The Roles Database Application: Introduction

|Intro | Requirements | Download | Getting Started |


  1. Introduction
  2. Requirements
  3. Getting started
  4. Using selection sets and criteria
  5. Working in Roles

What is the Roles Database?

The Roles Database contains authorizations -- rules about people's privileges or roles -- for MIT's financial and other business systems, such as SAP. Authorizations are maintained within the Roles Database by central and departmental people. Related data on people, departments, and financial objects are drawn from other databases such as the Data Warehouse.

The Roles Database does not enforce the authorizations that it stores. It only collects the information and distributes it to the appropriate applications, usually as a nightly data feed.

Applications with an interface to the Roles Database interpret the access rules from the Roles Database and enforce them.

Some users have the authority to create and modify authorizations, and for this they must use the Roles application. Other users only need to view authorization information, and they can use the Web interface for this.

Together, the database, the application, and the Web interface serve as a common tool for users in offices and labs to maintain authorizations for their departmental resources.

What are Authorizations?

In the Roles Database, an authorization is a rule that lets you perform a specific business function within a computer-based application. It is the most important entity maintained in the Roles Database.

Authorizations have three parts: Person, Function, and Qualifier. (SAP authorizations are related but not the same as Roles Database authorizations.) When you connect these three components, an authorization is created.

For example:

jsmithcan view personnel data in the data warehousewithin org. unit 152000
jjonescan create a requisition for fund center FC123456
ssimmscan approve a requisition for line items less than $2500 for spending group SG_Anthro


Personis identified by her or his Kerberos user ID, e.g., jsmith, not by name, e.g, Jo Smith.
Functionis what a person is permitted to do within a specific application, such as SAP, WRHS (MIT's Data Warehouse), GRAD (Graduate Admissions Application). For example, jsmith is allowed to view personnel data in the data warehouse.
Qualifieris an organizational unit, cost object, fund center, or some other item that limits the data on which a Person can perform the Function. For example, org. unit 152000

Some types of qualifiers in Roles must be prefixed with a letter that identifies the type of qualifier. For instance, 7654300 in Roles is preceded by a P that identifies it as a WBS element. Use the following prefixes before the appropriate cost element: F (Fund), FC (Fund center), C (Cost Center), I (Internal order), P (WBS element), PC (Profit center). For instance, to specify Fund Center number 123456 within the Roles Database, specify FC123456, not 123456.

What are meta-authorizations?

In the Roles Database, authorizations about authorizations are called meta-authorizations. Like other authorizations, a meta-authorization consists of a person, a function, and a qualifier. Meta-authorizations belong to the Function Category "META". The two main functions are

How do I get a meta-authorization to view authorizations on the Web?

Authorizations are not considered to be highly sensitive data, but it is not our policy to let all Web users view them. Meta-authorizations to "VIEW AUTH BY CATEGORY" are usually given to MIT employees on request. If you have a School or Area Coordinator, contact that person. You can find the name of your school or area coordinator at . If you don't have one, or don't know who that person is, then contact the central SAP authorizations maintenance group ( Make sure you specify:

If you plan to use Roles as a lookup tool, you can find all the operations you need in the Web at If, however, you plan to create, delete, or copy authorizations, you will need the Roles application. To continue, click on Requirements

| Intro | Requirements | Download | Getting Started |