Logical 11130 - Worker - Access Control View

Subject Area Concepts

The Logical 11130 - Worker - Access Control View subject area contains the entities that associate a Worker to a set of access privileges.  The linkage is accomplished through the WorkerOperatorAssignment entity which assigns a worker (worker is a subtype of PartyRoleAssignment and references a Person subtype of Party) to an Operator. Operator is a unique access entity that is tied to a Resource through the OperatorResourceAccess entity.  This relationship path ties a worker to a resource.

An Operator may also be associated to a WorkGroup through the OperatorGroup associative entity type. WorkGroup entities may be granted access to Resource entities through GroupResourceAccess associative entities.  This enables operators to be organized around common functions which share access privileges.  The WorkGroup and GroupResourceAccess are analogous to "roles" in most role-based access control schemes.  In ARTS the term role is avoided because it is used as part of classifying PartyRoleAssignments. (See the Party topic.)

In addition to controlling access through Operator, OperatorGroup and WorkGroup entities, access may be qualified by WorkStationGroup.  In this scenario the resources and access level are limited based on a Workstation entity association with a WorkStationGroup and an associated WorkstationResourceAccess entity.  A typical example of this is the assignment of elevated access privileges to customer service workstations and a more limited set to checkout workstations.

Worker/operator and workstation based access control schemes may be combined to refine and tightly control who has access to specific resources and where they can access those resources.