I am looking for an enterprise user management system that meets these requirements:
- Delegated user administration: The group manager should be able to grant access to his supervised employees (without having to contact any administrator either to grant access or maybe create users).
- A group manager should be able to create other groups and restrict any permission he already has where he can add supervised employees.
- If a manager removes access to a supervised group, then all the subgroups will also lose access.
- Web based User Interface.
- LDAP interface to query users and groups (or may not exist at all if it is integrated in a single application).
Do you know if there are any system that meet these requirements?
From serverfault
Eduardo
-
I'm working in an environment where there is a system installed with similar funcionality as the one you describe. I don't know if it fullfills all of your requirements, but it might be worth having a look at it: http://www.nordicedge.se/
From Anders Abel -
Active Directory has all the functionality you requested above built in to its management tools. Novell also has a centralized directory/authorization program called eDirectory
mfinni : Well, except for the web-front-end part. While one could be built, it isn't out-of-the-box. And he doesn't explain what he's granting access *to* - whether it's SharePoint, or Exchange mailboxes, or NTFS files. That part would have to be built into the web app as well, those aren't defined in AD, they only use AD.Eduardo : @mfinni The applications that will use the system just define some roles and the system should just tell me if the user has the role or notFrom Josh Budde -
We use Computer Associates Identity Lifecycle Management product. It works well, but does require a large investment to install and maintain.
From JD
0 comments:
Post a Comment