Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Administration - Users / Security Permissions

Status
Not open for further replies.
OzDog

OzDog

MIS
Jan 10, 2002
192
GB
OK, I assume that many of you manage the security permissions for your company/client. This type of work is easy enough in a small company where you know everyone, but not so in a bigger company.

My question is: How do you manage access requests??

For example: Joe wants to access the "Payroll" share. Joe fills in a form, has his manager blindly sign it and sends it to the IT dept.

The IT dept see that a manager has signed it and grants access. The trouble is that Joe should not have been able to get access to the Payroll drive, as he is in Marketing. Now Joe can see how much the boss's get paid.. blah blah blah.

Does anyone know of a program that can be used to eliminate this kind of problem? Perhaps a user logs a request for access, his/her manager approves it electronically, then it goes to the "owner" of the apporpriate share (say the dept manager) for another approval.

I don't know, maybe it's a pipe dream... but maybe not.

Regards,
Sam
 
Sort by date Sort by votes
We wrote a internal website it does this
initiate request for a share to be created (owner assigned)
initiate request for access to share (owner approval)
access granted

Pretty simple we do the whole process on-line and the admins don't see the request until the owner approves it, sorry no program I know of to do it we wrote our own helpdesk system and included this aspect.
It is pretty simple to do on iis with some asp and depending on the size of the company either access or sql

hope that helps
 
Upvote 0 Downvote
Well bigassgeeks's way of doing it sounds great, but getting something like this in place can take forever in some companies. We do pretty much the same thing that you said. I am going to recommend to our company and you to take Joe Users's manager approval and forward it to the manager of the dept that owns the resource in questions. If you manage to get two manager's approvals I would think the request is valid and even if it isn't you have two ways to COVER YOUR @$$
 
Upvote 0 Downvote
agreed. all you have to do is set up the permissions. if it's been signed off by a manager then it's ok. it's up to the management to put in office procedures to deal with this before it comes to you. only thing I can suggest is maybe scan the signed copy so you have a record, cos lets face it Management always try to blame IT whenever they can. If you can produce a trail of authorisation they can no longer point the finger at you. maybe save copies of emails and read receipts as well. the more info the better. People lose their jobs over these things!
[smilejap]
 
Upvote 0 Downvote
another way of solving this problem would be to sack the manager who gave the user access in the first place....then you watch every other manager in the firm actually READ user requests from then on in......it'd never happen again lets put it that way.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tviman
  • Locked
  • Question
How to restrict RDP users to the desktop 2
Replies
13
Views
228
strongm
strongm
kurio71
  • Locked
  • Question
Clean Install of 2016 - NTFS permissions
Replies
1
Views
78
hairlessupportmonkey
hairlessupportmonkey
kolob4all
  • Locked
  • Question
Restrict AD users to login to specific computers
Replies
0
Views
57
kolob4all
kolob4all
abm-support
  • Locked
  • Question
Essentials Server 2012 not showing users or devices
Replies
0
Views
85
abm-support
abm-support
amanua
  • Locked
  • Question
Event ID 4776 Security Log
Replies
0
Views
90
amanua
amanua

Part and Inventory Search

Sponsor

Back
Top