How to represent permissions in UML use case diagram - uml

In my application each user can create his own system and add team members to it. Each team member in scope of a system has a certain set of permissions, basing on which system decides if team member can access the functionality.
Some examples are:
Access to analytics board
Access to system configuration utility
Access to team management utility
Access to service handling utility
Each team member can have assigned any combination of these permissions.
I'd like to create an UML use case diagram, but i don't know how to represent use cases which are restricted only to team members that are allowed to use them.

Representing permission is like breaking the generalisation os UML use-case diagrams. You need to write them down in your use case scenario and for UML you can have separate section wise representation.

I don't think that use case diagram is sufficient for your requirements. You are talking about a user who has set of permissions. These permission are variable in time. It doesn’t depend on position (what’s more, we are not talking about being a deputy for a boss who just left for holiday).
In this case I always prepare use case such as Manage Permission and an actor is always a user. Then I make a class diagram where the user/permission model is. Then you have several possibilities how to work with permissions:
In every scenario the first step should be checking the permission to
do this steps.
Every use case has a preconditions related to
permissions.
…
Check the diagram where the simplest example is.

In the model part, I use actors inheritance to model right. For example, the
most simple actor is "user" and it is linked to use case "login" only, it gets the minimum right.
Others actors inherit from it. Like that they all have the right to connect to the system.
The most powerful actor, let say Administrator, inherits from all actors like that it gets all rights.
After you can not translate this in code automatically ... :)

Related

How to properly draw Use case diagrams with access restrictions?

The system has 3 types of users : system admin, company user and supplier user. One of the system functionalities is to manage a list of unit costs for some actions. I am trying to draw a UML use case of this specific functionality but I don't really know if I am doing it properly.
Only the system admin and the company user can access this functionality, is it right to specify that like in the picture below?
Is there something wrong or mistake in this use case?

Use Case / UML scenario for App and an external system

I am currently working on the use cases for a car sharing app.
The simple diagram for the process of registration looks like this:
At the moment I am stuck with the following scenarios.
When a new customer is registered, a process is carried out at the head office (central)in which the following points are checked
Scenario 1 - Head office side:
1. The identity of new customers is carried out externally with
the post. Two possibilities: presenting the identity card at a post office branchor carrying out by video.
2. The verification of the customer's bank details is carried out externally with the bank.
3.The system will verify that the contact details (email address) are correct
4.the consent to the GTC has been obtained
My sketch for the confirmation process looks like this:
How do I show that the system verifies that the contact details (email address) is correct ? How do I show that consent to the GTC has been given ?
Scenario 2 - Customer's side: A customer can view and edit the information of his registration.
1.Edit profile data
2.Edit contact information
3.Edit bank details.
If information is changed during editing, verification must be carried out again by the head office.
What would the two use case diagrams look like ?
One or two apps?
(Posted before diagrams were added to the question)
Nothing in the narrative says that you need two systems. It's too early to decide about system architecture. You could have the following variants, each with pros and cons:
one and the same system (e.g. post office and customer access it via the web);
one and the same system that is accessible using different components on different devices (e.g. a rich client in the post office, a web interface for the customer on her mac/PC and a mobile app for a customer when using a smartphone);
several independent systems (e.g. a back office in the post-office, and an independent app that would connect not only to the back office, but also to other back-end services e.g. from other companies).
But how do you want to decide before first knowing what is needed and how the needs are related?
First, you have to understand the big picture of what's needed. Focus on the users not on the inner details of your solutions, as explained in the UML specifications:
UseCases are a means to capture the requirements of systems, i.e., what systems are supposed to do. (...)
a UseCase (...) specifies a set of behaviors (...), which yields an observable result that is of value for Actors or other stakeholders (...)
(...) without reference to its internal structure
Look into your narrative to find actors (people, organisation, responsibilities), their goals (what do they need to do?) and how they could relate to each other. Just try a first sketch.
Your current model
(Posted after the diagrams were added)
I still see no reason to go for 2 distinct systems. You are working on a solution for car sharing. It may have different sub-systems/components, but the actors do not care. And neither does your customer. But:
If you'd go for two independent systems, you'd draw two disginct diagrams, and in each diagram you'd have an actor representing the other system that interacts with the system under consideration. As said, this makes sense only if it's an independent system.
In your case, I could imagine this for the bank account verification and the video identity verification: unless you intend to develop your own super-secured AI component capable of doing this, you'd probably outsource this to a specialized company, that may offer this service via an automated API.
The identify verification is at a different level of details than the other use-cases. You may want to show it in a separate diagram, in order not to pollute the main diagram.
And lastly, your second diagram has some issues:
the arrows of extend and include should not following the same direction: the target of an include is the included use case whereas the target of the extend arrow should be the use case that is extended (and not the use case that is extending the normal use case as you have shown).
ID correct and Bank correct are states. Use cases do not show states. The end-state can be specified in the description of the use-case but not in the use-case diagram.
Post office, Bank account, Video seem to be use-cases, but they are not well described.
A possible diagram could therefore be:
Note: I'd personally prefer specialization of Ensure identity. This corresponds more to the reality that there are two very distinct behaviors. But extension is ok.
Just to stress this fact: you do NOT describe a scenario with use cases. A use case is "just" to show the added value a system under consideration delivers to one of its actors. What you are asking is functional decomposition and that's just plain wrong. You would describe a scenario with an activity diagram (or as plain text like in the Cockburn way).

