The GT Role System (GRS) is a tool to assign roles to people. Roles are simply labels that are useful to somebody, usually for inclusion in a collaborative group or authorization to use a computer resource. Role assignment can range anywhere from full automation from data (eg, credit-student@gt) to all-manual (eg, Committee assignment); most roles are a mixture of the two (eg, CSR mailing list). It is expected that GT may someday easily have thousands of roles.
Mailing lists, Active Directory, T-Square, BuzzPort, and Share-IT are all tools used commonly at Georgia Tech today to group people. GRS improves upon these in the following ways:
GRS is running as a production service since Jan 2009. It is used by dozens of IT groups on campus who have created a few thousand roles. OIT uses GRS internally for hundreds of both campus-facing and internal roles.
GRS's main limitation is that its user interface is painful and inappropriate for 90% of the campus's constituents. Therefore, almost all GRS users are IT personnel. Some groups, however, have used the GRS API to implement specialized user interfaces that make adding/removing people from certain roles much easier.
This drawing illustrates the 5 main concepts of GRS.
1. Roles
: Everything is centered around roles which are just labels that can be put on people or accounts
2. Role Folders: Roles are placed in folders for organization and access control
3. Rules: Rules add/remove groups of people to/from Roles based on data in GTED. Most commonly, Rules are created using Departmental or GT Employment, Other Roles, Course Enrollment, GTAD Groups, Sympa Mailing lists, etc.
4. Overrides: An Override is the manual addition or removal of someone in a Role. They are often conditional ("While joe is still an employee") or temporary ("For the next month").
5. Entitlements: The result of being in a Role is that the person's data in GTED will include a specific entitlement value. Once they are in GTED, these entitlements are also synchronized into GTAD and the Data Warehouse.