Which Archimate element should I use to model a shop - archimate

I'm in the process of creating various archimate models for my organization. We offer financial services. Customers can do most of the things they require using the online portal and the mobile app.
But we also have branch offices where customers can go to get personal attention. They can get personal advice, they can ask representatives for operational tasks, or they can go to a public workstation there and do it themselves using the online portal, potentially with some assistance.
How should I model such a branch office in Archimate? Is it an Actor? Or a Business Service? Or a Business Interface? Or maybe a Product? Or just a Location? It's also a thing that's designed around a specific concept, and we have different concepts, each with a unique setup and capabilities.
You can compare such a branch office with a retail shop, or a post office. It's more than an internal element, because this is a point of contact with your customer. But what kind of element best describes it?

You can use different type of elements to model a branch office:
If you use physical elements, the branch can be a "Facility".
But probably it fits more with a "Location" that can aggregate "Resources" (Strategy Elements) o "Business Roles" that can realize "Business Services".

Consider this image, the customer is served various services (like personal advice) at (or aggregated in) a location assigned to the physical facility. Hope this answers your doubt.

Related

Which architure/mindset will be suitable for building a web app that users can purchase features like Azure does?

We recently had a new business rule that will require our users to pay for individual modules in our web application.
So, all the features we build in the application will not apply to all users. Some users can choose to add features that they want.
I've tried researching into an architecture/mindset to how to approach this development.
If I could get an idea on how to get started with this.. I would very much appreciate it.
I work with .NET web applications, and Microsoft SQL Server.
Thanks.
First list what "objects" or things you need to keep track of.
Users
userid
fullname
can manage his features? You said not all users can
...
Features:
featureid
description
cost
...
UserHasFeature
a link between a user and a feature
each line is userid, featureid
Using this you can query which user has what feature. Or list the users that have access to a particular feature.
In your web app, you will need administrator functions:
users management: add, remove, modify, list
feature: add, remove, modify, list
link management: add, remove, list
Reports: whatever reports you want to have
And user functions:
user: signin, modify, reset password, view all features, view features the user already has, add a new feature, remove a feature
reports: total cost of features the user is using, others
Now this is a very quick first draft. There are a lot of missing requirements:
approval workflow: can a user modify his features without the approbation of X?
payment methods
project number for internal billing
cost structure: monthly, one time, ...?
managers can view the features of the employees he manages?
...
This to remember:
Start with objects in your projet. These become tables.
Characteristics of the objects become fields in your tables.
If the same characteristic appears in many object tables, with the same values, consider creating a new table for these. Ex. in an address, you would not leave the country value as a simple VARCHAR field. You would link to another table with the country values.
List the relations. These become foreign keys, or link tables.
Split your objects. So apply 1NF, 2NF and 3NF at least. It is enough for most applications. (NF == Normal Form).
Each table and links require administrator pages (CRUD)
Users have a limited view related to their features only.
This is a huge subject, I could go on and on, but this could get you started.
Have fun!

Neo4J Multi Tenancy and Role Based Access to Nodes

I am trying to define a user management and permissions model for Neo4j. I have a web application (Angular 2) that connects to Neo4j via an API (KOANEO4J). Neo4j is the only database or persistent storage that the application uses. Through the application a user can add/edit/delete content which uses the API to carry out these instructions in Neo4j by running Cypher Statements. Up to now I have not worried about supporting multiple users but as a next step I am starting to think about this.
The product will be used by multiple different companies and each company will have multiple users so I need some way to support this. The model I am considering in Neo4J is as follows:
An "Orgaization" is represented by a node and it can have 1 or more "Organization Catalogs". All of the nodes belonging to that catalog will be children of one of the "Organization Catalogs".
Each user will also be represented by a node in the database. They will belong to an Organisation. They will have certain access permissions on an Organization Catalog identified by a an edge.
I am looking for some advice on whether or not this is an appropriate model to follow or if there are any examples or documents that describe how to achieve this in Neo4j.
If I do implement this model then would it be better to model the permissions as seperate nodes so a user is connected to a permission node (e.g. Read Only Access) that is then connected to the Organization Catalog.
Any suggestions on how I would actually get the API to work with this type of model. I'm sure I can pass the User Id to Neo4j as part of each query and then filter the results to show only nodes the user has access to but this doesn't seem like a very elegant solution - it also means that all of the security would be dependant on carefully written Cypher queries that don't leak data that a user isnt supposed to access.
Thanks a lot
I am looking for some advice on whether or not this is an appropriate
model to follow or if there are any examples or documents that
describe how to achieve this in Neo4j.
The answer for this question is: it depends. Remember that when modelling a graph database you should consider the queries that are asked to the database. If this model fits the queries that you are asking to the database then this model is appropriated, otherwise, not. Take a look in the Chapter 5 (Graphs in the Real World) of the book Graph Databases (by Ian Robison, Jim Webber and Emil Eifrem. Available for download here). This chapter shows the modelling process of an Authorization and Access Control system in Neo4j. Can be enlightening and helpful to you.
If I do implement this model then would it be better to model the
permissions as seperate nodes so a user is connected to a permission
node (e.g. Read Only Access) that is then connected to the
Organization Catalog.
Again, it depends. Do it if the Permission entity has connection to others entities of your application besides an User and an Organization Catalog. Otherwise I believe that your permission can be modeled as a relationship between an user and an organization catalog.
Any suggestions on how I would actually get the API to work with this
type of model. I'm sure I can pass the User Id to Neo4j as part of
each query and then filter the results to show only nodes the user has
access to but this doesn't seem like a very elegant solution - it also
means that all of the security would be dependant on carefully written
Cypher queries that don't leak data that a user isnt supposed to
access.
Maybe is a good idea add another layer of software between your AngularJS client app and the Neo4j database. This way in this new layer of software (a Node.js application, for example) you can implement a access control system, then verifiy if the authenticated user can access the resource that is being requested.

