>

> Is there a blueprint that I can use?

I doubt you'll ever find (a usable) one for free or on such a forum for that matter. Most of us earn (part of) our money designing them tailored to the customers' needs. I for one am surely not going to give examples away.

The best strategy will always be:

1- determine the needs in the company (what are the tasks for various people and which resources do they need to achieve their goals).

2- determine which data has to be secured.

3- draw a concept based on above information and have it validated by the business.

4- design taskroles (singles) per task and functionroles (composites) to group tasks into functions.

5- test both tasks and functions. The first test can be part of a unit test while the second one will be like an integration test.

People you need:

Functional consultants per module. They know about module-specific authorization stuff.

Business consultants and/or key users who know which processes there are and how they're divided over the various jobs/functions in the company

The (internal) auditors to tell you which information needs to be secured.

As you see this is not a one person job and the outcome will differ per company.

Jurjen