Application Role design example - ABC:Administrator

Role name

ABC:Administrator

Description

Application administrator of application ABC.

Application

ABC

Environment

PROD

Owner

John Stone

Access level

Privileged user

Risk level

7

Requestable

Yes

Approval policy

2 level approval - user’s manager and application owner

How to use

Automatic provisioning

Resource 1

Resource name

Active Directory

Documentation

Create account in AD and assign to group abc-administrators.

Object type

Account

Resource attributes

Resource attribute

employeeType

Value

Administrator

Entitlements (e.g. group membership)

Entitlement type (Attribute type)

Security group

Resource attribute (Attribute name)

cn=abc-administrators,cn=app-groups,dc=organisation,dc=com

Resource 2

Resource name

LDAP

Documentation

Create account in LDAP and assign to group app-abc-admins. Provides access to database.

Object type

User

Entitlements (e.g. group membership)

Entitlement type (Attribute type )

Security group

Resource attribute (Attribute name)

cn=app-abc-admins,ou=ldapgroups,o=organisation

Manual provisioning

Resource 2

Resource name

Windows hosts access

Documentation

Manually assign access to application servers.

Entitlements (e.g. group membership)

Entitlement type (Attribute type )

HostAccess

Resource attribute (Attribute name)

apphost1

Resource attribute (Attribute name)

apphost2

Resource attribute (Attribute name)

apphost3

Realization team

IT:APP:OPERATORS

Provisioning text

Assign user \{$focus/name} to local access group Administrators on the windows hosts apphost1, apphost2, apphos3

Deprovisioning text

Remove user \{$focus/name} from local access group Administrators on the windows hosts apphost1, apphost2, apphos3