tags:

views:

1000

answers:

2
+2  Q: 

How to best visualize a "permission Matrix" in an UML class diagram?

For the sake of simplicity:

There is a permission based system in place with different kinds of user levels and actions (think: UNIX file system permissions)

What would be the best approach to visualize this in UML?

A: 

I like to think of a file system object has having a number of standard methods, each of which has an associated permission.

There are 9 methods/permissions that of usually of interest: the combinations of (User, Group, Other) * (Read, Write, Execute). Additionally, there are options like Sticky and SetUID.

A file system object is associated with one user and one group. A user is associated with any number of groups.

The current user is associated with any number of groups.

The above is pretty standard class diagram stuff. File system objects, users, groups, associations. And the file system objects have a pile of attributes and the 9 canonical methods.

The constraint on what's allowed doesn't have a tidy diagram. It's a set of rules expressions. The first is which permission set to use (user, group or other) and then which permission in the set (read, write or execute).

You could, I suppose, define a class of users with some set of concrete objects (Unix has user, group, other), and a class of operations with some set of concrete objects (Unix has read, write, execute). You can then define permissions with two associations: one to user class and one to operation class.

I think it's easier to just list the complete set methods that to fussily diagram the combinations user class instances and operation class instances.

S.Lott  2008-10-26 02:26:12
A: 

I typically have classes that represent Users, Roles, and Permissions. Users belong to Roles and Roles are granted Permissions. Permissions are required to access other objects. In UML I suppose that you would model Role as an abstract base class and have multiple different implementations, one for each role.

Typically, I model a Permission as object containing sets of readable,writable,delete-able business entity classes (perhaps containing property exclusions or inclusions). Each role, then has one Permission. That permission allows or denies access to one or more other classes. Permission is by default denied, and access only allowed if the class is in the appropriate set for the action requested.

tvanfosson  2008-10-26 03:53:19

related questions

How to keep track of the references to an object?
When should you use 'friend' in C++?
Overiding the equals method vs creating a new method
Making one interface overwrite a method it inherits from another interface in PHP
What are the correct stencils for object relational diagramming in visio?
Is Single Responsibility Principle a rule of OOP?
Expression Evaluation and Tree Walking using polymorphism? (ala Steve Yegge)
Access to global application settings
Inheritance and Polymorphism - Ease of use vs Purity
Do you name controls on forms using the same convention as a private variable?
How do you create a static class in C++?
How do you create objects in Perl?
Why all the Active Record hate?
When is OOP better suited for?
Accessing a CONST attribute of series of Classes
Multi-Paradigm Languages
Speed Comparisons - Procedural vs. OO in interpreted languages
pass by reference or pass by value?
How to Think in OO
Using object property as default for method property
Adding a Method to an Existing Object
Object Oriented vs Relational Databases
Class views in Django
C++: Should I use nested classes in this case?
How would you access Object properties from within an object method?