A user of IBM Connections 4.5 must be member of the parent community before he/she can become member of a subcommunity.
Adding a member with role "owner" lets the new member be a Community owner (so that multiple users can be owner of a community).
I have found that adding a member to the parent community "as owner" will force ownership for all parent's subcommunities to this member (at least as far as this user is member of the subcommunity).
Why is that?
I asked the architects responsible for Communities.
There is a reason for this which is that that a Owner at a top-level,
means that the person has the full-lifecycle of operations available
to them, including setting owner on any subcommunity. Adding them to
the subcommunities automatically is so that there are no-orphaned
communities.
I hope this helps.
Related
Let's say that i have started making an use case diagram for tourist agency web application. So what bothering me is the thing that i am not sure should i make administrator role and connect him with other actors with the generalization because they share common behaviors.
For example, i have web-site visitor as a role, then i have registered one who can book hotels... Now i was thinking of putting the administrator role who would have permissions to do what ever he wants to do. So all i need is your advice and what you would do if you will ever have the similar problem.
Yes, you can do that. And it's a common pattern. An actor represents (plays) a role within the system under consideration. And if you find people acting with different roles you can apply a generalization. Especially if you generalize Administrator from User this says that the admin can do anything the user can do.
The admin is able to do everything the same as the user, AND see and modify the tickets that are not theirs. Normal users can only do all that on the tickets that they have created. Another difference is that the admin gets a list of all the tickets, while users get a list of their own tickets only (the "Show all tickets" extension). Those are the only differences between the user and the admin.
How do I represent the admin?
Adding another actor and connecting to all doesn't seem like a good idea.
Each of the ticket related use cases have a condition "User created the ticket.", simply adding "OR user is an admin" would pretty much do the job, but then it wouldn't be clear that the system has an admin. The problem is that the admin is basically a user with one additional permission.
While it isn't directly explained in UML specification, you can add another user admin, show generalization between actors where admin is a specialization of user and link UCs that can be performed by admin only to admin actor while UCs available to user (and admin) only to user actor.
A specialized actor has access (can run) all UCs of an actor it specializes plus its own UCs.
Such approach is suggested e.g. by Howard Podesva (see "UML for IT Business Analysts") and is compliant with UML specification.
Note also that the association between actor and Use Case shows only that the actor is somehow involved in UC. While in most cases it is initiation it doesn't have to be always the case.
Now both admin and user can do the same thing, but admin can have few extra use cases.
My web app consists of 2 databases (one programming and one data). People who are listed explicitly in the ACL can access the db after logging in. People in a group cannot.
Have never seen this before. What could possibly be causing this.
Check to see that the group is marked as a group in the top right of the ACL. If it is, also check that the group name is in the address book.
Could anyone please tell me the best approach to resolve the user privilege set if a user is a member of multiple groups that grant non-orthogonal sets of privileges? In the world of authorization, how do we usually deal with the issue (taking the least privilege set, or taking the maximum privilege set, or somewhere in the middle, etc.)?
I'm not exactly sure of the context of your question but I'll try to answer in general. When you have a user who is part of multiple orthogonal groups you:
Use RBAC and assign the user to multiple roles. This would be giving the user the union/maximum privilege set.
Give the user multiple accounts, one per group. For example, you could have the users alex_student and alex_teacher if the student Alex also teaches.
Give the user a minimal set of privileges and allow them to temporarily change them. Something like sudo that works for non-overlapping privileges.
First of all thanks for your input on this issue. I am fairly new in Domain Driven Design and banging my head around for solution to some issues (I think they are very basic, I am surely missing something).
Let me first describe my domain a bit. I am trying to model a typical school, which can have classrooms, each classroom can have multiple section/groups and students within each classroom group.
Users are mainly school administrator and teacher. School administrator can create classroom, teacher and student whereas teacher can create only group and assign students to a group.
School has global identity, but the classroom does not have. Classroom has local identity when it is part of the School Entity. Classroom group is unique only within classroom.
School is definitely an Aggregate root with Classroom aggregate inside and is responsible for creating, deleting, updating classroom.
Should we create a different aggregate root for Classroom and classroom groups (which I think not right as they don't have global identities within the domain).
Do we create separate repository for each of them?
Should we handle creation/update of classroom, classroom group at the service level?
We need to cache the data and Event sourcing seems to be a good idea to maintain state in synch. Do you see any issue with this?
Any help will be greatly appreciated.
I think you should create a Classroom aggregate root. You will probably list classrooms in some reports, will you?
Only for aggregate roots. Children of roots are fetched by parent aggregate root repository.
No. If you use Entity Framework, it's enough for you to add a Classroom group inside Class object List. EF should take care of the rest. Beware of deletions though!
If you're talking about http://martinfowler.com/eaaDev/EventSourcing.html, isn't it just a way to track changes?