University IT
Admin Access Manager Role Matrix
The Admin Access Manager application allows eligible staff to request new admin access accounts and roles for Active Directory and Microsoft 365 (formerly Office 365) end-systems.
Role/Account Matrix
The following table shows the roles/privileges that are available for request through Admin Access Manager.
| Account Type | AD Domain Admin | AD Enterprise Admin | AD Schema Admin | O365 Global Admin |
|---|---|---|---|---|
| AD Alternative Domain Account | Available | Available | Available | |
| AD Service Account | ||||
| O365 Admin Account | Available | |||
| O365 Application Account | ||||
| O365 Service Account |
Functional Role Definitions
The following table defines all of the possible user roles for the Admin Access Manager application.
| Functional Role | Definition | Functionality |
|---|---|---|
| Account Owner | A user who is the owner of a Service or Alternative Domain account, or SUNet account. (Privileged roles are granted to these accounts). | Has the ability to submit a request (as a Requester) in Request Manager and view the roles that are currently granted to their account. |
| Requester | A user requesting a Service or Alternative Domain account. Or a user requesting a privileged role. | Has the ability to submit a request in the Admin Access Manager. |
| Manager (Account Owner’s Manager) | Account Owner’s immediate (line) manager. | Has the ability to view and approve or deny role requests for their direct reports. |
| Role Owner | A user who has granting/revoking authorization for specific privileged roles. | Has the ability to view and approve or deny role requests for the specific roles that they own. |
| Administrator (Full access) | Superuser who can view and make (limited) modifications to all requests in Request Manager | Has the ability to move requests through the workflow e.g. changing the role approver; viewing all requests, and viewing reports. Does not have the ability to approve/deny role requests directly. |
| Administrator (Read-Only access) | A user who can view but not modify requests in Request Manager | Has the ability to view all requests and view reports. Note: some fields may be hidden from these users. |
Last modified
