of the system are:
management is not based any variable like time, event, etc
No work flow is involved; request for management, its review and approval is out of the scope.
No credentials required to use the system

Entities in the System:
Before I jump on to the entities in this system, let me specify (for the sake of clarity and better understanding) the different elements of the system
Equipment Elements:
Since the system in question is an automated one, and is expected to serve the IDM services to the requester, so an example of that could be a desktop application server waiting for the request to come and which will have all the necessary softwares and hardwares for the processing of request and its response.
Personnel Elements:
Since the system in question is an automated one, there is no manual operator for this system. Also, the decision making will be done by the system as per the application logic based on the data-captured by the system. So, the decision making while being dynamic in nature (since it depends on requesters' inputs), will still be static in a way, since the logic to process those inputs will still be a static one.
Information Storage Elements:
Data captured and used by the system will be stored in a database files for persistence and could also be available in the application server's memory based on the criticality of data and depends on when the data was last accessed for processing.
Data Elements
Data elements are the entities involved in the system, and they will be described ahead in more details in the Data Modeling for the system section.

Data Modeling for this system
I will derive the entities using a simple process.
First, describe the entities and attributes captured by the system
Second, describe the relation ship between these entities by describing the relationship entities

Following are the different entities captured by the system
1) User
User entity has following attributes:
      a) User Id
      b) User Name

2) Role
Role entity has following attributes:
      a) Role Id
      b) Role Name
      
3) Permission_Group
Permission Group entity is basically a logical grouping of the permission, so it has following attributes:
      a) Permission Group Id
      b) Permission Id
      
4) System
Systems whose users' identity are going to be managed by IDM system has the following attributes:
      a) System Name
      b) System Id

5) Entity
An entity that belongs to a system and access to whome will be managed by the IDM system has the following attributes
      a) Entity Id
      b) Entity Name

6) Attribute
An attribute that belongs to a Entity or an interface and access to whome will be managed by the IDM system has the following attributes
      a) Attribute Id
      b) Attribute Name

7) Interface
An interface (for example a User-Interface) that belongs to a system and access to whome will be managed by the IDM system has the following attributes
      a) Interface Id
      b) Interface Name


Following are the different relationship entities captured by the system
1) User_Role
User Role entity is the relationship entity between User and Role. It has the following attributes:
      a) User Id
      b) Role Id

2) Role_Permission_Group
Role Permission Group entity is the relationship entity between Role and Permission_Group. It has the following attributes:
      a) Role_Id
      b) Permission_Group_Id

3) Permission_System_Entity_Right
Permission System Entity Right is the relationship entity between permission group, System, and Entity. It gives a meaning to the permission id. It means that what kind of right does this 'Permission Id' has on the System's entity. It has the following attributes:
      a) Permission Id
      b) System Id
      c) Entity Id
      d) Right Type: It specifies the type of right on this relation. The 'Right' could be of type 'Write able', "read only', 'hidden', etc

4) Permission_System_Entity_Attribute_Right
Permission System Entity Attribute Right is the relationship entity between permission group, System, Entity, and Attribute. It gives a meaning to the permission id. It means that what kind of right does this 'Permission Id' has on the Entity's attribute. It has the following attributes:
      a) Permission Id
      b) System Id
      c) Entity Id
      d) Attribute Id
      e) Right Type: It specifies the type of right on this relation. The 'Right' could be of type 'Write able', "read only', 'hidden', etc

5) Permission_System_Interface_Right
Permission System Interface Right is the relationship entity between permission group, System, and Interface. It gives a meaning to the permission id. It means that what kind of right does this 'Permission Id' has on the System's Interface. It has the following attributes:
      a) Permission Id
      b) System Id
      c) Interface Id
      d) Right Type: It specifies the type of right on this relation. The 'Right' could be of type 'Write able', "read only', 'hidden', etc

6) Permission_System_Interface_Attribute_Right
Permission System Interface Attribute Right is the relationship entity between permission group, System, Interface, and Attribute. It gives a meaning to the permission id. It means that what kind of right does this 'Permission Id' has on the Interface's attribute. It has the following attributes:
      a) Permission Id
      b) System Id
      c) Interface Id
      d) Attribute Id
      e) Right Type: It specifies the type of right on this relation. The 'Right' could be of type 'Write able', "read only', 'hidden', etc

7) Permission_System_Right
Permission System Right is the relationship entity between permission group, and System. It gives a meaning to the permission id. It means that what kind of right does this 'Permission Id' has on the system. It has the following attributes:
      a) Permission Id
      b) System Id
      c) Right Type: It specifies the type of right on this relation. The 'Right' could be of type 'Write able', "read only', 'hidden', etc

This concludes the data-modeling design for the IDM. It has covered the master entities on which this system is based on. The 'Right type' attribute could also be foreign key taken from a 'Right' table which can have a name and Id. But, for the simplicity purpose such normalization is left out.
0
3,284 Views
Gurvinder Pal SinghComputer Scientists
CERTIFIED EXPERT

Comments (1)

Mayank SPrincipal Technologist
CERTIFIED EXPERT

Commented:
What is the business area that we are targetting here? Something like social networking? And if that is the case, then my second question is that what is the difference that we are highlighting in this system compared to what already exists in the market?

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.