Securing Accounts Based On Customer Class
Assume the following security requirement exists:
- You have two broad groups of accounts:
- Residential accounts.
- Commercial / Industrial accounts.
- Users can be classified as have one of the following access rights:
- May access all accounts.
- May only access residential accounts.
- May only access commercial / industrial accounts.
The following diagram illustrates the access groups and data access roles required to implement these requirements:
Notice the following about the above:
- There are 2 access groups because access to accounts is based on whether the account is considered to be residential or commercial/industrial.
- The Big Customers data access role is only linked to the C&I access group.
- The Small Customers data access role is only linked to the Residential access group.
- The All Customers access role is linked to both the C&I and Residential access groups. Users with this role can therefore access all accounts.