OLE uses Kuali Identity Management software, which is a Kuali-wide application that handles users, roles and permissions. KIM is part of RICE. OLE interacts with KIM to determine what permissions a user has and to define workflow responsibilities.
A document describing OLE's use of KIM is available in draft
Roles and permissions are being refactored for 2.0. You can look at the refactoring that is being proposed.
A workbook that defines the tables required to load roles and permissions as part of the data build is here: (in draft) (link to come.)