UML-actors in the use case

Let's say that i have started making an use case diagram for tourist agency web application. So what bothering me is the thing that i am not sure should i make administrator role and connect him with other actors with the generalization because they share common behaviors.
For example, i have web-site visitor as a role, then i have registered one who can book hotels... Now i was thinking of putting the administrator role who would have permissions to do what ever he wants to do. So all i need is your advice and what you would do if you will ever have the similar problem.
Yes, you can do that. And it's a common pattern. An actor represents (plays) a role within the system under consideration. And if you find people acting with different roles you can apply a generalization. Especially if you generalize Administrator from User this says that the admin can do anything the user can do.

Are the roles and functions on UML use case diagram aligned correctly?

I have created a use case diagram for site similar to oDesk.
Site description: the place, where freelancers can find suitable jobs accordingly to their skills and pricing demands and where employers/clients can find suitable freelancers for their job postings with necessary skills and for stated price.
The goal of the site owner is: get income, by means of taking 10% fee from every payment made from employer/client to freelancer.
Have a look at the link below. Will be happy to hear any comments and advices!
I'm new here, but this question looks suitable for Business Analysts. This diagram does make sense. From my point of view, i would have added a "user" role (generalization of "employer" and "freelancer)". And aligned functions similar to "freelancer" and "employer" with "user" role.
From use full functionality point of view (it is what UseCase defines) your diagram is almost perfect. BUT, remove login usecase (it is not service..no body use system to login. Login is precondition for accessing security website functionality). Separate profile manage, block profile and other administration services (usecase) from the rest and build new diagram for them. There are mix of incompatible use cases at the same place.
Your "Make Payment" use case is off. You have it so that only the Employer doesn't make payments to anyone except possibly himself. Consider making the two types of payment into specializations of Make Payment (remove all the extends and includes except from the Make Payment to the Process Transaction), associating the Employer with the main use case, and associating the Site Owner and Freelancer each with the appropriate specialized use case.
Also, as Vladimir says, you might consider splitting this up into multiple diagrams.

Use Case Diagram with Database and Web Servers

I'm finding it hard to get around my head how the specific scenario would work out:
I have a database server, a web server and a user.
When the user registers a service is created to the web server, the web server then goes to the database server and returns to the web server to register the details.
How would I actually illustrate this.
I have created the three Actors; User, Web Server, Database Server.
As a note I have read many online resources, and also a Book on UML.
Thanks in advance.
Are the DB/web servers part of the system you're implementing? If so you don't need them as Actors. UC Diagrams should only show actors outwith the scope of your system.
So you only need one Actor (User) in this case. The Use Case should describe the goal from the User's perspective (e.g. "Buy a Widget").
You could show the servers in a diagram showing how the UC is realised - usually a sequence diagram or activity diagram. Although I'd typically expect to see logical entities (classes) as well / instead of the physical servers.
hth.
I agree with maple_shaft's last statement. A high-level UC (use case) is a vehicle for capturing requirements.
Req'ts are the "what" of a system. What is the system supposed to do. What does the user need to accomplish. What interaction does the user need from the system.
By capturing system components in your UC you are injecting "how" into it and that's inappropriate for a UC. You don't want your use case to say how the system will accomplish something as that's an implemenation decision.
In short, I disagree that you really want to create a Use Case diagram. This sounds more like a component diagram.
Use case diagrams should represent user flow and non-technical flow from a user perspective, not demonstrate underlying architectural structure.

Resources