Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Next »

Summary

The Request By Attribute process allows department administrators to sumbit requests for restricted actions in the Austin Active Directory via attributes on specific objects. 

Overview

This Request By Attribute process is comprised of the following parts: a request JSON, the requests attribute, the request script, a result JSON, and the results attribute. The request JSON is a JSON string that contains the required properties and values for the request. A department administrator will create the request JSON then write the value to the requests attribute on a department's administrative OU (see Organizational Units below). The request script runs every hour and removes the original request JSON from the requests attributes on the department's administrative OU then attempts to fulfill the request. The result JSON is a JSON string that contains the results of the request. The request script writes the result JSON to the results attribute on the department's administrative OU. Any errors encountered by the delegation process are included in the result JSON. 

Organizational Units

The Request By Attribute process interacts with both a department's Department OU and Adminstrative OU. Each department's Department OU is the named OU in the Departments container at the root of the domain (ex. "OU=TEST,OU=Departments,DC=austin,DC=utexas,DC=edu" or "austin.utexas.edu/Departments/TEST") and contains resources managed by the department such as computer and group objects. Each department's Administrative OU is the named OU in the Departments container under the Administrative container at the root of the domain (ex. "OU=TEST,OU=Departments,OU=Administrative,DC=austin,DC=utexas,DC=edu" or "austin.utexas.edu/Administrative/Departments/TEST") contains resources managed by the Department User Tools such as department user accounts and membership in the department administrators group (ex. TEST-Administrators). 

Attributes

The Request By Attribute process utilizes the following attributes on a department's Administrative OU object. The selected attributes are confidential and cannot be accessed by default. The specific attributes and the permissions granted to the attributes are as follows:

  • The requests attribute is the utexasEduAustinMulti1 attribute on a department's Administrative OU. Department Adminstrators can read and write to this attribute to submit a request.
  • The results attribute is the utexasEduAustinMulti2 attribute on a department's Administrative OU. Department Adminstrators can read this attribute to review the results of request processing.

Supported requests

The Request By Attribute process supports the following request types:

  • Delegations - Department administrators can request permission changes to organizational units within a department. This process has previously been available only via a ServiceNow request.

Planned requests

The Request By Attribute process is expected to support the following request types in the future:

  • DNS - Department administrators can request DNS changes for records associated with the department. 


  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility