Data Access Rights-Use Cases

This page has moved, please click here to continue Data Access Rights-Use Cases

PIMS SRS > Use Case Suite > Data Access Rights Use Cases

Release Information

Project:	PIMS
Internal Release Number:	0.1
Related Documents:	Project proposal > User needs Feature set Use case format Data Access Rights Metrics Use case diagram

Default Aspects of All Use Cases

Direct Actors:	User: end-user in any role System: The PIMS system being built Admin: Web-site administrator, has authority to perform security-critical operations. Scientist: Post-graduate or post-doctoral wet lab scientist Senior Scientist: Post-doctoral scientist Group leader: someone with authority to add users to a group, usually a senior scientist. Technician: Technical staff Experimenter: Scientist, or technician sometimes PI PI: head of lab When actors are not listed, assume User is doing it. Items beginning with "see" indicate that System has presented a new screen.
Stakeholders:	Project Owners and other members
Prereq:	User is logged in except for UC-Log in

TIP: See detailed tips in the guidelines for writing use cases.

Use cases

Target management

UC-Add new target
UC-Edit target
UC-View target status
UC-Add details of a citation to a target
UC-Find citations relating to a target

Bioinformatics

UC-Target selection
UC-BLAST sequence
UC-Genomic DNA available
UC-cDNA available
UC-Is target registered
UC-Align sequences
UC-Predict TM helices
UC-Design primers
UC-Order primers

Sample Tracking

UC-Create sample
UC-Edit sample
UC-Track sample
UC-Sample discard
UC-Move sample
UC-Generate barcode
UC-Scan barcode
UC-View current experiment outputs
UC-View location

Reagent management

UC-Add reagent
UC-Edit reagent
UC-New container
UC-View reagents

Experiment/Protocol management

UC-Create protocol
UC-Edit protocol
UC-View protocol
UC-New experiment
UC-Update experiment
UC-Add next experiment
UC-Remove experiment
UC-Create screening solutions
UC-New crystalization plate
UC-View experiment
UC-New multi-well experiment
UC-Screen conditions

Project management

UC-Create project
UC-Add target to project
UC-Add user to project

Logging in and out

UC-Log in
UC-Log out

User account management

UC-Reg new user
UC-New passwd
UC-Edit profile
UC-View profile

Data Access Rights management

UC-new-owner
UC-new-group
UC-add-user
UC-remove-user
UC-add-permission
UC-remove-permission
UC-add-create
UC-remove-create
UC-new-condition
UC-set-condition

Reporting

UC-Print protocol
UC-Print experiment
UC-Audit trail

Interfacing to laboratory instruments

UC-Robot-input
UC-Robot-input-series
UC-Robot-control
UC-Robot-generate
UC-Robot-convert

Data mining and visualisation

Installation and upgrading

UC-Config site
UC-Submit form

Mobile data collection

Workflow tools

Scheduling

UC-new-owner: Create new data owner

Summary:	The administrator can add new entries to the "Owner" table. These represent the ownership of the information in PIMS. An owner object might represent a particular project, or a particular external activity. Every object in the database has a link to an Acccess object, and the rules about which users can view or change it are expressed by a relation between owner objects and user groups.
Importance:	Essential
Priority:	Essential
Use Frequency:	Rarely
Direct Actors:	Administrator
Main Success Scenario:	The request specifies the name and description of the new access entry. The owner entry is created.
Alternative 1a Scenario Extensions:	The request is not from an administrator, an error message is shown and logged.
Alternative 1b Scenario Extensions:	An owner entry already exists with that name The request is rejected.

UC-new-group: Create new User Group

Summary:	The right to access information in PIMS is set not for individual users, but for groups. One user can be in several groups. A group may represent a the people working on a particular project, or people who carry out a particular activity in the lab. Only the administrator can create new groups.
Importance:	Essential
Priority:	Essential
Use Frequency:	Rarely
Direct Actors:	Administrator
Main Success Scenario:	The request specifies the name and description of the group. The group is created.
Alternative 1a Scenario Extensions:	The request is not from an administrator, an error message is shown and logged.
Alternative 1b Scenario Extensions:	A group already exists with that name The request is rejected.

UC-add-user: Add user to user group

Summary:	A group of users all have common access rights to some of the information in PIMS. When for example someone joins a project, it is necessary to be able to add them to one or more groups.
Importance:	Essential
Priority:	Essential
Use Frequency:	Sometimes
Direct Actors:	Administrator or group leader
Main Success Scenario:	The request specified a user name and group name. The user is added to the group.
Alternative 1a Scenario Extensions:	The request is not from an administrator or group leader an error message is shown and logged.
Variations	The new user may be added as a group leader, so they have the power to add others to the group
Notes and Questions	This approach depends on all user names being visible to all group leaders. We will have to warn administrators not to include confidential information in a user name. e.g. the name of an external client company.

