The Admin Access Manager application allows eligible staff to request new admin access accounts and roles for Active Directory and Microsoft 365 (formerly Office 365) end-systems.
Role/Account Matrix
The following table shows the roles/privileges that are available for request through Admin Access Manager.
| Account Type | Admin Access Role/Privilege | |||
|---|---|---|---|---|
| AD Domain Admin | AD Enterprise Admin | AD Schema Admin | O365 Global Admin | |
|
AD Alternative Domain Account |
Available | Available | Available | |
| AD Service Account | ||||
| O365 Admin Account | Available | |||
| O365 Application Account | ||||
| O365 Service Account | ||||
Functional Role Definitions
The following table defines all of the possible user roles for the Admin Access Manager application.
|
Functional Role |
Definition |
Functionality |
|---|---|---|
|
Account Owner
|
A user who is the owner of a Service or Alternative Domain account, or SUNet account. (Privileged roles are granted to these accounts). |
Has the ability to submit a request (as a Requester) in Request Manager and view the roles that are currently granted to their account. |
|
Requester |
A user requesting a Service or Alternative Domain account. Or a user requesting a privileged role. |
Has the ability to submit a request in the Admin Access Manager. |
| Manager (Account Owner’s Manager) |
Account Owner’s immediate (line) manager. |
Has the ability to view and approve or deny role requests for their direct reports. |
| Role Owner | A user who has granting/revoking authorization for specific privileged roles. | Has the ability to view and approve or deny role requests for the specific roles that they own. |
| Administrator (Full access) | Superuser who can view and make (limited) modifications to all requests in Request Manager |
Has the ability to move requests through the workflow e.g. changing the role approver; viewing all requests, and viewing reports. Does not have the ability to approve/deny role requests directly. |
| Administrator (Read-Only access) | A user who can view but not modify requests in Request Manager | Has the ability to view all requests and view reports. Note: some fields may be hidden from these users. |
