 |
Roles Database Meta-authorizations |
What are meta-authorizations?
In the Roles Database, authorizations about authorizations are called
meta-authorizations. Like other authorizations, a
meta-authorization consists of a person,
a function, and a qualifier.
Meta-authorizations belong to the Function Category "META". The three
main functions are
- VIEW AUTH BY CATEGORY
Allows you to view other people's authorizations within a
Function Category, such as SAP (SAP R3) or WRHS (the Warehouse), via the Web
- PRIMARY AUTHORIZER
Allows you to grant or maintain authorizations for a common set of
business functions with qualifiers related to the resources of a
specified department.
- CREATE AUTHORIZATIONS
Allows you to create an authorization for any function or
qualifier within a Function Category. Only a few people have this type
of meta-authorization. Most authority to grant authorizations to others
is restricted to certain functions and qualifiers, and is given either
with the PRIMARY AUTHORIZER function or via the
Grant flag of a (non-meta) authorization.
(There are also a few Meta-authorization functions that control maintenance of
other Roles Database objects; we will ignore them
here.)
Rules for viewing authorizations on the Web
People's authorizations are not considered to be highly sensitive data, but
it is not our policy to let all Web users view them.
In order to use the web interface to view authorizations for people other
than yourself, you will usually need a VIEW AUTH BY CATEGORY authorization
for the categories (SAP, WRHS, etc.) of authorizations you want to view.
There is a special rule for viewing SAP, HR, LABD (Labor Distribution),
ADMN (miscellaneous administrative roles), and META authorizations that
may allow you to view these authorizations even if you don't have a
VIEW AUTH BY CATEGORY authorization.
You will be allowed to view other people's authorizations in the categories
listed above as long as
you have at least one currently-active SAP or HR authorization.
The reason behind
this rule is that people who have financial or HR authorizations are likely to
have a business need to look up other people's authorizations.
How do I get a meta-authorization to view authorizations on the Web?
Meta-authorizations
to "VIEW AUTH BY CATEGORY" will usually be given to MIT employees on request
from a Primary Authorizer. If you don't have a Primary
Authorizer, or don't know who that person is, contact
the Business Liaison team (business-help@mit.edu).
Make sure you specify:
- Your Kerberos principal
- Your name
- The Function Category
or Categories for which you wish to view authorizations,
i.e. SAP, NIMB (NIMBUS Budget system), WRHS (Data Warehouse) etc..
- Your department and reason for needing access to view the authorizations
Back to main Roles web interface page