Pau Lo
asked on
account management - large enterprises
Is there any general best practice to manage user permissions for windows security groups for departmental "movers"? How do you manage this in your companies (especially in large enterprises). For example user Y works in accounts, is a memeber of "company-accounts-team" group which is granted access to various directories on departmental file servers, they also have a couple of departmental mailboxes. When they move to payroll from accounts there accounts permissions are no longer acceptable, what do you do process wise to identify this and change permissions accordingly?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Permissions are changed with group membership changes (The user will get the permissions from the new group and will no longer get permissions from the old group if they are removed).
Departmental managers or similar would need to approve the request to move groups in writing. Depends on your organisation but obviously you will need some sort of confirmation that a user can move groups.
Departmental managers or similar would need to approve the request to move groups in writing. Depends on your organisation but obviously you will need some sort of confirmation that a user can move groups.
ASKER