Re: Multiple of Single User Accounts

["Flynn, Gerald" <flynngn () JMU EDU>]

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barrera, Connie
> Sent: Wednesday, October 21, 2009 5:07 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Multiple of Single User Accounts
>
> Greetings to all:
>
> For the different folks who have responded to this thread.  How are you
> keeping the "roles" identified in AD updated and hence the associated
> access/permissions current?  At least at our school there is a lot of
> fluctuation between roles and departmental/position assignment.  There
> are often times individuals with dual assignments and it's difficult to
> keep access updated due to numerous processes- how do you reconcile
> this?
>
> While we currently have many automated processes in place to deal with
> terminations and transfers, we continue to search for improvements.  Is
> anyone leveraging a commercial IDM solution?
>
> Any insight into your respective solutions is greatly appreciated.

We've got a home grown IdM with a lot of business logic built into
scripts and Peoplesoft SA and HR to resolve high level (student,
employee, affiliate, graduate, mixed) role issues. More granular employee roles 
in the SA/HR/FIN systems are still assigned manually through Peoplesoft 
security based on requests AFAIK. We're in the midst of rolling out Oracle 
IdM to replace the home grown system but last I heard, the granular 
employee role assignments will still be done manually in Peoplesoft for 
the foreseeable future.