UC-remove-user: Remove a user from a User Group

Summary:	Removing a user from a group ends some of their rights to access information in PIMS.
Importance:	Expected
Priority:	Desired
Use Frequency:	Rarely
Direct Actors:	Administrator or group leader
Main Success Scenario:	The request names the user and the group. The user is removed from the group.
Alternative 1a Scenario Extensions:	The request is not from an administrator or leader of the group an error message is shown and logged.
Alternative 1b Scenario Extensions:	The user was not in the group a warning is shown.

UC-add-permission: Allow users in a specific group rights over objects owned by a specific owner

Summary:	This operation is at the heart of the access control system. When new lab activities are planned, the administrator will create suitable user groups and owner table entries, then use this operation to e.g. give some users read access to the new data and give other users the right to edit it.
Importance:	Essential
Priority:	Essential
Use Frequency:	Rarely
Direct Actors:	Administrator
Prereq:	User group and owner entries exist.
Main Success Scenario:	The request specifies a user group, an owner entry, and whether read, update, and delete should be permitted. The appropriate record is created.
Alternative 1a Scenario Extensions:	The request is not from an administrator or leader of the group an error message is shown and logged.
Variations	Instead of creating a new permission record, the request may edit an existing one.
Notes and Questions	The implementation may overlap with UC-remove-permission.

UC-remove-permission: Deny users in a specific group rights over a objects owned by a specific owner

Summary:	See UC-add-permission above. This operation will be needed if a mistake has been made while adding permissions.
Importance:	Expected
Priority:	Desired
Use Frequency:	Rarely
Direct Actors:	Administrator
Prereq:	A permission already exists.
Main Success Scenario:	The request specifies a user group, an owner, and whether read, update, and delete should be permitted. The appropriate record is created.
Alternative 1a Scenario Extensions:	The request is not from an administrator or leader of the group an error message is shown and logged.
Notes and Questions	The implementation may overlap with UC-add-permission. Additional test cases may not be needed.

UC-add-create: Allow users in a specific group to create objects with a specific owner

Summary:	When a user creates a new entry in PIMS, an appropriate owner must be chosen for it. This use case allows the administrator to define which owner entries are available to who.
Importance:	Essential
Priority:	Essential
Use Frequency:	Rarely
Direct Actors:	Administrator
Prereq:	The owner entry and user group must exist.
Main Success Scenario:	The request specifies a PIMS data type, an owner entry, and a user group. A record of the creation permission is created.
Alternative 1a Scenario Extensions:	The request is not from an administrator or leader of the group an error message is shown and logged.
Alternative 1b Scenario Extensions:	Data type, owner entry, or user group is unknown an error message is shown
Notes and Questions	This is still under discussion - there may be a better way to do it using parent objects.

UC-remove-create: Deny users in a specific group the right to create objects with a specific owner

Summary:	See UC-add-create above. This operation will be needed if a mistake has been made while adding creation permissions.
Importance:	Expected
Priority:	Desired
Use Frequency:	Rarely
Direct Actors:	Administrator
Prereq:	The creation permission specified exists
Main Success Scenario:	The request specified the creation permission table entry. It is deleted
Alternative 1a Scenario Extensions:	The request is not from an administrator or leader of the group an error message is shown and logged.
Alternative 1b Scenario Extensions:	Data type, owner, or user group is unknown an error message is shown
Notes and Questions	If a different approach is taken to making creation permissions, this will need changing too.

UC-name: USE CASE NAME

Summary:	1-3 SENTENCES
Importance:	Essential \| Expected \| Desired \| Optional
Priority:	Essential \| Expected \| Desired \| Optional
Use Frequency:	Always \| Often \| Sometimes \| Rarely \| Once
Direct Actors:	ACTOR1, ACTOR2, ACTOR3
Prereq:	PRECONDITION
Main Success Scenario:	STEP STEP STEP
Alternative "index" Scenario Extensions:	BRANCH CONDITION ALTERNATIVE STEP ALTERNATIVE STEP ALTERNATIVE STEP
Variations

TODO: Check for words of wisdom and discuss ways to improve this template.

Company Proprietary

Copyright © 2003-2004 Jason Robbins. All rights reserved. License terms. Retain this copyright statement whenever this file is used as a template.