Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIT ROLES DB CSG, May 2004. Previous Presentations Talk given by Jim Repa at EDUCAUSE Conference (Long Beach, CA, Oct. 29, 1999) –http://web.mit.edu/rolesdb/www/educause/educause.

Published byDustin Brown Modified over 9 years ago

Similar presentations

Presentation on theme: "MIT ROLES DB CSG, May 2004. Previous Presentations Talk given by Jim Repa at EDUCAUSE Conference (Long Beach, CA, Oct. 29, 1999) –http://web.mit.edu/rolesdb/www/educause/educause."— Presentation transcript:

1 MIT ROLES DB CSG, May 2004

2 Previous Presentations Talk given by Jim Repa at EDUCAUSE Conference (Long Beach, CA, Oct. 29, 1999) –http://web.mit.edu/rolesdb/www/educause/educause. htmlhttp://web.mit.edu/rolesdb/www/educause/educause. html Talk given by Jim Repa to Common Solutions Group (Chicago, Sept. 18, 1998) –http://web.mit.edu/rolesdb/www/csg/csg.htmlhttp://web.mit.edu/rolesdb/www/csg/csg.html Slides from Jim Repa's presentation of October 7, 1997 http://web.mit.edu/is/integration/presentation s/roles_10071997/ http://web.mit.edu/is/integration/presentation s/roles_10071997/

3 A new perspective The MIT ROLES database is not a Roles Based Access Control (RBAC) system It is a meta-authorization management system An RBAC system could be built using the MIT ROLES system

4 Characteristics Applications and services do not query or update ROLES in real time. Data is extracted from the database and transformed into native, legacy, format for consumption We do not define a “role” that is then applied to a number of users Roles does provide for inheritance of authorizations

5 A Reminder An Authorization = PERSON + FUNCTION + QUALIFIER But the system also provides for starting and ending dates In the future, an Authorization = object + FUNCTION +QUALIFIER

6 The ROLES DB can be used to form Tables in other databases Access Control Lists LDAP groups LDAP attributes or populating configuration files such as.k5login It could even be used to help formulate policies within rule based systems.

7 Obstacles to usage Current access is via SQL*NET and Oracle No APIs to ease access from native code Benefits accrue to departmental administrators Benefits do not accrue to system developers, system integrators, most of central IS&T

8 Another obstacle No support for real-time or programmatic updates of qualifiers There are OKI OSIDs to address this issue but they have only been used against a test instance at this time

9 Systems using ROLES in production SAP financials Data Warehouse Human Resource systems NIMBUS budget system Graduate Admissions MIT ID database access to student information in data warehouse Environmental Health and Safety miscellaneous administration tasks

10 Notable systems not using ROLES at this time AFS PTS Moira web publication OCW central Active Directory Help desk tools including Casetracker, RT, Stock Answers and OLC Stellar any Library systems COEUS Student Information Systems MIT Events Calendar TechTime (Corporate Time) access to buildings, parking lots, machine rooms, hazardous labs,

11 Some Statistics The number of authorization functions defined: 185 The number of individual authorizations currently defined: 63997 The number of authorizations that have defined boundary dates: 1159, of these 980 created by department of Dean for Student Life The number of AFS and NFS groups defined in Moira: 20955 The number of other ACLs defined in Moira: 43215

Download ppt "MIT ROLES DB CSG, May 2004. Previous Presentations Talk given by Jim Repa at EDUCAUSE Conference (Long Beach, CA, Oct. 29, 1999) –http://web.mit.edu/rolesdb/www/educause/educause."

Similar presentations

T2 PowerPark and SCT Banner

T2 PowerPark and SCT Banner
Summary XBRL Challenge Objective: Tools that rely on XBRL data, e.g., tool that extracts data for multi-company comparison via desktop application; or.

Summary XBRL Challenge Objective: Tools that rely on XBRL data, e.g., tool that extracts data for multi-company comparison via desktop application; or.
Useful directory information is not easily accessible End users can not update their own information Directory information becomes quickly out of date.

Useful directory information is not easily accessible End users can not update their own information Directory information becomes quickly out of date.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
NHVRINweb Real-Time WDQS William R. Bolton, Jr. State Registrar and Director Division of Vital Records Administration New Hampshire Department of State.

NHVRINweb Real-Time WDQS William R. Bolton, Jr. State Registrar and Director Division of Vital Records Administration New Hampshire Department of State.
6.1 © 2007 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.

6.1 © 2007 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.
Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.

Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.
Central Authorizer and Roles Presentation to SAPbiz April 14, 2004.

Central Authorizer and Roles Presentation to SAPbiz April 14, 2004.
MIT’s Roles Database: Our Model for Authorizations Jim Repa Advanced Campus Architecture Middleware Planning Meeting July 9, 2003 See also:

MIT’s Roles Database: Our Model for Authorizations Jim Repa Advanced Campus Architecture Middleware Planning Meeting July 9, 2003 See also:
SE 464: Industrial Information systems Systems Engineering Department Industrial Information System LAB 02: Introduction to SAP.

SE 464: Industrial Information systems Systems Engineering Department Industrial Information System LAB 02: Introduction to SAP.
1©2005 OnTapSolutions5 December 2005 Service Oriented Architecture with O.K.I. Tom Coppeto OnTapSolutions Stuart Sim Sun Microsystems 5 December 2005.

1©2005 OnTapSolutions5 December 2005 Service Oriented Architecture with O.K.I. Tom Coppeto OnTapSolutions Stuart Sim Sun Microsystems 5 December 2005.
Database – Part 2 Dr. V.T. Raja Oregon State University.

Database – Part 2 Dr. V.T. Raja Oregon State University.
“DOK 322 DBMS” Y.T. Database Design Hacettepe University Department of Information Management DOK 322: Database Management Systems.

“DOK 322 DBMS” Y.T. Database Design Hacettepe University Department of Information Management DOK 322: Database Management Systems.
An overview of IS&T's Citrix An overview of IS&T's Citrix Architecture and Applications Architecture and Applications Network & Infrastructure Services.

An overview of IS&T's Citrix An overview of IS&T's Citrix Architecture and Applications Architecture and Applications Network & Infrastructure Services.
MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.

MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.
® IBM Software Group © IBM Corporation IBM Information Server Deliver – Federation Server.

® IBM Software Group © IBM Corporation IBM Information Server Deliver – Federation Server.
Federated Searching Pre-Conference Workshop - The federated searching cookbook Qin Zhu HP Labs Research Library February 18, 2007.

Federated Searching Pre-Conference Workshop - The federated searching cookbook Qin Zhu HP Labs Research Library February 18, 2007.
Confidential ODBC May 7, 20071 2.0.0 Features What is ODBC? Why Create an ODBC Driver for Rochade? How do we Expose Rochade as Relational Transformation.

Confidential ODBC May 7, Features What is ODBC? Why Create an ODBC Driver for Rochade? How do we Expose Rochade as Relational Transformation.
“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”

“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”
IT 20303 – DBMS Concepts Relational Database Theory.

IT – DBMS Concepts Relational Database Theory.

Similar presentations

Ads by Google