You are here

Review roles mechanism

Project ID: 
Current stage: 

Description: A more structured approach to the creation and allocation of roles is needed. The current number of roles has become unmanageable and therefore needs to be rationalised.

The original discussion document is here.

A list of possible role deletions is here.

Deliverables: A more simplified and structured approach to role/entitlement creation and allocation.


Customer: All DICE account users.

Case statement: The existing roles and capabilities namespace and management procedures lack a cohesive structure and policy. Some roles are obsolete, and some are unused. The namespace would benefit from a clearout, and revised management practices would prevent further confusion.




Priority: Low/Medium - whilst desirable, there is nothing being blocked by this project.



Proposal: There are a number of factors to bear in mind, these points are taken from various discussions:

  • It needs to be clear who makes the actual decisions concerning roles and entitlements
  • Units should be in charge of the entitlements for their servers. And we should discourage people from piggybacking on existing entitlements.
  • Issues arise where the ownership of entitlements is unclear or across management boundaries, e.g. who decides what goes in a generic role like people
  • It needs "strong ownership". The roles system joins a lot of different technical systems together, as well as being our main expression of policy. The lack of single decision maker for that system means that it ends up being pulled in many different directions



  • Investigate current namespace for roles and capabilities.
  • Identify any moribund instances.
  • Analyse current groupings and evaluate relevance.
  • Identify areas of responsibility.
  • Review and revise groupings and ownership.

Dependencies: There is some involvement with the Prometheus life-cycle code, which may be used, or may be affected, by any proposed changes in roles management procedures.



Proposed date Achieved date Name Description
2012-07-18 Decide on nature of roles review, and extent of actions required.
2012-07-04 Produce recommendations report, based on consensual feedback