You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Problem

An individual is granted access to a service through some formal mechanism, however the indivudual would like to delegate that access to one or more individuals who cannot be identified through any authoritative means.  The delegation of the access may be temporary (ie, allow someone to act on my behalf while I am on vacation) or may be permanent (I would like to delegate all resposibilites to my administrative assistant.)  The nature of the access is such that I cannot delegate more authority than I have myself, and I will still be held accountable for the actions taken on my behalf.

Solution

Proxy solutions are often application-specific (Anyone have a generic solution to share?)  For example, in the faculty example above, the same application that is used to gather final grades would provide a user-interface for the faculty member to manage the delegation of grading.

Examples


An adminstrator is granted access to approve purchase orders in his department.  The administrator is going to be on vacation for two weeks and needs to delegate authority to another individual while he is away.

A faculty member, by virtue of being the named instructor of a course is granted access to print photo class roster, to post course materials on the LMS site, and to enter official grades for the students at the end of the semester.  The faculty member wishes for her teaching assistant to print the class roster at the beginning of the semester, and plans to ask her administrative assistant to enter the final grades for the course.

At the University of Michigan, faculty enter grades using the PeopleSoft system of record.  We built a bolt-on UI the allows the faculty to delegate grading, and an automated batch process runs each day to grant/remove the PeopleSoft access role based on the faculty member's choices.

For our Web online directory, individuals can grant proxy access to any other member of the UM Community to manage directory attributes on their behalf.  (need to check this: Proxy access is stored as an LDAP attribute on the in indivuidual directory entry.)

  • No labels