Skip to content
DHL IoT role-based access control configuration

[ Case study ]

DHL IoT: Role-Based Access Control

The governance layer of the DHL IoT platform, where the access model is configured: roles, the responsibilities they hold, the sub-functionalities within them, and the CRUD operations they permit. Administrators compose access by selecting a role, its responsibilities, and operations, read, create, edit, delete, scoped to either the platform or a specific application, with role and responsibility catalogs keeping the model legible as it is built.

Client
Deutsche Post DHL Group
Role
UX Architect · via Wipro
Year
2019
Disciplines
Enterprise UX, Governance, Interaction Design

4

Roles: Platform Admin, Use Case Owner, DHL & External Users

6

Responsibilities mapped across the platform

CRUD

Read, create, edit, and delete per responsibility

[ Information architecture ]

01

Roles

  • Platform Admin
  • Use Case Owner
  • DHL User
  • External User
02

Permissions

  • Per entity
  • Per action
03

Assignment

  • Users to roles

Everything on the platform is governed by who you are and what you are allowed to do. The RBAC module is where that model is configured - roles, the responsibilities they hold, the sub-functionalities within them, and the operations they permit.

RBAC configuration: roles, responsibilities, and operations
RBAC configuration: roles and responsibilities on the left, the platform's role and responsibility catalog on the right.

A clear permission model

Administrators compose access by selecting a role, the responsibilities it covers, and the operations it can perform - read, create, edit, delete - scoped to either the platform or a specific application. The role and responsibility catalogs keep the model legible while it is being built.

  • Roles - Platform Admin, Use Case Owner, DHL Users, External Users
  • Responsibilities mapped to modules: user, device, and BU onboarding, applications, association, administration
  • Operations as explicit CRUD permissions
  • Scoped per platform and per application
Role and responsibility selection
Governance is a design problem - an access model is only safe if the person configuring it can actually see what they are granting.

Outcome

A legible, composable access model that let DHL grow the platform's users and applications without losing control of who could do what.

[ Next project ]VCA: Doctor Compensation Platform