Home Page for the TeradataForum
 

Archives of the TeradataForum

Message Posted: Thu, 16 Feb 2006 @ 23:31:16 GMT


     
  <Prev Next>   <<First <Prev Next> Last>>  


Subj:   Re: Password Self-service
 
From:   Vanole, Mike

We have developed a web-based system whereby users may request access to one or more of the 75 tools and nearly 2000 access types we support. This includes access to Business Objects, MicroStrategy, production and development Teradata, Netezza, etc. Using Perl, the numerous DBDs, cgi and javascript we can do just about anything, and connect to almost any database type for user support. Also available is the ability to request a password reset to one or more of the tools a user has access to.

Passwords for new access and resets are synchronized between all platforms involved. The application also provides a way to require several layers of approval for each tool or access type. This includes manager approval, system and business (data) owner approvals.

With our daily HR data feed we are able to automatically drop users that have left the company, that have not used their accounts in x number of days, or have transferd to another group.

All requests are staged and processed as time and system performance permits, and a complete history of every transaction is stored. This allows users to see what they have, what they used to have, and all requests pending approval or creation.

An earlier post was asking about how to ensure certain password format rules are used. This is made easy with some javascript validation when the user makes a request. (Since users can reset their own password from queryman or bteq the real trick is getting them to go through your controls. Luckily we have very few queryman users, or users that know the modify user... command).

Having all of the HR data (contact info, etc.) tied to a record of our user's access provides a way for us to target notification to specific tool users (or everyone) regarding outages, upgrades and new tool version releases. We also have the ability to run various audits for things like access needs. With the HR department data we can tie into performance data for a future chargeback system - I hope...and the list goes on.

The real beauty is that we are SOX compliant on every control. We support over 5,000 users, between 100 and 200 password resets, with more that 100 requests for new or additional access, each day, with no little manual intervention required.

Good luck on your solution. Ours was not built in a day.


Mike



     
  <Prev Next>   <<First <Prev Next> Last>>  
 
 
 
 
 
 
 
 
  
  Top Home Privacy Feedback  
 
 
Copyright for the TeradataForum (TDATA-L), Manta BlueSky    
Copyright 2016 - All Rights Reserved    
Last Modified: 15 Jun 2023