Segmenting Authority in the Database

In Chapter 7, we recommend that you use a spreadsheet approach to list the envisioned objects within an application. We tell you to identify the actions that would be permitted against each object and to group the actions together and assign them to a role. Let’s look briefly here at how you might do this.

For example, let’s look at a piece of an application that will be used in a car dealership. The departments follow:

  • New and used car sales

  • Customer vehicle servicing

  • Car leasing

  • Automobile parts

  • General bookkeeping

  • Automobile detailing

  • Paint and body shop

When a new car is received, an entry is made into the database in the automobile information area detailing the car’s vehicle identification number (VIN), make and model, color, wholesale price, accessories, etc., reflecting the information needed for the car’s invoice. The dealership manager or sales manager might examine the car and decide to add a sunroof or other feature to improve the sales appeal. A work order will be written up and the body shop will perform the work. The car will go to the sales floor where it will be shown. A customer will come in, test-drive the vehicle, fall in love with it, and buy it. The sale will be finalized and the car delivered to the new owner. Assuming that the customer is loyal and stays in the dealership’s area, the car will be returned to the dealership periodically for maintenance and repair work. Over the life of the car, several different areas ...

Get Oracle Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.