Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Summary
In a complex application decisions have to be made whether a person is allowed to perform a certain action. This is frequently encountered in Dynamic Case Management applications where a user is only allowed to perform a subset of tasks. You may also encounter it in applications without process engine, where the end user is not allowed to see certain information based on some criteria.
As the user permission example does not concern the core business rules of a company, but a way of structuring the work of its employees, is the Application Layer the appropriate location for this scenario (arrow 5). External systems may use the same logic for deriving user permissions (arrow 4).
UI Text Box | ||
---|---|---|
| ||
Security is a separate concern and ideally should not be mixed with the core of the domain. When mixed, these could intertwine and get more difficult to maintain. Having these separate, makes it clear what is authorization, and what is core business. |
Contents
Table of Contents | ||
---|---|---|
|
Context
For the user permission example the following categories are important.
Type | |
---|---|
Knowledge | Implicit vs. Explicit call |
User set vs. System set | |
Input and Output parameters vs. complex model | |
Simple input vs complex input | |
Maintainability It should be possible to quickly make changes to business rules independent of other functionality. | Complexity of the Decoupling pattern vs Gain |
Internals invisible vs visible (encapsulation) | |
Testable | |
Autonomy/decoupling | |
Reusability | |
Out of the box vs. Custom Code. |
Problem
A good example can be found in a DCM application for mortgage applications. Based on the current application the system has to decide whether the Junior Mid-Office employee is allowed to make the approval decision, or if a more senior role is needed. The stakeholders may decide that any property with a value under half a million can be done by junior employees, while anything above has to be done by a senior employee. Furthermore the user should not have performed previous tasks for the application, to adhere to the four-eyes principle.
Solution
Description of solution.
Issues and considerations
Issues and considerations.
Decouple Category
Properties
Property | Description |
---|---|
Decouple category | Application function (5) |
Complexity | Low |
Related patterns/Solutions |
|