The following OUs (Organizational Units) exist for IS

o   Permission Lists

o   Products

o   Teams

o   Roles

New permissions under the permission lists OU will be created by the CMs.   In the description field of each permission the CMs will include short description, owner and Remedy ticket number for the request.  CMs will also add teams or roles to these permissions.  Permissions are for internal IS support, not for external access to IS developed products (see products).

Examples of permissions:

  • cit-is-perms-webmethdvlpr
  • cit-is-perms-psdevdashbrd  

Under products, CMs will be responsible for creating new Product directories and assigning the Admin Group for the new directory.  The Admin group will be able to create new folders and permissions within the directory for which they are Admin.  They will also be able to associate teams and roles to the permissions under their directories.  Each Product directory will have an Admin group (role or team see below).  The naming convention for products is slightly different than the other IS OUs.  Because maintenance of products could move between CIT organizations, the IS portion of the name is removed in product permissions (see below).

Examples of Product Directories:

    • Cit-is-products-Hosting
      • Cit-products-hosting-perm1
      • Cit-products-hosting-perm2
    • Cit-is-products-PeopleSoft
      • Cit-products-PeopleSoft-perm1
      • Cit-products-Peoplesoft-perm2  
    • Cit-products-Launchpad
    • Cit-products-Uportal

Teams and Roles are both groups of people.  Both OUs will have an OU Admin group of IS Supervisors.  This will allow all IS Supervisors to add and remove users from Teams and Roles.

Examples of Teams

o   Cit-is-teams-isis-eteam

o   Cit-is-teams-dba-oltp

Examples of roles

o   Cit-is-roles-kuali admin

o   Cit-is-roles-tomcatadmin

o   Cit-is-roles-supervisors 
To build in separation of duties and to maintain some audit trail of process, CMs will be made OU Admins of the Product and Permission OUs but will not be Admins of the Roles and Teams OUs.  The supervisors role will be assigned as OU Admins for both the Teams and Roles OUs.  When a new product or permission needs to be created, a remedy ticket will be sent to the CMs.  Naming conventions will need to be followed (see above).  When Teams or Roles need to be granted to permissions or products a remedy ticket will be sent to the CMs.  If a new role or team needs to be created or a person needs to be added to a team or role, the supervisor group will need to do this, the CMs will not have access to modify Roles and Teams.

  • No labels