I'm working on designing a use case diagram for a task management application, and I'm seeking guidance on representing role-based access control (RBAC) effectively.
I've created a preliminary use case diagram that includes actors such as "Manager" and "Standard User," along with various use cases like "Manage Projects," "Manage Tasks," and so on. However, I'm struggling to depict the relationship where standard users are restricted to projects and tasks assigned by managers.
I've created two use cases 'Manage Assigned Project' and 'Manage Assigned Tasks'. Tasks are dependent on a project. The manager is linked to the assigned project via association.
How to represent this constraint effectively in the use case diagram?
If deemed useful, here are the requirements I need to cover:
- The application should support CRUD operations (Create, Read, Update, Delete) on projects and tasks.
- Tasks can only be created if a project already exists.
- Managers should have access to all features across all projects and tasks.
- Standard users are limited to projects and tasks assigned by managers.
- Standard users can only read and edit tasks.
- Managers should be able to assign tasks and projects to standard users.