Databases Reference
In-Depth Information
Now suppose a new instance of the workflow is begun with StarCo as
customer again. The process of assignment and consistency checking would
be repeated. Eventually, there may be no one in role
R
B
who can perform
task
T
2
when the customer is StarCo due to constraint
C
5
. This is called a
depletion anomaly.
5 Delegation of Authority
Delegation is an important concept often applied in workflow systems to en-
sure that work can be completed even if the users/roles to perform a specific
task are not available. It is usually accomplished by a user (delegator) delegat-
ing a task to another user (delegatee). For example, managers may delegate
tasks to their subordinates either because they find themselves short on time,
because they want to give the subordinate more responsibility or want to train
the subordinate to perform the task.
In [3], the model proposed in [10] has been enhanced to allow delegation.
Specifically, the ability to delegate tasks to users, roles to users and roles to
roles were introduced. To handle interactions between delegations and work-
flow authorization constraints, consistency checking and task assignment were
enhanced as follows. First, when a delegation is requested, a static check is
performed to make sure there is no delegation cycle such that task assignment
would return to the delegator because of other delegations previous accepted.
A second static check is made to ensure that the delegation is not inconsis-
tent with authorization constraints when the delegation is to a specific person.
That is, no user obliged to perform a task should be allowed to delegate and
no user who is restricted from doing a task should be the recipient of a del-
egation of that task. At run-time, delegations are further evaluated to make
actual assignments when the delegation is of a role or to a role.
Because there is usually some reason for delegation, it should be possible
to delegate under certain conditions. Specifically, when delegating a task to
a user who is otherwise not authorized to perform the task, the following
conditions would help ensure that the user is only authorized when absolutely
necessary:
Temporal Delegation Conditions
- They allow a user to constraint
delegation of a task to a defined time interval. This allows the delegator
to set up a delegation to apply at some time in the future for some period
of time as specified in the condition. For example, a user might delegate a
task during the two hours when she is going to a meeting. Alternatively, a
user might delegate a task for the week he will be on vacation. The time
interval may also be period, such as every Wednesday.
•
•
Workload Delegation Conditions
- They allow a user to constrain
delegation of a task to a workload level. In other words, workload condi-
tions allow the delegator to define a delegation that will only take place
