The Roles Database at the Massachusetts Institute of Technology

Abstract

MIT has implemented a system, called the Roles Database, to centrally manage people's authorizations for computer-based applications enterprise-wide. Roles or authorizations are centrally defined in understandable business terms, and then converted to the native representation of each application to which they apply. An authorization is a 3-part entity consisting of a Person, a business Function, and a Qualifier. The hierarchy-based Qualifier defines the scope of the authorization, narrowly, as an individual account number, or broadly, as a department, school, or the entire organization. This system supports an environment where many people are authorized to perform similar tasks, but for different departments or fiscal areas. This paper summarizes the design of the Roles Database and describes how it is being used to manage authorizations for MIT's data warehouse, SAP financial system and other applications.