Reputation: 1167
Class Diagram for Authentication and Authorization Service
This is the scenario
The system has two main users the SYSTEM USER and END USER. An end user is further divided into two users named CLIENT USER and INTERNET USER, client user is associated in database accessible account while internet user is not.
All users are classified into different ROLES, And each role is associated with a set of accessible MODULES, and different modules contain different FUNCTIONS like view, add, edit and delete functions.
Different roles may be associated with different functions in modules. Sample Super Admin role may access and do add edit delete function in user access module while Power User may only access it or view it.
When User logs-in the security service would authenticate the user with username and password. If it is authenticated, it will look up the roles associated with the user and display the granted modules on screen for users to select for access.
I have created a simple class diagram containing the fields or attributes per class, I am just not sure if it is correct, like the connectors or relationship implemented, the cardinality and the methods per class, I have only input the method for one class and that is for login (login()) method.
Upvotes: 4
Views: 9777
Answers (2)
Reputation: 13711
I can see a couple of things wrong with your model:
- What are those filled arrows supposed to be? If you mean Inheritance then you have to used a non filled arrowhead.
- Is LOGIN also a user? There's something weird about that. I would expect login() to be a operation somewhere taking a username and password as parameters, not necessarily a class on it's own, and I probably wouldn't model it with attributes UserName and Password.
- If all the subclasses of USER have a UserName and Password. Don't you think you should define those on the class USER?
- Are USER and END USER supposed to be concrete or abstract? Seems like they might need to be abstract.
- Classes are generally named in the singular form. So rather use ROLE instead of ROLES
- What is the roleID doing on the class USER? That seems wrong. If you are using UML then don't put foreign key field on your classes. RoleID is an attribute of ROLE and should not be on USER.
- Why do you need all those ID attributes? If you are modelling on a logical level you can assume that each class has a unique identity and you don't need to worry about the technical implementation of that identity (string, GUID, ...). If on the other hand you are making a technical model then you are missing about 70% of the details.
Upvotes: 4
Reputation: 1789
I would do something like that : 
You get users who can login and who have different roles, when you execute a function (renamed service), the Service gets its module and request the module to check if the session user has the right to execute the Service.
Does this help you ?
Upvotes: 1
Related Questions
- Class Design (UML Class Diagram)
- UML Class Diagram - questions on class diagram for user authentication
- Which design patterns should I use?
- UML class diagram implementing Registration for login
- UML Class Diagram for User Login
- USE case to Class Diagram - How do I?
- Security diagrams and UML
- Designing a User Access/Permissions class
- Coding architectural question
- Object Model Authorization - OO Design Question