August 25, 2008 at 1:28 am
I'm running a Configuration Management System (self made) on SQL-Server (2005) with a Web frontend (ASP and .NEt)
Because of the restrictions on the connections between the different Domains in our network
we can't use the AD roles for authentication. We are requested by the security to manage
the data access by our own and therefore can't let it be done by the AD administration group.
So we created roles by functions depending on the task users have to fulfill.
For example: UHD group.
Every User who needs to work with the application get's a SQL login which we assign to the appropriate roles depending on the work the user has to do.
The account information is stored in the employee part of the CMDB.
Problem is, we not always get informed when a user leaves. So, we log the logins and every account which has not logged on for 6 months is removed from it's roles. After additional 6 months it's delete entirely.
Viewing post 16 (of 16 total)
You must be logged in to reply to this topic. Login to reply