CRUD is an acronym that refers to the following actions on an object
(typically a data entity):
A CRUD matrix is a very useful way to capture and display activities and permissions within a system. It is very
valuable to combine a CRUD Matrix with the analysis of user processes within the system, especially in the
context of the actors and roles involved to complete the picture. The analysis helps to identify the
usage of entities and associated GUIs. The information that is used heavily, and may therefore be a performance
bottleneck, is also easily identified.
The simple example below illustrates how to capture this information. In this case what is shown is what access or
usage that a role has with a particular protected object (i.e., data entity, or activity, etc.).
Action
Role
|
Create
|
Read
|
Update
|
Delete
|
Execute
|
Manager
|
X
|
|
|
X
|
|
Author
|
X
|
X
|
X
|
X
|
|
Editor
|
|
X
|
X
|
|
|
Publish
|
|
X
|
X
|
|
X
|
In the following example, another way to capture this information, the protected objects are list across the top, with
permissions/usage define in each cell.
Object
Role
|
Order
|
Invoice
|
Customer
|
Employee
|
Product
|
Sales VP
|
crud
|
crud
|
crud
|
crud
|
crud
|
Sales Manager
|
crude
|
crud
|
ru
|
r
|
r
|
Sales Rep
|
crud
|
r
|
ru
|
r
|
r
|
Stock Manager
|
-
|
-
|
-
|
r
|
ru
|
Note that "crude" appears, which is create; read; update; delete; and execute. Execute is added here, indicating
that a "Sale Manager" role can execute (fulfill) an Order.
Also see: Guideline: Logical Roles Model
|