These complex systems require a special study. Design of role-based access plans is carried out using computer software. This type of a role based access system with interference is frequently used in the field of hospitality or in industry.
For example, think of a facility with 11 doors:
The boss who has a general pass key can open all of them.
Each of the 2 sales managers, each having one’s own office, manage by 4 salesmen who in turn have their offices.
The Northern region sales manager can open with his key his own office and the Northern region salesmen’s offices, but not the office of the boss nor those of the Southern region salesmen nor that of the Southern region sales manager, with the exception of 2 salesmen of the Southern region with whom he works on particular accounts.
The Southern region sales manager can open with his key his own office and the Southern region salesmen’s offices, but not the office of the boss nor those of the Northern region salesmen and their sales manager, with the exception of one salesman of the Northern region with whom he works on a particular account where they are experts and need to have regular exchange.
Each salesman can only open one’s own office, with the exception of the southern salesman, who works with the Northern sales manager, who can open one’s own office and the office of the Northern region sales manager.
NOTE:
The general pass – partial passes role based access system (with or without interference) allows access to a site by structuring it according to the general operations thereof. It is necessary to consider the different paths of persons within the site, as well as their permissions and refusals of access. For a quick general idea, it is necessary to divide the site by buildings and services, identify primary and secondary access points, and then detail the operations, not missing any possible exceptions, such as sporadic external stakeholders, maintenance of green spaces, for example… Once accomplished, the role-based access system must be a carbon copy of the physical tree of the site staff. Finally, it is necessary to consider the future of this role based access system and foresee adequate extensions.