Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Next »

Summary

The Request By Attribute process allows department administrators to perform protected actions in the Austin Active Directory by crafting the request as a JSON strings then writing the request to an attribute on department-specific objects. 

Overview

This Request By Attribute process is comprised of the following parts: a request string, the requests attribute, the request script, a result string, and the results attribute. The request string is a JSON string that contains the required properties and values for the request. A department administrator will create the request string then add the value to the multi-valued requests attribute on a department's administrative OU (see Organizational Units below) to submit the request. The request script runs every hour and removes the request string from the requests attribute then processes the request. The result string is a JSON string that contains the results of the request along with the original request string. The request script will generate the result string after processing a request then add the value to the multi-valued results attribute on the department's administrative OU. Any errors encountered by the delegation process are included in the result string.

Organizational Units

The Request By Attribute process is centered around a department's Adminstrative OU. Each department's Administrative OU is the named OU in the Departments container under the Administrative container at the root of the domain (ex. "OU=TEST,OU=Departments,OU=Administrative,DC=austin,DC=utexas,DC=edu" or "austin.utexas.edu/Administrative/Departments/TEST") and contains resources managed by the Department User Tools such as department user accounts and department's OU administrators group (ex. TEST-Administrators).

Attributes

The Request By Attribute process utilizes the following attributes on a department's Administrative OU object. The selected attributes are confidential and cannot be accessed by default. The specific attributes and the permissions granted to the attributes are as follows:

  • The requests attribute is the utexasEduAustinMulti1 attribute on a department's Administrative OU. Department Adminstrators can read and write to this attribute to submit a request.
  • The results attribute is the utexasEduAustinMulti2 attribute on a department's Administrative OU. Department Adminstrators can read this attribute to review the results of request processing.

Supported requests

The Request By Attribute process supports the following request types:

  • Delegations - Department administrators can request permission changes to organizational units within a department. This process has previously been available only via a ServiceNow request.

Planned requests

The Request By Attribute process is expected to support the following request types in the future:

  • DNS - Department administrators can request changes to DNS records associated with the department. 


  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility