Securing Accounts Based On Customer Class

Assume the following security requirement exists:

• You have two broad groups of accounts:
• Residential accounts.
• Commercial / Industrial accounts.
• Users can be classified as have one of the following access rights:
  • May access all accounts.
  • May only access residential accounts.
  • May only access commercial / industrial accounts.

The following diagram illustrates the access groups and data access roles required to implement these requirements:

Notice the following about the above:

• There are 2 access groups because access to accounts is based on whether the account is considered to be residential or commercial/industrial.
• The Big Customers data access role is only linked to the C&I access group.
• The Small Customers data access role is only linked to the Residential access group.
• The All Customers access role is linked to both the C&I and Residential access groups. Users with this role can therefore access all accounts.