Versions Compared

Version Old Version 12 New Version 13
Changes made by

Jim Wilson

Jim Wilson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Origin

This is Jim Wilson's idea on multi-tenant support in Score.

...

Info

In this section, “Score” refers to multi-tenant Score instances.

  1. This design only affects BIE access. This design would not apply to CC access.

  2. Score will use Auth0 for authentication and authorization.

    1. Out of the box, Auth0 supports

      1. Managing users

      2. Managing roles

      3. Managing user-role relationships

  3. Only administrators may manage business contexts in Score.

  4. Each business context may have zero-to-many roles associated with it (managed only by administrators). See Figure 3.

    1. There are many ways to design the UI to show roles associated with a business context and to add/delete them. Figure 3 is just one example.

    2. The built-in roles will be supported (end user, developer, admin) as Score_End_User, Score_Developer, and Admin.

    3. Tenant roles will begin with Score_Tenant_ followed by a short name. E.g., Score_Tenant_AgGateway.

  5. A user may only access BIEs associated with business contexts that are associated with one of the user’s roles.

...

Logical process for determining what BIEs to show in the BIE list

See https://oagiscore.net/profile_bie.

  • For each BIE

    • For each of the BIE’s business contexts

      • For each of the business context’s roles

        • Is the user in that role?

          • Yes: Show the BIE in the list.

          • No: Don’t show the BIE in the list

Concrete example

Roles

  1. Admin

  2. Developer

  3. End User

  4. AgGateway (tenant)

  5. ACME Brick (tenant)

  6. HR Open Standards (tenant)

Business Contexts

  1. Human Resources

  2. Agriculture

  3. Construction

  4. Entertainment

Users

  1. Bob

  2. Mary

  3. Amy

  4. Roy

  5. Matt

  6. Tess

  7. Ross

BIEs - Business Contexts

…………………….→ Business Context →
↓ BIE ↓

Human Resources

Agriculture

Construction

Entertainment

Notes

ProcessPurchaseOrder (instance #1)

(tick)

ProcessPurchaseOrder (instance #2)

(tick)

NotifyShipment (instance #1)

(tick)

(tick)

NotifyWIPStatus (instance #1)

(tick)

NotifyWIPStatus (instance #2)

(tick)

Users - Roles

….→ Role →
↓ User ↓

HR Open Standards

ACME Brick

AgGateway

End User

Developer

Admin

Notes

Bob

(tick)

Mary

(tick)

Amy

(tick)

Roy

(tick)

(tick)

Matt

(tick)

Tess

(tick)

Ross

(tick)

(tick)

(tick)

Business Contexts - Roles

……………….→ Role →
↓ Business Context ↓

HR Open Standards

ACME Brick

AgGateway

End User

Developer

Admin

Notes

Human Resources

(tick)

Agriculture

(tick)

Construction

(tick)

Entertainment

BIE Visibility to Users

This table would be computed based on the values in the tables above.

……………………………….……….→ User →
↓ BIE ↓

Bob

Mary

Amy

Roy

Matt

Tess

Ross

Notes

ProcessPurchaseOrder (instance #1)

(tick)

(tick)

(tick)

ProcessPurchaseOrder (instance #2)

(tick)

(tick)

(tick)

NotifyShipment (instance #1)

(tick)

(tick)

(tick)

(tick)

NotifyWIPStatus (instance #1)

(tick)

(tick)

(tick)

NotifyWIPStatus (instance #2)

(tick)

(tick)

(tick)

  • Mary can access all BIEs because she is in the Admin role. Administrator can see everything.

  • Matt can only access BIEs in a business context associated with the ACME Brick role.

  • Tess can only access BIEs in a business context associated with the AgGateway role.

  • Ross can only access BIEs in a business context associated with the ACME Brick role or the AgGateway role, which in this example computes to be all of them.