1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104 | Type: graph-model
Purpose: Demonstrate how Role-Based Access Control is modeled in an IT management graph, showing users, roles, resources, and permission flows
Node types:
1. User (light blue circles, icon: person silhouette)
- Properties: name, employee_id, department, employment_date
- Examples:
* Dr. Sarah Chen (EmployeeID: E12345, Dept: Cardiology)
* John Martinez RN (EmployeeID: E23456, Dept: Emergency)
* Maria Silva (EmployeeID: E34567, Dept: IT Security)
2. Role (purple hexagons, icon: badge)
- Properties: role_name, description, privilege_level
- Examples:
* Physician (Privilege: High)
* Nurse (Privilege: Medium)
* Billing_Clerk (Privilege: Low)
* System_Administrator (Privilege: Full)
3. Resource (orange cylinders for data, green rectangles for systems)
- Properties: resource_name, classification, compliance_scope
- Examples:
* Patient_Records_DB (Classification: Restricted, HIPAA)
* Billing_System (Classification: Confidential, HIPAA)
* Lab_Results_DB (Classification: Restricted, HIPAA)
* HR_System (Classification: Internal)
4. Permission Node (small yellow diamonds, labeled with permission type)
- Properties: permission_type, granted_date, expiration_date
- Types: READ, WRITE, DELETE, ADMIN
Edge types:
1. HAS_ROLE (solid blue arrows, User → Role)
- Properties: assignment_date, assigned_by, justification
- Visual: Thick blue arrows
- Example: Dr. Sarah Chen → HAS_ROLE → Physician
2. CAN_ACCESS (dashed green arrows, Role → Resource)
- Properties: permission_types (array: [READ, WRITE]), constraints
- Visual: Dashed green arrows with permission labels
- Example: Physician → CAN_ACCESS (READ, WRITE) → Patient_Records_DB
3. MEMBER_OF (dotted purple arrows, Role → Role for hierarchy)
- Properties: inheritance_type (full, partial)
- Visual: Dotted purple arrows showing role hierarchy
- Example: Senior_Physician → MEMBER_OF → Physician (inherits all Physician permissions)
4. REQUIRES (red double-arrow, Role ←→ Role for separation of duty)
- Properties: constraint_type (mutual_exclusion)
- Visual: Red double-headed arrow with "X" symbol
- Example: Purchasing_Agent ←→ REQUIRES → Accounts_Payable_Approver (cannot hold both)
Sample data structure:
Users:
- Dr. Sarah Chen → HAS_ROLE → Physician → CAN_ACCESS (READ, WRITE) → Patient_Records_DB
- Dr. Sarah Chen → HAS_ROLE → Physician → CAN_ACCESS (READ) → Lab_Results_DB
- John Martinez RN → HAS_ROLE → Nurse → CAN_ACCESS (READ, WRITE) → Patient_Records_DB
- John Martinez RN → HAS_ROLE → Nurse → CAN_ACCESS (READ) → Billing_System
- Maria Silva → HAS_ROLE → System_Administrator → CAN_ACCESS (FULL) → All Systems
Role Hierarchy:
- Senior_Physician → MEMBER_OF → Physician (inherits all Physician permissions)
- Nurse_Practitioner → MEMBER_OF → Nurse (inherits Nurse permissions plus additional privileges)
Separation of Duty:
- Physician ←→ REQUIRES (mutual_exclusion) ←→ Billing_Manager
- System_Administrator ←→ REQUIRES (mutual_exclusion) ←→ Auditor
Layout: Hierarchical with users at top, roles in middle tier, resources at bottom
Interactive features:
- Hover over User node: Shows all roles assigned and effective permissions summary
- Click User node: Highlights all accessible resources with permission paths
- Hover over Role node: Shows role description, privilege level, number of members
- Click Role node: Highlights all users with that role and all accessible resources
- Hover over Resource node: Shows classification, compliance requirements, access statistics
- Click Resource node: Highlights all roles and users with access, shows permission types
- Double-click any node: Expands to show full property panel in sidebar
- Right-click edge: Shows relationship properties (assignment date, constraints, etc.)
- Search box: Type-ahead search for users, roles, or resources
- Filter controls: Show only specific permission types (READ, WRITE, DELETE, ADMIN)
- Toggle view: "Effective Permissions" vs "Direct Assignments" (showing inherited vs explicit)
Visual styling:
- Node size proportional to number of connections (important roles appear larger)
- Edge thickness proportional to permission breadth (FULL access = thickest)
- Color intensity indicates privilege level (darker = higher privilege)
- Animated particle flow along edges when a permission path is highlighted (showing permission flow from user → role → resource)
- Hover highlights: Node and all connected edges highlighted with glow effect
- Warning indicators: Red exclamation marks on nodes violating separation of duty
Legend (fixed position, top-right):
- Node shapes: Circle (User), Hexagon (Role), Cylinder (Database), Rectangle (System)
- Edge styles: Solid (HAS_ROLE), Dashed (CAN_ACCESS), Dotted (MEMBER_OF), Double-arrow (REQUIRES)
- Permission types: Color-coded badges (READ=green, WRITE=blue, DELETE=red, ADMIN=purple)
- Privilege levels: Color gradient bar (Low=light, Medium=medium, High=dark, Full=black)
Canvas size: 1000x800px
Implementation: vis-network JavaScript library with custom styling, data pulled from Neo4j graph database via Cypher queries, real-time updates when permissions change, export capability to PNG or SVG for documentation
|