OARS (Object/Action/Role/Scope) Matrix : Document your app’s hidden capabilities matrix early and often!

--

Documenting an application’s capabilities matrix is essential for specifying to developers and testers

  • which users
  • can perform which actions
  • on which objects.

A clear, correct, and up to date capabilities matrix is an essential first step toward enforcing the sometimes complex access rules of an application. For example:

--

--