Search code examples
droolsrule-engine

Workflow permissioning criterias matching

Currently, I have a workflow table quite complex containing multiple values that combine between each others. It is basically a workflow to find the right approver for the right user in permission model Here is a simplified example of workflow table

Country Department Role Approver
ALL ALL ALL Bob
UK IT Developper Tim
US IT Developper Mike
ALL ALL Analyst John

Those workflow steps always follow pre-requisite :

  1. It always exist the default approvers with matching ALL criterias
  2. Any criteria matching take precedence on the ALL criteria
  3. If no criteria match, it will fall inside the default approvers

I have users that need to be approved according to above matrix

User Country Department Role
U1 UK IT UX designer
U2 US HR Analyst

I am trying to figure out how i can extract the following matching :

User Approver Reason
U1 Bob User U1 does not match the criterias so its climb to the default approver
U2 Tim User U2 match workflow step because Tim validate all UK Developpers belonging to IT department

Of course for this example there is few criterias so a simple if / else would solve it. But I have 6 criterias which I believe would reach an important number of combinaisons if applying this naive approach.

In this situation, does a rule engine would apply this problem ? (for instance drools?) I would think the engine would take user / and list of workflow step as a fact. Should a decision table more applicable in this situation ? Any help in structuring the problem would be more than appreciated :)

Here is a really simple example of matching a user to its approver country

rule "Has country approver"
when
    $user : User( $country : country )
    $wf : WorkflowStep(country == $country) from $userAccess.steps
then
    //take the approver for the matching step
    $userAccess.setApprover($wf.getApprover());
    
    //insertLogical ?
end
Solution

  • A rule engine is a perfect fit for your solution, you have to decide how to use it though.

    The example you provided using Drools directly is very low-level, it works but it'll require you to write the rules in DRL.

    Since you already know your evaluation is stateless and your input are literally formatted as a table, a Decision Table would be a better fit in my opinion. Given that you have two flavours of Decision Tables, Drools' and DMN.

    I'll suggest you to try with DMN's as it's easier to start, Kogito provides a quick-start that let you experiment with the whole system and even write a test scenario for that, which is basically your second table.