Process - The task element
The process element is depicted as a circle. It represents activities that can modify or redirect received input to their proper outputs.
Examples include:
- A microservice that receives an API call request and forwards it to an API handling service.
- Code that validates data input before it writes to a data store.
When to use the process element
Add a process element between:
- Data stores: Processes handle all communication between data stores.
- External entities with other elements: Processes handle all tasks and communication.
- Processes: Processes handle all tasks.
Depending on the information-depth level required for a data-flow diagram, you may use the process element to represent a few distinct use cases:
| Use case | Description |
|---|---|
| Stubs | Using the process element as a "stub" on a higher-level data-flow diagram is a good way to help keep things clean. It involves creating a separate data-flow diagram for a specific process and mapping it back to the higher-level diagram. It works like a "zoom-in" feature, where the in-depth data-flow diagram is available when you "zoom-in" on that process. |
| Multiple tasks | This use case applies when a process handles more than one task. This context is important because it allows anyone looking at the data-flow diagram to apply the proper security controls for each task. |
Include context
Include the following context with each process element:
| Context | Questions |
|---|---|
| Code | Is this process running in C#, C++, Objective C, Java, or a scripting language? |
| Permission level | Does this process need kernel, local, or administration-level permissions to run? |
| Service isolation | Is the process running in a sandbox? |
| Input | Can this process accept input from everyone, local accounts, or just administrators? |
| Validation | How does the process parse, handle, and accept input? |
| Authentication | Does the process rely on Microsoft Entra ID for authentication? If not, on what does it rely? |
| Authorization | Does it rely on Access Control Lists (ACL) for authorization? If not, on what does it rely? |