Tracking Application specific Roles and Permissions

miguelsa · ‎06-08-2023

Hello Community,

I have yet to find any references to this particular requirement, so here goes nothing.

We're aiming to track Application specific Roles and Permissions as CIs, so that we can link them to Service Catalogue Requests, Change Management processes and even Provisioning Automation (where possible).

Would like to get the Community's feedback and thoughts, just to see if I'm not missing out on some important issue here.

Appreciate any comments in advance.

miguelsa · ‎06-16-2023

You're not very far from our current thought process.

We're considering a simple Application Role CI. That will allow us to map all the existing Application Roles (an Application usually has two defined Roles such as Admin and User).

Obviously, we can then document who is responsible for those roles.

We can also relate Roles to Licenses (even to the point of different application specific license types).

We can then create an Access Relationship table that links Users and Roles and we can link that to Requests and Approvals.

That should allow us to have good visibility into who has access to what and the licensing behind it... should be able to cover compliance and costing needs.

The reason we're going with CMDB for the Application Role is because we're considering it to be a very specific Configuration Item type for which we want to use some of the resources already available there, such as Lifecycle Management and Relationships with Applications (both at the Business Application level and the underlying Application level).

The team is reviewing this and we'll be seeing what the overall feedback is, but so far, it could be a simple solution that provides a lot of value, at least in our use case.