[Home] [About] [FAQ] [Software] [Documentation] [Contact]

Subsystem Owner & Business Analyst

While the Business Analyst and Subsystem Owner are two roles with distinct responsibilities, they may be satisfied by one person. The analysis aspect is likely to involve others, e.g., a business office or project team. The Subsystem Owner is a simpler role, in the sense that it has a clearer set of supporting activities.

Business Analyst – Defining Privilege Data

Signet is designed to express privileges being managed in a natural language, expressing what a person can do, e.g., "Admit Students", "Purchase equipment", etc. It separates this aspect from the internal mechanics of enabling those functions, from the system specific language of systems that support the activities whose privileges are being managed.

The Analyst is responsible for the definition of privileges – which options the users see, how privileges are expressed, and the granularity required to provide sufficient granularity of control vs. unnecessary system complexity. They must thoroughly understand the busniess requirements of the privileges being managed.

In addition, they must be able to provide Signet with the translation of end-user functions to the internal "permissions" that are to be interpreted by consuming systems.

Required reading – Signet Concepts, Glossary, & Features

Design Considerations

Coming soon: Documentation to further develop good design in: style considerations for naming, when to choose multiple function vs. one function with many limits, etc. We anticipate gathering much useful material from the upcoming Early Adopters Signet/Grouper Deployment Workshop (March 20-22, 2006), which will serve to identify both the advantages and disadvantages of a/any particular design. Please contact us for more information if you are in need of assistance before this section is expanded.

Business Analyst — Subsystem Implementation

Once a set of privileges has been defined, it is expressed within Signet as a Subsystem. This information needs to be recorded via structured information in an XML document.

A complete sample XML document offers a useful example that may be adapted to your local data. As Business Analyst, you will either provide the data itself, or you may consult the Subsystem Owner (if other than yourself.) Also, refer to Phase VII: Populating with Sample Data of the System Administration Installation & Deployment guide.

Contact your Signet System Administrator for information on how to submit Subsystem definitions that are to be added to Signet.

A chain of privilege authorizations must begin somewhere. In Signet, it begins with the Subsystem Owner. A Subsystem Owner has the ability to "act as Signet" in the UI, switching from one's own authority to super-delegation powers for a Subsystem. As a Subsystem Owner, when acting as Signet, you can grant any privilege to any person with any limits.

You yourself do not actually HAVE these privileges, but as Subsystem Owner you can do all initial delegation of powers to the real individuals who should have those powers. This could be just one person or several, but it becomes their responsibility to grant privileges to others at their level or below, to start the chain of distributed delegation within a project or across the enterprise.

For more in depth coverage, please read the Roles and Internal Privileges document.

Subsystem Owner — Other Responsibilities

A Subsystem Owner retains powers over the Privileges being managed in a Subsystem. They can, again acting as Signet, be an actor of last resort in creating privileges, or revoking them – even if granted by others. In all such actions, Signet will record that the action was done under Signet's own authority to manage this information, and that the Subsystem Owner was the authorized user exercising those powers.

Finally, a Subsystem Owner has the ability to grant equal powers to others to make them a Subsystem Owner. This is desirable both for coverage, and also continuity of Subsystem ownership over time, as jobs and roles change. Should a Subsystem be left with no active Subsystem Owner, one would then contact the Signet System Administrator, who can designate a new Subsystem Owner.

Note: Refer to the Supporting Your Campus document for additional reading.