Application Role design example - XYZ:Administrator

Last modified 17 Mar 2022 11:34 +01:00
Business description

Role name

XYZ:Administrator

Description

Application administrator of application XYZ.

Application

XYZ

Environment

PROD

Owner

John Stone

Access level

Privileged user

Risk level

9

Requestable

Yes

Approval policy

2 level approval - user’s manager and application owner

How to use

You can find application on https://internal.myorganization.com/xyz-abc. Additional info in administrator’s handbook. VPN configuration is needed for the

Technical description

Automatic provisioning

Resource 1

Resource name

LDAP

Documentation

Create account in LDAP and assign to group xyz-admins

Object type

User

Entitlements (e.g. group membership)

Entitlement type (Attribute type)

Security group

Entitlement name (Attribute name)

cn=xyz-admins,ou=ldapgroups,o=organisation

Manual provisioning

Resource 2

Resource name

Windows hosts access

Documentation

Manually assign RDP access to application host.

Entitlements (e.g. group membership)

Entitlement type (Attribute type)

HostAccess

Entitlement name (Attribute name)

hostXYZ

Realization team

IT:APP:OPERATORS

Provisioning text

Assign user \{$focus/name} to local access group Administrators on the windows host hostXYZ

Deprovisioning text

Remove user \{$focus/name} from local access group Administrators on the windows host hostXYZ

Resource 3

Resource name

VPN

Documentation

Manually create VPN profile for the user and add him to profile "AdminAccess".

Object type

User

Entitlements (e.g. group membership)

Entitlement type (Attribute type)

VPN Access Profile

Entitlement name (Attribute name)

AdminAccess

Realization team

IT:NET:OPERATORS

Provisioning text

Create user in VPN. Assign profile AdminAccess to user \{$focus/name} in VPN

Deprovisioning text

Remove profile AdminAccess from the user \{$focus/name} in VPN. If there is no other profile defined, disable the user in VPN.