Use GroupID to leverage ABAC concepts for intelligent SharePoint memberships
What you know about your staff is usually what drives identifying what resources they need in order to be productive. For example, you may know that a person who works in your Chicago office and is responsible for the marketing of a new upcoming product needs access to certain applications, files, and message lists and more specifically, access to specific SharePoint site(s). In fact, this person is probably one member of a team with similar or shared responsibilities. That information that helps you or another identify them is most likely reflected in attributes associated with their Active Directory identity. There are however, a couple of people who are helping on this product launch in public relations (New York office) that also need to be clued in. The project in question is assigned to a custom attribute with research and development, marketing, sales, executive staff, etc that are affiliated with said product. Using the above example, it is determined that common attributes amongst those who need access to this specific project are: EITHER
- Users working in the Chicago office.
- Users who are in the “Marketing” department.
- Users who have the job title containing either “project” or “program”.
- Users who are NOT disabled in Active Directory
- Users with custom attribute with project label “Widget 007”
- User is listed in current SQL project database
- User is NOT also in any way related to Sales
OR
- Users working in the New York
- Users who are in the “Public Relations” department
- Users who do NOT have “Admin” within the job title
- Users who are NOT disabled in Active Directory
- Users with custom attribute with project label “Widget 007”
The level of sophistication is based on your specific requirements. Need something more basic? Perhaps just a department of location attribute to determine membership? Easy. Need something very complex and perhaps leverage attributes outside the scope of Active Directory itself? Easy. You can make use of a combination of complex logic and additional external data source (CSV file, SQL, Oracle, etc) to make up your “attribute” list. The litany of choice makes the possibilities endless. No matter your scenario, GroupID is going to be able to take the information you have about people in your organization and make use of it. The best part of it all, once your knowledge about your staff needing specific inclusion in an AD group leveraged by SharePoint, that group’s membership will dynamically reflect the ongoing changes in your organization. When a person transfers into the project, they get access to the SharePoint site automatically… because you have already determined the rules by which people get access. Using the known attributes about your staff to make intelligent automated choices, made possible with Smart Groups using GroupID Automate.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.