Raise your level of abstraction
I am modeling business like applications using UML and like to specify filters on data to be applied based on roles. Starting with the filter definition I thought this would be a working solution:
The user should see only those forms, that are owned by him/her. The application is therefore assigned with the user_application NM linking table.
To apply a filter for any form pointing to the entity 'formulare', I have put the filtered>> dependency to the entity. The filter may be applied as a INNER JOIN SQL query, or in my case due to abilities using a bunch of subqueries.
Is this a good solution, or a bad one?
I think, I can get the entities out of the dependencies and build up my internal model, I haven't yet designed for this.
The FormularFilter class is stereotyped to specify the kind of the filter and thus, I know this filter is applied at user level and not at group level or the like.
A group filter may be possible but this is also not yet designed.