Versions Compared

Old Version 8

changes.mady.by.user Robert W Smyser

Saved on

compared with

New Version Current

changes.mady.by.user Oliver Thomas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrected links that should have been relative instead of absolute.

...

Server: a pc- and mac-compatible file-sharing environment, with group and individual permissions.  It needs to not be AFS, as security accidents are relatively easy there and the impact is usually to inadvertently share sensitive data files to the worldbe sufficiently secure to prevent spills of sensitive information on the web or otherwise.  The existing sparkler server, a windows server that exports to Macs and PC's natively, has evidently met the security test since it has all of IS&T's confidential information on it now.  AFS is also a possibility if administered carefully. 

Filespace:  assuming we use a server like sparkler, we would have a directory on that server that mounts as a drive letter on Windows and a desktop folder on the Mac.  Let's call it "CSS-managers"   We'd have essentially unlimited room inside the folder to store what we will, and the ability to carve off sections of it to have more restrictive permissions as needed.

...

folder

likely contents

 

css-managers/

  1. Published version of the quarterly Budget and Financial Projections document for all of CSS, aggregated by manager.
  2. Operating Plan for the fiscal year
  3. Quarterly report submissions to the IST-VP's office
  4. Resource Model aggregated for all of CSS
  5. Run Book of Procedures for important systems, services, etc.

 


→ manager area/

  1. Cost-object detail for quarterly Budget and Financial ProjectionsSummary financial materials specific to a manager's area, at a more-or-less detailed level, subject to sufficient security about salaries.    If more security were preferred, the material goes in the mgr folder.  Anne will work this out directly with the manager.
  2. Manager-specific Operating Plans, Client lists, whatever other mgrs or tls might also need to know about.
  3. etc.

 


→ → team leader area/

  1. Detailed salary information for the staff of the team leader and no others.
  2. Working financial document for identifying and explaining variances
  3. Resource Model worksheet for team leader's staff only

 


→ → manager-only area/

  1. Detailed salary information that should not be seen by any team leaders.
  2. Working financial document for identifying and explaining variances, including detail not to be seen by team leaders.
  3. Resource Model worksheet for team leader's staff only

 

The precise file structure Following the layout scheme above, the precise CSS file structure for the current teams and mangers might look something like this:

Proposed Implementation

[9/19/2006]: There were suggestions about the admin structure made by Oliver and others at the 9/19/2006 offsite that have led to updates in the Admin permissions column of the table below.  They are summarized here:

  • an administrator at the ./managers level can grant admin bits on otherwise-locked down folders at the levels below.  Bad.  So, the owners of the ./managers level will not have the administrative bit turned on.  The account of the director of CSS will have admin bits, so they can act to fix anything that might go wrong.
  • groups of individual kerberos ids as in the original example should be replaced with an acl that contains those names.  To wit, "othomas, goguen, jfw" would be assigned a list like "css-managers-help-admin"; then when membership changes, it's just the acl that is changed in one place, and its effects ripple throughout the system without further intervention.
  • similarly, we replace the principal of the director and the fbc with a list named for the role, populated by the principal of the incumbent.  To wit, css-director now holds 'jfw' but soon won't. 

Folder

Subfolder

(more folders)"

 

Permissions

 

Read-Write Permissions would be granted
to these userids and groups

Admin permissions
to these userids / groups

css-managers/

 

 

 

css-managers, css-tl ,

css-hq director
  (jfw)

 

ditrhelp/

 

 

css-managers, css-tl

css-managers-help-admin
(othomas, goguen, css-hq director)

 

 

callcenter/

fbaars,  goguen, othomas, css-director, abdenna

css-managers-help-admin

  team/ *

 

servicecenter/

legand, goguen, othomas, css-director chuckk, pepsikid, ndpope, jfw, abdenna

  css-managers-help-admin

 

 

mgr/

 

ndpope, jfw goguen, othomas, css-director, abdenna

  css-managers-help-admin

 

help/ software

 

 

css-managers, css-tl

css-managers-software-admin
(jmhunt, css-hq director )

 

 

 

callcenterswrt/

 

fbaars,  goguen, othomas, jfw bowser, jmhunt, css-director, abdenna  

css-managers-software-admin

 

 

n42servicevsls/

 

legand, goguen, othomas, jfw jmhunt, css-director, abdenna

  css-managers-software-admin

 

 

mgr/

 

goguen, othomas, jfw jmhunt, css-director, abdenna

  css-managers-software-admin

 

dcadtcp/  

 

css-managers, css-tl ,

css-managers-tcp-hq admin
  (jfw)

 

 

mgrdcad/ 

jlreed, jfw, css-director, abdenna

css-managers-tcp-admin

 

 

tcpusability/

 

 

jlreed, jfw, css-director, abdenna

css-managers, css-tl, css-hq  tcp-admin

 

 

pubs/

 

cwood, jfw, css-director, abdenna

  css-managers-tcp-admin

 

 

training/

 

kkibbee, jfw, css-director, abdenna

  css-managers-tcp-admin

 

 

atic/

 

maryz, jfw, css-director, abdenna

  css-managers-tcp-admin

 

 

mgr/

 

jfw, css-director, abdenna

  css-managers-tcp-admin

 

security/

 

 

css-managers, css-tl

css-managers-security-admin
(tjm, css-hq  director)

 

 

mgr/  

tjm, jfwcss-director, abdenna

  css-managers-security-admin

 

hq/

 

 

css-managers, css-tl ,

css-managers-hq-admin
(css-director)

 

 

mgr/

css-director, abdenna

css-managers-hq-admin

 

mgrhomepage/

 

css-managers, css-tl

css-managers-homepage-admin
(lisanti, css-director) jfw, abdenna

 

 

mgr/

lisanti, css-director, abdenna

homepage/ css-managers-homepage-admin

 

ditr/

 

css-managers, css-tl

css-managers-ditr-admin
(ndpope, css-hq director)

 

 

desktop/

chuckk, pepsikid, ndpope, css-director, abdenna

css-managers-ditr-admin

 

 

mgr/

 

lisanti, jfw, abdenna

admin-it/

chuckk, pepsikid, ndpope, css-director, abdenna

css-managers-ditr-admin

 

 

mgr/

ndpope, css-director, abdenna

css-managers-ditr-admin

 

mgrsonly/

 

css-managers-list

css-managers-all-admin
(css-managers-list)  

* NOTE: the folder names are suggestions only; managers should have naming control within their folders within reason.  We suggest not using individual names instead of teams or roles.