UCSD Identity Management
Identities
New identities are created primarily through three core mainframe applications: payroll(PPS), financial(IFIS), and student(ISIS) systems. This data may be entered via terminal emulators connected directly to the mainframe or web front ends using screen scraping, web services, etc. Some of this data is fed via file extracts into our email and Active Directory provisioning systems. All of these identities are then synchronized and merged nightly into a relational DB schema we call affiliates_db. This nightly load job also attempts to join the identities with the email and Active Directory accounts which were created separately. For certain affiliate types which are not entered into the three core systems, data can be entered from a web front end and saved directly into affiliates_db.
...
Several campus wide roles have been identified which require common access provisioning across many applications. In order to improve efficiency and speed of provisioning we implemented a role based access model to store permissions which applications can consume for their own internal purposes. These enterprise roles are not in wide use yet as we have many legacy applications which would need to be rewritten to support them.