The Admin Access Manager application allows eligible staff to request new admin access accounts and roles for Active Directory and Microsoft 365 (formerly Office 365) end-systems.
Role/Account Matrix
The following table shows the roles/privileges that are available for request through Admin Access Manager.
| Account Type | AD Domain Admin | AD Enterprise Admin | AD Schema Admin | O365 Global Admin |
|---|---|---|---|---|
| AD Alternative Domain Account | Available | Available | Available | |
| AD Service Account | ||||
| O365 Admin Account | Available | |||
| O365 Application Account | ||||
| O365 Service Account |
Functional Role Definitions
The following table defines all of the possible user roles for the Admin Access Manager application.
| Functional Role | Definition | Functionality |
|---|---|---|
| Account Owner | A user who is the owner of a Service or Alternative Domain account, or SUNet account. (Privileged roles are granted to these accounts). | Has the ability to submit a request (as a Requester) in Request Manager and view the roles that are currently granted to their account. |
| Requester | A user requesting a Service or Alternative Domain account. Or a user requesting a privileged role. | Has the ability to submit a request in the Admin Access Manager. |
| Manager (Account Owner’s Manager) | Account Owner’s immediate (line) manager. | Has the ability to view and approve or deny role requests for their direct reports. |
| Role Owner | A user who has granting/revoking authorization for specific privileged roles. | Has the ability to view and approve or deny role requests for the specific roles that they own. |
| Administrator (Full access) | Superuser who can view and make (limited) modifications to all requests in Request Manager | Has the ability to move requests through the workflow e.g. changing the role approver; viewing all requests, and viewing reports. Does not have the ability to approve/deny role requests directly. |
| Administrator (Read-Only access) | A user who can view but not modify requests in Request Manager | Has the ability to view all requests and view reports. Note: some fields may be hidden from these users. |
