Customized Views on RESTful Data
Case Management Systems assist knowledge workers in weakly-structured creative processes. To provide this support, systems aggregate relevant data such as goals to achieve, tasks to be done, documents and content related to the case, contact information of involved persons etc. in a virtual case file.
Access to case data has to be configurable in relation to the user who accesses it. While the owner of the case has full access to all of its parts, other persons who are invited to contribute to the case should only have access to a subset of resources contained in the case and their interactions should be constrained. This has to be achieved transparently in a way that avoids disclosing the existence of restricted data/interactions. Therefore, a generic framework based on WebAccesControl has to be built which allows managing access rights of resources and interactions by applying view filtering and API restrictions. This idea is similar to (Wild, 2013), but more general and not specific for user profiles. Access privileges are two-dimensional: data-set-wise and data-part-wise.