There is a distinct workflow to planning and implementing a role-based security
model.
Designing the Security Hierarchy
- Identify the various authorized tasks to be performed by users.
Group closely related tasks. Groupings can be based on any organizational
structure—departmental, functional, and so on. You can create a role hierarchy
that matches the organizational hierarchy. Assign a name to each grouping. These
groupings represent the roles you create.
- Identify the system privileges and
object-level privileges required to perform each authorized
task identified.
- Identify the users to perform the various
authorized tasks. Associate them with the applicable roles or with identified
individual tasks.
- (Optional) Identify administers for the roles you create.
Administrators can grant and revoke the role to other users.
- (Optional) Identify administrators for the system privileges and
object-level privileges that are not part of the roles you create.
Build the Security Hierarchy
- Create the required roles. See Roles.
- To each role, grant the system privileges. See
Roles and Privileges.
- Create the users. See Users.
- Grant applicable roles to each user, including administrative
rights where applicable. See Roles.
- Grant applicable object-level and system privileges to users
(not already indirectly granted though roles), including administrative rights
where applicable. See Privileges.