Role extends DomainType, ProvidesEdgesSource, RequiresEdgeDestination

A specific role of a user within a web application using Role-Based Access Control, providing a particular set of Permissions.

Similarly to the inheritance hierarchy of DomainType, a Role may inherit another Role in order to define a role hierarchy; this is provided by making a Role a subtype of DomainType. That is, a child Role that extends a parent Role through an ExtendsEdge therefore will provide all Permissions that the parent Role provides.

A Role may also define role-specific attributes by defining DomainAttributes according to the semantics of DomainType. These DomainAttributes subsequently become the profile attributes of the given Role.

An IAML model instance will have one Role with the name of "User", representing the root Role type in an application, and this constraint may be satisfied through model completion. All Role instances in a model instance must inherit this Role. As the default role, this "User" role will contain a DomainAttribute with a name of "email" and a DomainAttribute with a name of "password", representing the e-mail address and user password of a user's profile respectively.



Implementation Notes

Inference Rules




Inherited Attributes



Inherited Children



Inherited References



Inherited Extensions