The Model Driven Software Network

Raise your level of abstraction

Modeling filter definitions to implement data based permissions


I am modeling business like applications using UML and like to specify filters on data to be applied based on roles. Starting with the filter definition I thought this would be a working solution:

The user should see only those forms, that are owned by him/her. The application is therefore assigned with the user_application NM linking table.

To apply a filter for any form pointing to the entity 'formulare', I have put the filtered>> dependency to the entity. The filter may be applied as a INNER JOIN SQL query, or in my case due to abilities using a bunch of subqueries.

Is this a good solution, or a bad one?

I think, I can get the entities out of the dependencies and build up my internal model, I haven't yet designed for this.

The FormularFilter class is stereotyped to specify the kind of the filter and thus, I know this filter is applied at user level and not at group level or the like.

A group filter may be possible but this is also not yet designed.

Any suggestions?

Thanks, Lothar

Views: 131

Reply to This



© 2019   Created by Mark Dalgarno.   Powered by

Badges  |  Report an Issue  |  Terms of Service