Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization Structure/Concept

Go to solution
Former Member

‎01-10-2007 11:16 PM

0 Kudos

Hi All,

While designing an authorization structure/concept for a new system, from experiences can i ask if it is best to use any of the following methods, or some different approach?

1. Many varying sized Single Roles and few Composite Roles, where the Composite Role is usually directly related the 'Business Job Title', so in theory a user should be assigned 1 (maybe more in some cases) Composite Role.

2. No Composite Roles, and ONLY medium to varying sized Single Roles, in which case many of these are assigned to each user.

I think in most scenarios it may be a mixture of the two, but i have experience of the second and it does work but manageability becomes an issue due to complexity. So the Composite Role structure should reduce the complexity and give future flexibility however this requires more time up front.

I know this is brief but i have left it slightly open for comments/opinions, thanks in advance for any information.

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎01-11-2007 4:35 AM

0 Kudos

Hi Ashley,

i suggest you to go with approach "1", i.e, creating composite roles and assigning to users. but i suggest you to have a clear picture of, what roles should come under wht composite role and to which group of users you have assign them.

prepare an list of of all single roles and composite roles (which group them).

with BR,

Rajesh

<i>award points</i>

5 REPLIES 5

Go to solution
Former Member

‎01-11-2007 4:35 AM

0 Kudos

Hi Ashley,

i suggest you to go with approach "1", i.e, creating composite roles and assigning to users. but i suggest you to have a clear picture of, what roles should come under wht composite role and to which group of users you have assign them.

prepare an list of of all single roles and composite roles (which group them).

with BR,

Rajesh

<i>award points</i>

Go to solution
Former Member

‎01-16-2007 12:39 PM

0 Kudos

Hi,

Choose option 1. but first segregate the job roles and then group them.

make sure there should not be any conflicts or collisions (SOD/SOX prespective)

thanks,

Praveen

Go to solution
Former Member

‎01-16-2007 5:03 PM

0 Kudos

Hi Ashley,

From my experience, we have many single roles.. and as u have said a few composite roles on the front and titles are related to Business.

Its indeed the way to go about this method and we have used some specific single roles as ADD ON roles in scenarios when the user would require it.

We have strict valid dates for such ADD ON roles and hence it has served us the purpose.... Also a clear segragation of IS and Buisness would help a alot in this case.

Hope it helps.

Br,

Sri

Award points for helpful answers

Go to solution
Former Member

‎01-17-2007 9:33 AM

0 Kudos

Thank you all for your views and advise, this has provided a wider view of implemented concepts.

Perhaps there are some more comments to come so i will leave this for now to develop.

Thanks

Go to solution
Former Member

‎01-22-2007 10:07 AM

0 Kudos

Closing question.

The answers given have displayed a wider experience and implementation to aid Authorization Concept building.

Thanks to all who contributed.

Regards

Ashley