How can I reuse a grails application (Code and Data) by other grails applications?

I have a grails Application
http://partner.strotmann.org
https://github.com/pstrotmann/partnerForFree
managing partner Information like persons, organizations, their resp. adresses, bank data and communication data (email, phone, ..)
As this Application is important for other applications in a company e.g. sales, marketing, human resources etc., it should be reused by those applications with no data redundance and as less code redundance as possible.
My first approach is Rest Webservice, that I implemented for a small production planning system, that just needed the name of the customer.
Is there a more grails like approach ?
For my needs a solution with rest Webservice will do.
First I wrote
https://github.com/pstrotmann/partnerAdapter
that encapsulates rest logic for the applications.
Using that adapter I wrote two simple examples:
http://sale.strotmann.org for English users
http://purchase.strotmann.org for German users
and deployed them on a server residing on a cloud other than partner. You can record orders and purchases and link them to a partner, that can be selected from the partnersystem. The link back from partner to sale and purchase is implemented as roles in the partner system.
Click the links and try.
peter
Dortmund, Germany

How to use Business Calendars in IBM BPM 8.0.1.2

We are trying to setup a BPM Workflow involving human services(using IBM BPM 8.0.1.2).
We are able to create Routing Polices etc for each activity , but not able to figure out
how we can include personal calendars of each user during task assignment.
Usecase : we do not want to assign a task to a person who is on a vacation.
Any help is appreciated!
IBM BPM does not currently have a concept of a business calendar tied to a specific user. You can create a business calendar for calculation of due dates (e.g. this item is due in 3 business days) that can accommodate things like holidays for these calculations, but there is no built in mechanism to create a calendar and tie that to a specific user.
Now, it would be possible to create a set of services that would allow you to create per user calendars for your organization, but that feels like the wrong solution.
In general IBM BPM wants you to assign tasks to "Participant Groups" (in 8.5 this turns into "Teams") rather than to a specific user. This greatly increases your flexibility with respect to who can actually work the task over simply assigning a task to a specific person, as you can change Participant Group membership on your runtime server.
You need to know when a user is on vacation. Now this information can either come by creating custom calendar for each person but this does not look feasible good idea or Second source to get this info, can be Vacation Management System where use applies for vacation. If you do not have Vacation Management System in you organization, then this is even better - build a simple process for vacation approval and store the data for use from this process. If you have system then look for API to retrieve user's vacation details from that system.
Either way, you use this retrieved vacation info in team filter service to assign a task to only available users.

Securing web application on the data access level

Please consider the following setup:
Multi-tenant webapp.
Tenants create company accounts and company accounts have user accounts under them.
Users have roles, there's a special role "Owner" (the user who created the company account).
I'd like to have users to edit other user accounts (some admin tasks), but two conditions must be met:
Noone may edit owner's data (except for owner, when he's editing his own profile, and own profile editing is the same user editing).
Users may access user data and edit users only within their company account.
The app uses MVC architecture. Currently I check for those two conditions in the web layer and it works for me, but I have some concerns. If I go with some sort of API or some other type of data consumer, I may "forget" to re-inforce these conditions. Also, there will be other objects in the app with similar functionality requirements and which will have similar restrictions on them, so it's better for me to come up with some sort of pattern which will enforce my restrictions on data access level.
Could anyone recommend some approach worth looking into?
Thanks!
I beleive aspects or interceptors should be able to help you. If you work with objects you should be able to intercept requests containing your business data and check wether your user is allowed to work on it. The interceptor could then stop or proceed the execution.

Resources