| Users, Roles and Privileges Documentazione UML |
Rules and Parameters::Users, Roles and Privileges
Classe Privilege
This entity includes all reference data for Privileges {T2S.11.360}. Each Privilege can be linked to one or many Parties, Users and Roles. When linking a Privilege to a Party, a User or a Role, the following Boolean attributes are set:• Deny Option, to specify whether the associated function is allowed or explicitly denied to the grantee; • Administration Option, to specify whether the grantee of the privilege is allowed to grant the same privilege to another Party, User or Role; when revoking for a user a privilege that was granted previously with the administration option, the same privilege is also revoked, according to a cascade principle, for all the parties (including their users and roles) that were previously granted the same privilege by the same user;• Four-Eyes Option, to specify whether the grantee of the privilege is allowed to use the associated function according to the Two-Eyes or Four-Eyes principle (this attribute is relevant only for privileges related to functions that can be used both according to the Two-Eyes and to the Four-Eyes principle). {T2S.11.362}System administrators can grant the available privileges to their Parties, Users and Roles in order to set up their change approval configuration {T2S.16.180}, i.e. the applicable combination of change type (e.g. create, update, delete) {T2S.16.200} and update type (i.e. Two-Eyes mode or Four-Eyes mode) {T2S.16.190} for all the relevant functions and static data objects. {T2S.16.210}Object privileges, i.e. privileges related to functions that apply to specific static data objects can be granted:• In relation to a single static data “secured” object only (e.g. a single securities account);• In relation to a “secured” group of static data objects (e.g. a set of T2S dedicated cash accounts).For each Object Privilege, the set of object types associated to it is already given by definition, i.e. it is determined by the specific function associated to the Privilege (e.g. the privilege to display a security can only be granted for securities and not for other static data object types).
Attributi |
<Primitive Type> String | Privilege Name |
Name of the privilege.
|
<Primitive Type> String | Privilege Description |
Description of the privilege.
|
<Primitive Type> String | Privilege Type |
It specifies a classification for the privilege. The exhaustive list of possible values is as follows:• System, i.e. the associated function does not apply to a specific static data object type (e.g. a function to query the current phase of the settlement day).• Object, i.e. the associated function applies to a specific static data object type (e.g. a function to display securities account).
|
<Primitive Type> String | Function Name |
Name of the function associated to the privilege.
|
<Primitive Type> String | Function Technical Identification |
It specifies all the data needed in order to identify and to trigger the function, e.g. the type of function (query, report, etc), the type of interaction (push, pull, interactive), the set of required input parameters for the function and so forth.
|
<<Entity>> <Class> Privilege Party | privilege Party | |
Proprietà:
Function Name
Public <Primitive Type> String Function Name
-
Name of the function associated to the privilege.
-
Vincoli:
-
Proprietà:
-
Aggregation | None |
Class | <<Entity>> <Class> Privilege |
Is Composite | false |
Is Derived | false |
Is Derived Union | false |
Is Leaf | false |
Is Ordered | false |
Is Read Only | false |
Is Static | false |
Is Unique | true |
Lower | 1 |
Multiplicity | 1 |
Name | Function Name |
Namespace | <<Entity>> <Class> Privilege |
Owner | <<Entity>> <Class> Privilege |
Qualified Name | T2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::Function Name |
Type | <Primitive Type> String |
Upper | 1 |
Visibility | Public |
Function Technical Identification
Public <Primitive Type> String Function Technical Identification
-
It specifies all the data needed in order to identify and to trigger the function, e.g. the type of function (query, report, etc), the type of interaction (push, pull, interactive), the set of required input parameters for the function and so forth.
-
Vincoli:
-
Proprietà:
-
Aggregation | None |
Class | <<Entity>> <Class> Privilege |
Is Composite | false |
Is Derived | false |
Is Derived Union | false |
Is Leaf | false |
Is Ordered | false |
Is Read Only | false |
Is Static | false |
Is Unique | true |
Lower | 1 |
Multiplicity | 1 |
Name | Function Technical Identification |
Namespace | <<Entity>> <Class> Privilege |
Owner | <<Entity>> <Class> Privilege |
Qualified Name | T2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::Function Technical Identification |
Type | <Primitive Type> String |
Upper | 1 |
Visibility | Public |
Privilege Description
Public <Primitive Type> String Privilege Description
-
Description of the privilege.
-
Vincoli:
-
Proprietà:
-
Aggregation | None |
Class | <<Entity>> <Class> Privilege |
Is Composite | false |
Is Derived | false |
Is Derived Union | false |
Is Leaf | false |
Is Ordered | false |
Is Read Only | false |
Is Static | false |
Is Unique | true |
Lower | 1 |
Multiplicity | 1 |
Name | Privilege Description |
Namespace | <<Entity>> <Class> Privilege |
Owner | <<Entity>> <Class> Privilege |
Qualified Name | T2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::Privilege Description |
Type | <Primitive Type> String |
Upper | 1 |
Visibility | Public |
Privilege Name
Public <Primitive Type> String Privilege Name
-
Name of the privilege.
-
Vincoli:
-
Proprietà:
-
Aggregation | None |
Class | <<Entity>> <Class> Privilege |
Is Composite | false |
Is Derived | false |
Is Derived Union | false |
Is Leaf | false |
Is Ordered | false |
Is Read Only | false |
Is Static | false |
Is Unique | true |
Lower | 1 |
Multiplicity | 1 |
Name | Privilege Name |
Namespace | <<Entity>> <Class> Privilege |
Owner | <<Entity>> <Class> Privilege |
Qualified Name | T2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::Privilege Name |
Type | <Primitive Type> String |
Upper | 1 |
Visibility | Public |
privilege Party
Private <<Entity>> <Class> Privilege Party privilege Party
-
Vincoli:
-
Proprietà:
-
Privilege Type
Public <Primitive Type> String Privilege Type
-
It specifies a classification for the privilege. The exhaustive list of possible values is as follows:• System, i.e. the associated function does not apply to a specific static data object type (e.g. a function to query the current phase of the settlement day).• Object, i.e. the associated function applies to a specific static data object type (e.g. a function to display securities account).
-
Vincoli:
-
Proprietà:
-
Aggregation | None |
Class | <<Entity>> <Class> Privilege |
Is Composite | false |
Is Derived | false |
Is Derived Union | false |
Is Leaf | false |
Is Ordered | false |
Is Read Only | false |
Is Static | false |
Is Unique | true |
Lower | 1 |
Multiplicity | 1 |
Name | Privilege Type |
Namespace | <<Entity>> <Class> Privilege |
Owner | <<Entity>> <Class> Privilege |
Qualified Name | T2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::Privilege Type |
Type | <Primitive Type> String |
Upper | 1 |
Visibility | Public |
| Users, Roles and Privileges Documentazione UML |