Securing Accounts Based On Customer Class

Assume the following security requirement exists:

  • You have two broad groups of accounts:
  • Residential accounts.
  • Commercial / Industrial accounts.
  • Users can be classified as have one of the following access rights:
    • May access all accounts.
    • May only access residential accounts.
    • May only access commercial / industrial accounts.

The following diagram illustrates the access groups and data access roles required to implement these requirements:

This illustrates the access groups and data access roles required to implement these security requirements: two broad group accounts, residential accounts, commercial or industrial accounts, and user access rights.

Notice the following about the above:

  • There are 2 access groups because access to accounts is based on whether the account is considered to be residential or commercial/industrial.
  • The Big Customers data access role is only linked to the C&I access group.
  • The Small Customers data access role is only linked to the Residential access group.
  • The All Customers access role is linked to both the C&I and Residential access groups. Users with this role can therefore access all accounts.