Database Reference
In-Depth Information
With more complex models, it sometimes makes sense to work in the opposite direction.
You can do this by first drawing a diagram showing examples of all the different kinds of
things in your system as nodes, then drawing arrows showing all the different kinds of re-
lationships between them. Once you start seeing repeated patterns, you can pull those out
into smaller graph fragments.
2.1.2. Modeling with diagrams: a complex example
Let's take a much more varied example, and see how it can be broken down into smaller
patterns. In a large organization, users are given permissions to access different systems
based on who they are, what roles they hold, and which groups they belong to. Here are
examples of ways in which a user might have a permission.
•
Directly
—You have permission to access the files in your own personal folder on
the shared filesystem.
•
Based on a role
—As a database administrator, you have permission to connect to
the database-monitoring console.
•
Based on a group membership
—As a member of the group Sales and Marketing
Team, you have permission to access the Contact Management System.
•
Based on the assignment of a role to all members of a group
—As a member of
the group Developers, all of whom have the role Source Control Committer, you
have permissions to check code out of the source repository and commit changes
back in.
Figure 2.4
is an unconnected graph showing the entities in an access control system that
enforces these permissions.
