When designing the security model, duties were decided upon. Creating the duties and adding the relevant permissions is therefore straightforward.
There is one set of privileges that we didn't include in the role duties—the ConFMSVehicleInfoParts privilege. The reason these were created in a separate privilege is that we may add these parts to other parts of the system, as we did on the appointment form. The security administrator can then add this privilege to the appropriate duties and/or roles.
We will create a specific duty for this privilege in order to avoid having to add the privilege directly to a role. We may later develop new parts that should be included in this duty, adding the new privileges to the duty avoids the need to adjust the role.
The mapping from duties to privileges is as follows:
|
Duty |
Privilege |
|---|---|
|
Maintaining vehicle information |
|
|
Maintaining vehicle service records |
|
|
Maintaining fleet management setup |
|
|
Maintaining vehicle status |
|
|
Maintaining vehicle group for a vehicle |
|
|
Updating current vehicle information |
|
|
Viewing vehicle service records. |
|
|
Creation of vehicle service records |
|
|
Viewing vehicle and service information parts |
|
|
Invoking vehicle service server methods |
|
To create the duties, follow these steps for each duty in the preceding table:
- Create a new duty under the project's Security | Duties node named according to the table.
- Provide a label that provides a short description of the duty, and Description as appropriate.
- Drag the appropriate privileges onto the Privileges node of the duty.