How to implement group policies for organization web services?

S

sobernt2021-04-19 16:09:08

Active Directory

sobernt, 2021-04-19 16:09:08

Good day!
I ask you to help with the search for solutions (best practices) for the following case:
There is an organization's AD in which all its users are registered.
Users are in the node OU=corp DC=orgname DC=org It is
necessary for each local (internal) service (.orgname.org) of the organization to implement groups in order to bind an existing AD user to a service with a specific role.

Question: how to do it in the best way?

Administrators in the organization suggested this option:
if the service has roles (:ADM,MNG,USR) - bind the user to the SRVC group--

I suppose that the best solution would be to use tree structures (OU= OU= OU=services DC= orgname DC=org), but I could be wrong.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

N

nApoBo3, 2021-04-19
@nApoBo3

Recommended AGDLP rights assignment model.
Access is given to a local group (one group, one access resource with one model of rights), it includes a global group, a user in it.
The tree-like structure of the solution you proposed is extremely unfortunate.
Yes, and it's not group policies.