Hello Colm and Francesco, > Summarizing: while Roles currently have only Entitlements associated, in
> the future we might also associate Privileges (which in turn are related > to Applications) to them. As a result, user U with role R will own both > Entitlements and Privileges.> If "privilege" is not suitable as name, let's > then rename the existing > Entitlements to something else and use the word "entitlement" to model > the new concept instead. Would it make sense to have an association from Group to Roles also ? If yes, we would end with : Role 0..n entitlements 0..n privileges Group 0..n roles 0..n users User 0..n roles Regards, Adrian
