An increasing number of service providing organizations collaborate today over the Internet and authorization is a fundamental requirement and key objective in order to control assets and allow users to access resources. This is because each information system participating in a CE usually serves two basic types of users: 'local' users and 'external' (casual) users from other participating organizations. Local users are typically associated with a set of well-established credentials known to the local information system. Security issues, however, arise also when a non local user from a collaborative organization requests access to local resources: how this request could be evaluated and which are the access rights that local administration should assign to that user? We propose an innovative role structure, not solely dependent on naming methods, but one that takes into account organizational as well as functional characteristics to provide a practical user-role assignment methodology between organizations in a CE. More specifically, the proposed role structure enables an automated user-role assignment based on an algorithm that compares roles from different organizations.