Hi There!
Need to implement LDAP like access control for cross-department, multiple level hierarchy. (Usually found in Banking, Insurance and other long-tail sales teams)
Details as follows.
<Background>
1.There are departments : Marketing, Operations, Sales
- There are parallel hierarchies (consisting of roles) in each department:
Example for Marketing as follows
Digital Marketing hierarchy : Marketing Head [a] > Digital Marketing Head > Team Lead > Account executive[b]
Field Marketing hierarchy : Marketing Head [a] > Field Marketing Head > Zonal manager > Area Manager > Team lead > Account executive
Media Marketing hierarchy : Marketing Head[a] > TV/News Marketing Head > Media property Manager > Channel Manager > Account executive[b]
[*] means Same individual(on that role) is present across multiple hierarchies
Example for Sales as follows
Dealership hierarchy : Asia Pacific Sales Head > National Sales head > Zonal Manager > Area[d] Manager > Dealership Manager[c] > Team Leader > Account Executive
Post Sales Hierarchy : Dealership Manager[c] > Service Team Lead > Service executive
Customer Success Hierarchy : Area Manager[d] > Delivery Expert
<Requirement>
[1] We need to show selective data, depending on where a role is present in hierarchy.
i.e. in example of ‘Dealership Hierarchy’:
if 3 Area Managers report to a Zonal Manager, then Zonal Manager can see leads data for these 3 Area Managers
Further each Area manager can only see data of his/her reportee Dealership Manager, and so on
[2] Permission to use a given feature in application depends on your role. So how do we link permission[read/write/edit] for a given feature with role.
This is in short how LDAP works, we need to create similar kind of access control for users accessing a Camunda application.