A Mutable Log

Access control

In this post I document a simple domain model that I have used to implement access control in my projects, the first time being sometime in 1998.

The model described here assumes that authentication is already done, you get some kind of user ID, and have to make the access control decision. It is different from resource oriented access control mechanisms such as access to files, and database structures.

The entities or classes

The primary entities in the domain are

The relationships

The entities or classes are related in the following manner

Making the access control decision

The access control decision can be implemented at any point in the code where an Action is performed. You can get a list of all Actions the User can perform by traversing from User-Profile to Profile-Action. You allow the Action to proceed if its ID is found to be associated with the User, or else throw an exception.


Although not the focus of this post, password based authentication can be handled by adding a password hash to the User entity. The authentication decision can be implemented in a front controller and the user ID stored in the session context for access control decisions downstream.