[UC] Selective access to data

[hzbarcea]

As a [storage provider],
I need to maintain access policies,
So that I could provide data selectively to a requesting [entity].

Preconditions:

What conditions must be in place or assumed before this use case can begin?

Trigger:

What (user or system) event or action initiates this use case?

Actors:

Describe the primary actor, and any other relevant actors involved in this use case

Distinction:

What unique challenges or distinguishing factors (like technical issues, user experience needs, workflow integration, etc.) are associated with this use case?

Scenario:

Describe an ideal or happy-case scenario where this use case would play out as intended.

Alternative case(s):

What alternative flows or variations should the system handle for this use case?

Error scenario:

What unexpected issues or errors might arise, and how should the system handle them?

Acceptance Criteria:

What conditions or criteria must be met for this use case to be considered successfully handled? What limitations are acceptable?

References:

List any relevant resources or examples that could inform this use case, possibly from other domains or solutions.

[acoburn]

Some points that would be helpful to clarify:

By selective access, what is meant? Does this mean that client A can access resource X but not resource Y? Or does it mean that client A can access some subset of resource X while client B can access a different subset of the same resource?

What are the dimensions of access? Is this based on capabilities or attributes (e.g. agent possesses a token or credential that gives access)? Is it based on identity (e.g agent L has access but agent M does not)? Is it based on client application (e.g. "authorized party" A can access but not B). Is there a time based component to this (an agent access can access a document from time p until time q)?