Definition
Roles and permissions matrices provide coverage of activities. They designate responsibility, define roles and identify the missing ones, and communicate the results of a planned change.
The Process of assigning roles and permissions
- Identify roles
- Associate roles and activities related to the solution
- Designate who is authorised to carry out activities
Some sectors call this matrix a ‘verification requirement’ or an ‘audit requirement’.
The matrix takes the form of a table connecting activities to work groups and roles (here the example is for a software system). In general, roles are in the columns and activities in the rows.
The role
Used to name a group of individuals with common functions.
The function
A function is one or more activities related to the solution. One or more roles can undertake an individual activity. Each person to whom this authority is assigned can perform the associated activity.
Why use a role and authority matrix?
Strengths
- Stabilises and streamlines the initiative’s processes.
- Secures data by limiting access.
- Allows audit logs to freely consult information about the rights assigned. This ensures transparency of action history.
- Assigns roles according to business needs.
- Prevents the undertaking of an activity by an unqualified person.
- Identifies key roles within an organisation.
How to use a role and authority matrix?
Read more by subscribing to the BA Toolkit
On top of the brief description of the method, access to:
- an explanation of when and how to use it,
- a practical example,
- tips and recommendations for use,
- downloadable checklists and templates,
- references for further reading,
- …
