W
W
whatisit12019-08-13 09:09:40
System administration
whatisit1, 2019-08-13 09:09:40

How do you keep track of access rights to file resources?

There is a zoo of file servers and a bunch of folders. Access is given by request. This process is almost not automated and especially delivers the lack of the ability to restore rights as they should be if someone screwed up. it is not taken into account separately. Done - forgot. I'm looking for a way to organize, automate, scale, and simplify the process of granting and accounting for access to shared folders.
How is your file server organized and how do you keep track of access rights to file resources?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
R
rPman, 2019-08-13
@rPman

Organization begins where you organize work with people.
Those. a person came to you with a request - this application should not be oral, it should be written in a machine-readable format with the ability to make a selection based on them. Indicate as much information as possible in the application - who, when, why ...
Enter clear rules for choosing the name of the balls, placements, etc. So that you can again automatically make selections and comparisons (search for resources and actions with them out of account).
A bit on the side
- do not give access to 'everyone', all resources should be targeted, only not people - but groups, management should be at the group level (since people constantly leave, then come, then a sore ... this also needs to be managed) .
- try not to issue resources 'forever', everything should have a time limit, let your system give you a reminder about this and even automatically remove access and even delete (send to the archive) the corresponding share.

R
Roman Molchanov, 2019-08-13
@Dobryak88

"access rights" and "automate ... and simplify the provisioning process" are somewhat different things.
If it's a zoo (different file storages, a mixture of domain and non-domain accounts, etc.), then it would be nice to start at least with the following:
Row table - name of the category of employees (department, position or full name, if rights are assigned individually);
columns - folder/catalog/resource name;
at intersections, respectively, a mark on the access level;
Most likely, each directory has an owner (responsible for information) who determines to whom to grant access and at what level. Some tools allow the owner to enter information in the appropriate column for their directory.

D
Dmitry Shitskov, 2019-08-13
@Zarom

I organized it like this - active directory (perfectly replaced by the same samba4) + samba shares = access based on ad groups

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question