Business analysts use the roles and permissions matrix to designate responsibilities, identify roles, discover missing roles and communicate the results of a planned change.
Role and permission matrix involves identifying roles, connecting them with solution activities, and designating authorities who can do these activities.
A role is a name for a group of individuals who share common job functions.
Each function is represented by one or more solution activities. Each individual that is assigned this authority can perform the correlated activities.
Roles and permissions has some components which include the following :
1 Identifying roles: to identify roles for either internal or external stakeholders, the business analysts should do the following :
- Examine any organizational models, job descriptions, procedure manuals, and system user guides.
- Meet with stakeholders to discover additional roles.
When identifying roles, business analysts should search for common functions that are performed by individuals with similar needs.
2. Identifying activities: business analysts often use functional decomposition to break down each function into sub-parts, process modelling to better understand the workflow and division of work among users, and use cases to represent tasks.
Enterprise level roles and responsibilities may be identified in a RACI (Responsible, Accountable, Consulted, Informed) matrix.
Specific information technology system roles and responsibilities may be
identified in a CRUD (Create, Read, Update, and Delete) matrix.
3 Identifying authorities: Authorities are actions that identified roles are allowed to perform. For each activity, the business analyst should identify the authorities for each role.
When identifying authorities, business analysts should think about the level of security needed and how the work flows through the process. Business analysts should work with stakeholders to validate identified authorities.
4 Refinements: refinements are made up of delegations and inheritances.
a. Delegations: The business analyst may also identify which authorities can be assigned to one individual or another on a short-term or permanent basis.
Inheritances: Stakeholders may request that when an individual is given authority at an organizational hierarchy level that this assignment is related to that user’s organizational level and any subsidiary organizational unit levels.
Roles and permissions matrix has its strengths and limitations, which include:
Strengths
• It provides data security, by restricting individuals from performing certain actions.
• It encourages an enhanced review of transaction history, in that audit logs can records details about any assigned authorities at the time.
• It provides documented roles and responsibilities for activities.
Limitations
• It requires an experienced business analyst to identify how much information would be sufficient. Too much detail can be time-consuming and not provide value while too little detail can exclude necessary roles or responsibilities.