Purpose
Stakeholders establish the impact scope of each threat in the TARA analysis. By linking TARA records to specific stakeholders, the analyst documents who would suffer harm if the threat scenario is realized. This supports ISO/SAE 21434 impact assessment across safety, financial, operational, and privacy dimensions.Work Item Identity
| Property | Value |
|---|---|
| Type ID | stakeholder |
| Label | Stakeholder |
| Icon | req_status_accepted.gif |
| Tracker Prefix | TR |
| Form Layout | stakeholder-form-layout.xml |
Custom Fields
Thestakeholder type has no TARA-specific custom fields beyond the standard Polarion fields (Title, Description, Status, Priority) and the global classification field.
| Field ID | Name | Type | Description |
|---|---|---|---|
classification | Classification | enum:classification | Global field. Values: sc (Special Characteristic), cc (Critical Characteristic), cybersecurity. |
stakeholder column (e.g., “Vehicle Occupant”, “Road User”, “Fleet Operator”). The Description provides detailed context about the stakeholder’s relationship to the system.
Shared Catalog
Stakeholders are stored in a shared catalog document:| Property | Value |
|---|---|
| Document | Risks/StakeholderCatalog |
| Space | Risks |
| Item Count | 4 stakeholders + 1 heading |
| Reuse Pattern | Referenced via itemLink columns across all TARA modules |
Link Roles
Outgoing Links
| Role ID | Forward Label | Target Type | Description |
|---|---|---|---|
parent | has parent | stakeholder | Hierarchical grouping within the catalog (sameType=true). |
Incoming Links
| Role ID | Reverse Label | Source Type | Description |
|---|---|---|---|
hasStakeholder | is Stakeholder in | taraRecord | TARA records referencing this stakeholder. Links the threat analysis to the affected party. |
Risksheet Integration
In the TARA Risksheet, the stakeholder appears as the Level 1 (top-level) hierarchy column:| Column ID | Header | Type | Group | Key Properties |
|---|---|---|---|---|
stakeholder | Stakeholder | itemLink | Threat Identification (purple) | linkRole=hasStakeholder, document=Risks/StakeholderCatalog, queryFactory=stakeholderQuery |
Query Factory
ThestakeholderQuery factory populates the picker dropdown:
stakeholder work items in the project. The picker displays the stakeholder title and creates a hasStakeholder link when selected.
Hierarchy Position
The stakeholder is the top level in the Risksheet 5-level hierarchy:| Level | Column | Description |
|---|---|---|
| 1 | Stakeholder | Who is affected |
| 2 | CIAx Property | What security aspect |
| 3 | Damage Scenario | What harm results |
| 4 | Threat Scenario | How the threat manifests |
| 5 | Threat Path | Concrete attack vector |
Workflow
Thestakeholder type follows the general work item workflow:
| State | Color | Description |
|---|---|---|
draft | #3366FF | Initial state. |
inReview | #FFFF99 | Submitted for review. |
pendingApproval | #FFFF33 | Awaiting formal approval. |
approved | #66FF66 | Approved for use in TARA analysis. |
rejected | #FF3300 | Rejected. Requires rework. |
obsolete | — | Deprecated. Retained for traceability. |
Traceability Context
The stakeholder connects to the TARA record in the threat identification phase:Form Layout Notes
Thestakeholder-form-layout.xml layout exposes:
- Standard fields: Title, Description, Status, Priority
- Linked items section showing TARA records that reference this stakeholder
Related Pages
- TARA Record (taraRecord) — the risk assessment record that links to stakeholders
- Threat Scenario (threatScenario) — the other catalog-based work item type
- Use Shared Threat Scenario and Stakeholder Catalogs — how to use shared catalogs
- Identify Threats and Damage Scenarios — the workflow step that uses stakeholders
- Shared Catalogs Pattern — concept page on the catalog reuse pattern