Personnel within an enterprise can assume many roles where each role is typically given access to certain data and granted a set of capabilities and authorizations within a computing system or enterprise network such as reading, creating, or updating files. A role is not necessarily equivalent to a job position or a job title within the enterprise. For example, a person with the job title of computer programmer might assume the role of staff programmer on one project and the role of lead programmer on another project. People with the same job title can assume different roles and people with different job titles can assume the same role. An individual can assume a single role for a single project, multiple roles in a single project, the same role in multiple projects, or multiple roles in multiple projects. There might also be roles, such as administrative roles, that are not directly tied to specific projects.
An enterprise can create a set of roles that cover all the activities that typically take place within the enterprise. Each role can be assigned a set of capabilities and data access privileges in the enterprise network environment or subsets thereof. When an individual needs to perform a particular activity, the role that covers that activity can be assigned to that individual. The roles that an individual might assume can change numerous times over the course of the individual's career. When an addition, deletion, or modification of a role is needed, a request for the role change would typically be made and someone in a supervisory or administrative position would typically be required to approve the role assignment request.
Numerous methods can exist for the process of approving a request for the assignment of a role to an individual. For example, approval of role assignment requests might be either centralized or decentralized. In a centralized scheme, a relatively small number of administrators might be responsible for approving or denying all role assignment requests within an entire enterprise. In a decentralized scheme, approval or denial of role assignment requests is done by an individual within the work group of the person for whom the role assignment is needed. Each of these schemes has drawbacks. In centralized role assignment, the administrators approving and denying role assignment requests may not have detailed knowledge of all of the roles and all of the individuals within the enterprise and may not be aware of who should have which roles. With only a small number of administrators handling a large number of role assignment requests, the processing of requests could become inefficient and error-prone. In decentralized role assignment, the individuals approving and denying role assignment requests would typically have a more detailed knowledge of the roles and individuals within their work group and would thus be well informed for making role assignment decisions. However, individuals approving and denying role assignments in the decentralized scheme would typically have other duties and might not make role assignment a top priority. This could lead to delays in the processing of role assignment requests. Also, when personnel changes occur, individuals approving and denying role assignment requests might leave their work group. This could cause confusion among the remaining personnel in the work group regarding who should perform role assignment.
In any role assignment scheme, some amount of processing of role assignment requests occurs. A role assignment request would typically be initiated either by an individual needing to assume a role or by the supervisor of such an individual. An individual might request a role assignment from his supervisor, from an administrator within his work group, or from a central role assignment group. A request might take the form of a phone call, an e-mail, a paper document, a face-to-face verbal request, or other forms. A supervisor or administrator might approve or deny a role assignment request or might send a request to a central role assignment group. Approval or denial of a request by a supervisor, an administrator, or a central role assignment group might similarly take the form of a paper document, an electronic document, verbal communication, or other forms.
In any combination of these variables in the processing of role assignment requests, multiple individuals might be involved and multiple steps might occur. This could result in inefficiency, delays, confusion, and inappropriate approvals or denials of requests. For example, a verbal request with no permanent documentation could easily be forgotten or misunderstood. A supervisor or administrator receiving multiple requests in multiple formats might be discouraged from responding appropriately or in a timely manner.