Application Role design example - XYZ:Administrator

Last modified 08 Sep 2022 11:24 +02:00

Business description
	Role name	XYZ:Administrator
	Description	Application administrator of application XYZ.
	Application	XYZ
	Environment	PROD
	Owner	John Stone
	Access level	Privileged user
	Risk level	9
	Requestable	Yes
	Approval policy	2 level approval - user’s manager and application owner
	How to use	You can find application on https://internal.myorganization.com/xyz-abc. Additional info in administrator’s handbook. VPN configuration is needed for the
Technical description
Automatic provisioning
Resource 1	Resource name	LDAP
	Documentation	Create account in LDAP and assign to group xyz-admins
	Object type	User
	Entitlements (e.g. group membership)
	Entitlement type (Attribute type)	Security group
	Entitlement name (Attribute name)	cn=xyz-admins,ou=ldapgroups,o=organisation
Manual provisioning
Resource 2	Resource name	Windows hosts access
	Documentation	Manually assign RDP access to application host.
	Entitlements (e.g. group membership)
	Entitlement type (Attribute type)	HostAccess
	Entitlement name (Attribute name)	hostXYZ
	Realization team	IT:APP:OPERATORS
	Provisioning text	Assign user \{$focus/name} to local access group Administrators on the windows host hostXYZ
	Deprovisioning text	Remove user \{$focus/name} from local access group Administrators on the windows host hostXYZ
Resource 3	Resource name	VPN
	Documentation	Manually create VPN profile for the user and add him to profile "AdminAccess".
	Object type	User
	Entitlements (e.g. group membership)
	Entitlement type (Attribute type)	VPN Access Profile
	Entitlement name (Attribute name)	AdminAccess
	Realization team	IT:NET:OPERATORS
	Provisioning text	Create user in VPN. Assign profile AdminAccess to user \{$focus/name} in VPN
	Deprovisioning text	Remove profile AdminAccess from the user \{$focus/name} in VPN. If there is no other profile defined, disable the user in VPN.

Business description

Role name

XYZ:Administrator

Description

Application administrator of application XYZ.

Application

XYZ

Environment

PROD

Owner

John Stone

Access level

Privileged user

Risk level

Requestable

Yes

Approval policy

2 level approval - user’s manager and application owner

How to use

You can find application on https://internal.myorganization.com/xyz-abc. Additional info in administrator’s handbook. VPN configuration is needed for the

Technical description

Automatic provisioning

Resource 1

Resource name

LDAP

Documentation

Create account in LDAP and assign to group xyz-admins

Object type

User

Entitlements (e.g. group membership)

Entitlement type (Attribute type)

Security group

Entitlement name (Attribute name)

cn=xyz-admins,ou=ldapgroups,o=organisation

Manual provisioning

Resource 2

Resource name

Windows hosts access

Documentation

Manually assign RDP access to application host.

Entitlements (e.g. group membership)

Entitlement type (Attribute type)

HostAccess

Entitlement name (Attribute name)

hostXYZ

Realization team

IT:APP:OPERATORS

Provisioning text

Assign user \{$focus/name} to local access group Administrators on the windows host hostXYZ

Deprovisioning text

Remove user \{$focus/name} from local access group Administrators on the windows host hostXYZ

Resource 3

Resource name

VPN

Documentation

Manually create VPN profile for the user and add him to profile "AdminAccess".

Object type

User

Entitlements (e.g. group membership)

Entitlement type (Attribute type)

VPN Access Profile

Entitlement name (Attribute name)

AdminAccess

Realization team

IT:NET:OPERATORS

Provisioning text

Create user in VPN. Assign profile AdminAccess to user \{$focus/name} in VPN

Deprovisioning text

Remove profile AdminAccess from the user \{$focus/name} in VPN. If there is no other profile defined, disable the user in VPN.

Was this page helpful?

YES NO

Thanks for your feedback