Defining User Access Properties and Relationships

The following types of data compose a user’s security configuration:

Business Domain(s): Property that enables an Oracle client to model client data along operational business lines and practices.
Jurisdiction(s): Property that enables an Oracle client to model client data across such attributes as geographic location, type, or category of a business entity.
Organization(s): Department or organization to which an individual user belongs.
Role(s): Permissions or authorizations assigned to a user in the system (such as Behavior Detection Framework OFSECM administrator or Auditor).
Scenario Group(s): Group of scenarios that identify a set of scenario permissions and to which a user has access rights.

The following figure shows the user authorization model.

Figure C-1 User Authorization Model

Table C-2 Relationships between Data Points

Data Point	Relationship
Organization	Root of a client’s organization hierarchy Associated with 0..n users as a line organization Associated with 0..n users for view access to the organization Associated with 1..n Business Domains Associated with 1..n Scenario Groups Associated with1..n Case Type/Subtypes Associated with 1..n Jurisdictions Has no direct relationship with a Role
Role	Associated with 0..n Users Has no direct relationship with an Organization
User	Associated with 1..n Business Domains Associated with 1..n Jurisdictions Associated with 1..n Roles Associated with 1..n Scenario Groups Associated with1..n Case Type/Subtypes Associated with 1..n Organizations (as members) Associated with one Organization (as mantasLineOrgMember)
Users (Admin Tools)	Should be mapped only to mantas Admin Role.
Scenario Group	Associated to 0..n users Associated with Scenarios referenced in KDD_SCNRO table.
Business Domains	Associated to 0..n users Business domain key must be in the KDD_BUS_DMN table
Jurisdiction	Associated to 0..n users Jurisdiction key must exist in the KDD_JRSDCNtable

C.3 Defining User Access Properties and Relationships