In the Architecture Canvas, where should user roles such as Customer, Manager, and Administrator be considered?

In the context of Architecture Canvas, user roles like Customer, Manager, and Administrator are best framed as non-functional requirements since they directly influence access control and authorization mechanisms within the application. Non-functional requirements define the quality attributes and constraints of a system, including security, performance, and usability considerations.

User roles are integral to ensuring that the application behaves as intended concerning who can access what information and functionalities. For instance, the level of access that different users have to various parts of an application is critical for maintaining security and integrity of data. By categorizing user roles as non-functional requirements, architects are acknowledging that these roles do not merely pertain to the technical delivery of features, but also impact the overarching framework within which the application operates—particularly in terms of security and compliance.

Considering user roles purely as a design element within the User Interface layer, as part of a security bounded context, or as specific roles defined within each bounded context misses the broader impact of these roles on the system's architecture and overall security posture. Thus, recognizing them as non-functional requirements ensures that proper attention is given to authorization strategies and how they affect the system's operational integrity and user experience.