Navigation

Use Case 13 - User AuthorizationΒΆ

Revisions
View document revision history.
Goal
Determine if a user is authorized to perform some action on an object (e.g. get, put, query, delete, ...).

Summary

User authorization is the process followed to determine if the authenticated user is permitted to perform some operation. The result will always be True or False.

Note: Need to define which objects require access control / authorization

Actors
  • User
  • Client application
  • Member Node
  • Coordinating Node
Preconditions
  • User is at some level of authentication (may be anonymous or logged in)
Triggers
  • User is requesting some operation to be performed on an object
  • An operation acting as a proxy for a user performs some operation on an object
Post Conditions
  • The operation continues if the user is authorized or terminates raising an unauthorized exception.
../../_images/13_seq.png

Figure 1. Interactions for use case 13.

Related Topics

© Copyright 2009-2014, DataONE. [ Page Source | Revision History ]  

This material is based upon work supported by the National Science Foundation under Grant Number 083094. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.