
[ Case study ]
DHL IoT: Role-Based Access Control
The governance layer of the DHL IoT platform, where the access model is configured: roles, the responsibilities they hold, the sub-functionalities within them, and the CRUD operations they permit. Administrators compose access by selecting a role, its responsibilities, and operations, read, create, edit, delete, scoped to either the platform or a specific application, with role and responsibility catalogs keeping the model legible as it is built.
- Client
- Deutsche Post DHL Group
- Role
- UX Architect · via Wipro
- Year
- 2019
- Disciplines
- Enterprise UX, Governance, Interaction Design
4
Roles: Platform Admin, Use Case Owner, DHL & External Users
6
Responsibilities mapped across the platform
CRUD
Read, create, edit, and delete per responsibility
[ Information architecture ]
Roles
- Platform Admin
- Use Case Owner
- DHL User
- External User
Permissions
- Per entity
- Per action
Assignment
- Users to roles
Everything on the platform is governed by who you are and what you are allowed to do. The RBAC module is where that model is configured - roles, the responsibilities they hold, the sub-functionalities within them, and the operations they permit.

A clear permission model
Administrators compose access by selecting a role, the responsibilities it covers, and the operations it can perform - read, create, edit, delete - scoped to either the platform or a specific application. The role and responsibility catalogs keep the model legible while it is being built.
- Roles - Platform Admin, Use Case Owner, DHL Users, External Users
- Responsibilities mapped to modules: user, device, and BU onboarding, applications, association, administration
- Operations as explicit CRUD permissions
- Scoped per platform and per application

Governance is a design problem - an access model is only safe if the person configuring it can actually see what they are granting.
Outcome
A legible, composable access model that let DHL grow the platform's users and applications without losing control of who could do what.