Brief Description
In some cases, access to a system is automatically granted based on entitlements (if you are a student, you are automatically authorized for email) or based on a pre-defined role assignment (all employees in the Administrative Assistant I classification are authorized as purchasers in the procurement system).
Other cases require specific access request and approval workflow before an authorization is granted. Typically a user or sponsor will initiate an access request, provide some basic information, the account will be routed through an approval process, and the authorization will be provisioned to the appropriate authorization store.
Generic Functional Requirements
- Must have tools for mapping business workflow into web-based process, preferably using standard Business Process Modelling and Notation (BPMN)
- Ability to integrate with external data sources to pull information related to the request, eg display a list of academic departments to choose from which will set limits to the authorization granted (user will only be able to act on records in chosen departments)
- Base UI design should be visually appealing and intutitive
- UI elements should be easy to customize
- Must be able to accept and process access requests individually or in batches (multiple, simultaneous access requests)
- Standard process modelling should include typical players involved in access requests - user, manager, sponsor, administrative approver, etc., as well as allow for additional business functions as required for any specific integration
Use Cases
Access Request to Student Enterprise Data Warehouse
- Request can be initiated by user or manager
- System checks directory service to identify existing users
- For each request, user chooses a business role (option list is pulled from an external source) and academic department (option list is pulled from an external source)
- System conducts external webservice calls to verify user has required training
- Requests routed through two approval processes - manager and administrative approval
- Managers can add new authorizations to a users request and can approve or reject authorizations requested
- Administrators cannot modify the authorizations requested, and can only approve or reject authorizations
- Notifications are required at each step of the workflow
- All activity associated with the workflow must be logged and auditable.
Standards Support and Integration Considerations
Workflow should use established, open standards than can be readily integrated with other systems.
Key Design Considerations
- How does the tool facilitate standard business process modelling, that is, intuitive screens to represent workflow which is then translated into code which supports a web-based workflow