<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

System Data Modelling Series: Identity Management System - Workflow dependence

Published on
8,724 Points
2,724 Views
Last Modified:
Approved
Pretext and Context

In previous article, I designed the data model of a basic Identity Management System. In this article, I will enhance the scope and boundaries of the system to make it a workflow based system. In the process, new entities and relationships will be introduced and some changes will be made to the existing entities and relationship between them, which were designed in previous article.

Scope and Boundaries
Identity Management System (IDM) is a system meant to manage the indentity of users in external systems. Apart from the scope mentioned in previous article, additional scope includes:
identity management is workflow dependent now.
System will have its own defined users, and will be managed by the system itself.
Other features of the system are:
management is not based any variable like time, event, etc .
No policy-based identity management for other systems.
management of its own system users will be workflow based now..

Lets understand Workflows in System

To understand what is workflow in a system and why it is important to manage for IDM system, lets visualize this. IDM system receive a request for the verification of an identity against a certain resource. Response is requested instantly, so IDM has to evaluate a Yes/No from the data that it has collected about the identity and its relation to the resource. For example, a leave application system may ask for the verification whether the employee can update the leave details after it has been approved or before it is approved. Leave application system may not want the employee to update the leave details after it has been approved, but should be able to do so before the leave was approved. IDM need to have the data to differentiate the different stages in the process so that if the request to authorize the access to update leave detail functionality has come at a stage when leave is not approved, IDM has to say yes, but if the request to authorize the access to update leave detail functionality has come at a stage when leave is approved, then IDM has to say no.

Managing Workflows
A workflow can be specified in terms of different stages the system can be in after starting from initial stage, and how does it move in which ever direction so that it reaches its end stage. Mathematically, it can be specified in terms of proven 5-tuple theory.
Start stage
Stages in the system
Inputs to the system (in terms of action taken at that stages)
Mapping of a current stage to next stage with respect to different actions taken at current stage
final stage

Mapping of one stage to the other based on user actions is not captured in this system, since the requesting system needs to tell that at which stage of the workflow the request is made. How the transition from one stage to the other is captured is not in scope of this system's data modelling, and can be done in any which the client system (to IDM) wants.

Entities in the System

Equipment Elements, Personnel Elements, and Information Storage Elements stays the same as previous one.
Data elements though, have changed due to change in scope and all the entities (old one and new one) are discussed below in detail.

Following are the different entities captured by the system

1) User
User entity has following attributes:
      a) User Id
      b) User Name

2) Role
Role entity has following attributes:
      a) Role Id
      b) Role Name
      
3) Permission_Group
Permission Group entity is basically a logical grouping of the permission, so it has following attributes:
      a) Permission Group Id
      b) Permission Id
      
4) System
Systems whose users' identity are going to be managed by IDM system has the following attributes:
      a) System Name
      b) System Id

5) Entity
An entity that belongs to a system and access to whome will be managed by the IDM system has the following attributes
      a) Entity Id
      b) Entity Name

6) Attribute
An attribute that belongs to a Entity or an interface and access to whome will be managed by the IDM system has the following attributes
      a) Attribute Id
      b) Attribute Name

7) Interface
An interface (for example a User-Interface) that belongs to a system and access to whome will be managed by the IDM system has the following attributes
      a) Interface Id
      b) Interface Name

8) Workflow
A workflow for a system represents the stages through which a system's process goes through.
      a) Workflow Id
      b) Workflow Name

9) Stage
A stage is a state in which a workflow will at any given point of time.
      a) Stage Id
      b) Stage Name


Following are the different relationship entities captured by the system

1) User_Role
User Role entity is the relationship entity between User and Role. It has the following attributes:
      a) User Id
      b) Rold Id

2) Role_Permission_Group
Role Permission Group entity is the relationship entity between Role and Permission_Group. It has the following attributes:
      a) Role_Id
      b) Permission_Group_Id

3) Permission_System_Entity_Right
Permission System Entity Right is the relationship entity between permission group, System, and Entity. It gives a meaning to the permission id. It means that what kind of right does this 'Permission Id' has on the System's entity. It has the following attributes:
      a) Permission Id
      b) System Id
      c) Entity Id
      d) Right Type: It specifies the type of right on this relation. The 'Right' could be of type 'Writeable', "readonly', 'hidden', etc
      e) Workflow Id
      f) Stage id

4) Permission_System_Entity_Attribute_Right
Permission System Entity Attribute Right is the relationship entity between permission group, System, Entity, and Attribute. It gives a meaning to the permission id. It means that what kind of right does this 'Permission Id' has on the Entity's attribute. It has the following attributes:
      a) Permission Id
      b) System Id
      c) Entity Id
      d) Attribute Id
      e) Right Type: It specifies the type of right on this relation. The 'Right' could be of type 'Writeable', "readonly', 'hidden', etc
      f) Workflow Id
      g) Stage id

5) Permission_System_Interface_Right
Permission System Interface Right is the relationship entity between permission group, System, and Interface. It gives a meaning to the permission id. It means that what kind of right does this 'Permission Id' has on the System's Interface. It has the following attributes:
      a) Permission Id
      b) System Id
      c) Interface Id
      d) Right Type: It specifies the type of right on this relation. The 'Right' could be of type 'Writeable', "readonly', 'hidden', etc
      e) Workflow Id
      f) Stage id

6) Permission_System_Interface_Attribute_Right
Permission System Interface Attribute Right is the relationship entity between permission group, System, Interface, and Attribute. It gives a meaning to the permission id. It means that what kind of right does this 'Permission Id' has on the Interface's attribute. It has the following attributes:
      a) Permission Id
      b) System Id
      c) Interface Id
      d) Attribute Id
      e) Right Type: It specifies the type of right on this relation. The 'Right' could be of type 'Writeable', "readonly', 'hidden', etc
      f) Workflow Id
      g) Stage id

7) Permission_System_Right
Permission System Right is the relationship entity between permission group, and System. It gives a meaning to the permission id. It means that what kind of right does this 'Permission Id' has on the system. It has the following attributes:
      a) Permission Id
      b) System Id
      c) Right Type: It specifies the type of right on this relation. The 'Right' could be of type 'Writeable', "readonly', 'hidden', etc
      d) Workflow Id
      e) Stage id

8) Workflow-Stage
Workflow Stage is the relationship entity between Workflow, and Stage. It tells that which stage belongs to which workflow. It has the following attributes:
      a) Workflow Id
      b) Stage Id

This concludes the data-modelling design for the IDM with workflow dependent identity authorization. It has covered both the master entities and relationship entities on which this system is based on.


0
0 Comments

Featured Post

Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

A query can call a function, and a function can call Excel, even though we are in Access. This is Part 2, and steps you through the VBA that "wraps" Excel functionality so we can use its worksheet functions in Access. The declaration statement de…
See the Basics of Office 365's Note Taking app, OneNote

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month