Skip to content

[UC] Access delegation by autonomous groups/organizations #104

New issue
New issue
Open
Open
[UC] Access delegation by autonomous groups/organizations#104
Labels
triageIssues needing triageusecaseLWS Use Case
@elf-pavlik

Description

@elf-pavlik
elf-pavlik
opened on Jan 15, 2025

As an autonomous group,
I want to delegate access that the group has received to group members based on internal group policies,
So that the group can self-organize how it exercises the granted access.

Preconditions:

What conditions must be in place or assumed before this use case can begin?

There are autonomous actors, which can be People/Individuals or Groups/Organizations/Collectives

Trigger:

What (user or system) event or action initiates this use case?

Some Resource Owner grants specific access to some group actors.

Actors:

Describe the primary actor, and any other relevant actors involved in this use case

  • YoYo - the Resource Owner, a group but could also be an individual
  • ACME - access grantee - an autonomous group
  • Alice - has an officer role in ACME
  • Bob - has an analyst role in ACME
  • Dyno - another autonomous group

Distinction:

What unique challenges or distinguishing factors (like technical issues, user experience needs, workflow integration, etc.) are associated with this use case?

Each group self-organizes independently of any other group

Scenario:

Describe an ideal or happy-case scenario where this use case would play out as intended.

  • YoYo grants access to ACME, specifically read-write access to specific projects X, Y, Z, and all the related tasks
  • ACME delegates read-write access to X and Y to Alice
  • ACME delegates read-only access to X and Z to Bob
  • ACME can do that delegation independently from YoYo
  • When YoYo revokes ACME's access, Alice and Bob automatically lose the access delegated to them

Alternative case(s):

What alternative flows or variations should the system handle for this use case?

Delegation can be chained further

  • ACME delegates access to another group like Dyno
  • Dyno delegates it to its members Eve and Charlie

Error scenario:

What unexpected issues or errors might arise, and how should the system handle them?

Acceptance Criteria:

What conditions or criteria must be met for this use case to be considered successfully handled? What limitations are acceptable?

  • ACME must be able to delegate access independently from YoYo
  • ACME can't change any other access granted to someone else by YoYo

References:

List any relevant resources or examples that could inform this use case, possibly from other domains or solutions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    triageIssues needing triageusecaseLWS Use Case

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions