|
How to Effectively
Delegate Administrative
Privileges Contents White Paper August 2007
The nature of software-whether operating system (OS) or The Need to Delegate application-is that it constantly evolves, requiring regular updates Administrative Entitlements. 1 throughout its lifetime as new features are introduced. Similarly, over time, software often becomes more complex, requiring patches Challenges of Implementing a to fix programmer errors or mitigate vulnerabilities. From the aspect Delegated Administrative of actually using the software, change is inevitable through updates Model ...................................... 3 to configurations, the addition and removal of users and groups, and so on. Essentially, change is a natural part of the life across IT. Achieving Delegated Administration with NetIQ Managing and implementing these changes is often left to an Products.................................. 5 experience group of administrators who are familiar with the system or application to which the change is being applied. However, this Summary ................................ 9 specialized group is often overwhelmed with different projects on top of trying to manage change request tickets that can quickly escalate beyond their ability to effectively manage each request. Ultimately, changes requests are either implemented poorly, extremely late, or not at all. On top of the challenges of merely managing these change requests, auditors are constantly pushing for controls over who can manage what, that an administrator's entitlements are within the scope of his or her job, and ensuring that all changes and activities are tracked and audited. To reduce the workload of administrating their mission-critical technologies, organizations must delegate administrative access and privileges-but carefully, as changes that are inadvertent and untested can quickly bring an infrastructure to its knees. Organizations must also track and audit all administrative tasks and changes, not just to satisfy the auditors but also to quickly identify and respond to risky or unapproved changes. This paper discusses why organizations should consider moving to a delegated administration model. This model can aid companies in improving administrative productivity, system availability, and security, and satisfy the demands of auditors. The paper then discusses the challenges and risks that organizations might face when using various approaches to delegating administrative capabilities. It will then present the delegated administration model implemented across NetIQ technology, and show how-with NetIQ-organizations can successfully delegate appropriate administrative privileges across their organizations. This model is intended to avoid providing each user unnecessarily privileged access and helps ensure a safer operating model. THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or c... [download for more]
|
