account management - large enterprises
Posted on 2011-04-19
Is there any general best practice to manage user permissions for windows security groups for departmental "movers"? How do you manage this in your companies (especially in large enterprises). For example user Y works in accounts, is a memeber of "company-accounts-team" group which is granted access to various directories on departmental file servers, they also have a couple of departmental mailboxes. When they move to payroll from accounts there accounts permissions are no longer acceptable, what do you do process wise to identify this and change permissions accordingly?