...
Requirement ID | Requirement Source | Requirement Description | KIM | Grouper |
---|---|---|---|---|
ROL_0100 | PSU | The roles system shall provide a facility for the management of roles. | Y | Y |
ROL_0110 | PSU | The roles system shall support three types of roles: basic, assigner (assigns users to roles) and stewards (assigns assigners to roles). | Y | Y |
ROL_0120 | PSU | The roles system shall provide an API and/or Web Services to access its facility. | Y | Y |
ROL_0130 | PSU | The roles system shall support the creation, modification and deletion of roles. | Y | Y |
ROL_0140 | PSU | The roles system shall support effective and expiration dates for a role. | Y | Y |
ROL_0150 | PSU | The roles system shall support permissions and/or limits associated with a role. | Y | Y |
ROL_0160 | PSU | The roles system shall support the publishing of role information to other sources, for example LDAP. | N | ? (ask Jimmy) |
ROL_0170 | PSU | The roles system shall support the concept of a role proxy where a person is given access for a limited period of time. | Y | Y |
ROL_0180 | PSU | The roles system shall support a hierarchy of roles, which enables the reuse of roles. | Y | Y |
ROL_0190 | Kuali | Roles aggregate Permissions | Y | Y |
ROL_0200 | Kuali | Roles are not limited to a single Namespace and can span across them (i.e. a Role can allow for actions in Namespace A and Namespace B) | Y | Y |
ROL_0210 | Kuali | Roles are tied to Principals or Entities or Groups, and any Principals or Entitites or Group with a certain Role has the ability to perform the actions designated as Permissions that are associated with a Role | Y | Y |
ROL_0220 | Kuali | A Role must be able to be scoped or qualified such that one can apply it to a specific context (eg, Fiscal Officer Role scoped to Account XYZ) | Y | Y |
ROL_0240 | Kuali | A Qualified Role must be configurable at runtime and maintained with the ability for workflow approvals | Y | N |
Permission Requirements
Requirement ID | Requirement Source | Requirement Description | KIM | Grouper |
---|---|---|---|---|
PERM_0100 | Kuali | Permissions represent fine grained actions that a Person or Group can perform in a system (i.e. canEdit, canSave, etc) | Y |
|
PERM_0110 | Kuali | Permissions are scoped to a Namespace and cannot cross Namespaces | Y |
|
PERM_0120 | Kuali | Permissions can be given to many different Roles | Y |
|
...