Phase C, Information Systems ArchitectureDerived from TOGAF

Role to Application Matrix

Record the access level each business role holds in each application, so access maps to duty rather than convenience.

Role to application access: who may read, edit and approve in each system

Business roles run down the side and six applications run across the top. Each cell records the access the role needs to do its job: Read to view, Edit to change records, Approve to sign off. Access maps to duty, not to convenience.

Role to application access: who may read, edit and approve in each system The TOGAF Role/Application Matrix for London Grid Distribution. Rows are five business roles from connection assessor to settlement officer; columns are six applications including the connections portal, GIS and the LTDS publication system. Each cell records the access level the role holds: Read to view, Edit to change records or Approve to sign off. The emphasised data publisher row reads four upstream systems and edits only the publication it owns. Source: TOGAF Standard 10, Phase C Application Architecture artifacts. Role Connections portal GIS Asset register SCADA historian Meter data service LTDS publication ConnectionassessorEditReadReadRead OutagecoordinatorReadReadEditRead AssetstewardEditApproveRead DatapublisherReadReadReadReadEdit SettlementofficerReadApprove Edit changes records, Read views, Approve signs off. Source: TOGAF Standard 10, Phase C artifacts

The emphasised data publisher row is the least-privilege pattern worth copying: Read on four upstream systems, Edit only on the publication it owns. Approve appears exactly where sign-off lives, on asset register changes and on settlement meter reads.

When defining security baselines in Phase C or reviewing access against duties during a controls audit.

What you need and what you get

You'll need

  • The business role catalogue
  • The applications each role works in

You'll get

  • An access grid of read, edit and approve levels
  • The least-privilege gaps worth closing

Taught in

No course modules linked yet.

Derived from

  • The Open GroupTOGAF Standard 10, Architecture Content: Role/Application MatrixSource

TOGAF is a registered trademark of The Open Group in the United States and other countries. This tool is independently produced, TOGAF-aligned, and is not affiliated with, endorsed by, or certified by The Open Group.