| Requirement Pattern Authorization | Description | This pattern expresses the need of having the system functionality (possibly configurable) to protect system resources from unauthorized accesses | |
| Comments | Is required to take into account the customers needs about user hierarchies and access rights, also is important to review the current technology about authorization mechanisms | ||
| Pattern goal | Ensure that users access system resources according their access rights. | ||
| Author | GESSI-SSI | ||
| Sources (0..*) |
| ||
| Keywords (0..*) | Security | ||
| Dependencies (0..*) | IMPLIES Authentication IMPLIES Stored Data Protection | ||
| Requirement Form Authorization | Description | This form is applicable when the customer need to protect system resources from unauthorized accesses. The requirement book declares user profiles, resources, control access types and technology used, and maybe some particular authorization rules, as well as the possibility for an administrator to customize these issues. | |
| Comments | Application of extensions: Authorization Profiles, Authorization Profiles Customization, Authorization Resources, Authorization Resources Customization, Authorization Control Access, Authorization Control Access Customization, Authorization Technology: may be applied at most once each. | ||
| Version date | 2009-03-20 00:00:00.0 | ||
| Author | GESSI-SSI | ||
| Sources (0..*) |
| ||
| Fixed Part | Question text | ---- | Form text | The system shall control user access rights to all kind of resources. |
| Extended Part Authorization Control Access | Question text | ---- | Form text | The system shall control %authContAccess% access types to the resources. |
| Parameter | Metric | ||
| authContAccess: is a non-empty set of system control access types | ControlAccessTypes: ControlAccessTypes = Set(ControlAccessType) ControlAccessType = Domain(Read, Write, Execute, …) | ||
| Extended Part Authorization Control Access Customization | Question text | ---- | Form text | The system shall allow an administrator to define control access to system resources. |
| Extended Part Authorization Profiles | Question text | ---- | Form text | The system shall recognize %userProfiles% users profiles. |
| Parameter | Metric | ||
| userProfiles: is a non-empty set of user profiles | UserInterfaceActions: UserInterfaceActions = Set(UserInterfaceAction) UserInterfaceAction = Domain(Initial Screen Load, Transition between Screens, Complex Searches, ...)\n | ||
| Extended Part Authorization Profiles Customization | Question text | ---- | Form text | The system shall allow an administrator to define user profiles. |
| Extended Part Authorization Resources | Question text | ---- | Form text | The system shall manage user access rights to %resNames% resources. |
| Parameter | Metric | ||
| resNames: is a non-empty set of system resource | SystemResources: SystemResources = Set(SystemResource) SystemResource = Domain(Document, Section, Database,...) | ||
| Extended Part Authorization Resources Customization | Question text | ---- | Form text | The system shall allow an administrator to define user access rights to system resources. |
| Extended Part Authorization Rule | Question text | ---- | Form text | Users with profile %userProfiles% shall have %authContAccess% rights to access the system resources %resNames% |
| Parameter | Metric | ||
| resNames: is a non-empty set of system resource | SystemResources: SystemResources = Set(SystemResource) SystemResource = Domain(Document, Section, Database,...) | ||
| authContAccess: is a non-empty set of system control access types | ControlAccessTypes: ControlAccessTypes = Set(ControlAccessType) ControlAccessType = Domain(Read, Write, Execute, …) | ||
| userProfiles: is a non-empty set of user profiles. It must hold that their values are contained in the domains defined with the extensions above. | UserProfiles: UserProfiles = Set(UserProfile) UserProfile = Domain(Administrator, Author, User, ...) | ||
| Extended Part Authorization Rules Customization | Question text | ---- | Form text | The system shall allow an administrator to define authorization rules. |
| Extended Part Authorization Technology | Question text | ---- | Form text | The authorization process shall be based on the %authMechanism% authorization mechanism |
| Parameter | Metric | ||
| authMechanism: is an authorization software technology | AuthorizationTechnology: AuthorizationTechnology = Domain(Active Directory, Novell eDirectory, OpenDirectory, …)\n | ||