More work for the second, but better with regards to security processes , yes, self documenting, and capable of granular permissions to follow concept of least privilege.
From: [email protected] [mailto:[email protected]] On Behalf Of Christopher Bodnar Sent: Tuesday, October 08, 2013 10:00 AM To: [email protected] Subject: [NTSysADM] OT: naming for service ID's Just looking for opinions here: Say you have multiple directory repositories across your development platforms (UAT, SIT, Dev, SIT, Prod, etc ...). Each with it's own directory (LDAP, AD, etc....). When you name your service accounts across the environments, do you prefer to note the environment in the name? For example do you do this for each service ID for an application: Widget_ServiceID1 So the name would be the same in each directory for that application? Or would you do something like this? Widget_ServiceID1_Dev Widget_ServiceID1_UAT Widget_ServiceID1_Prod I prefer the latter solution, and a colleague of mine vehemently objects to this. My reasoning is that when referencing the name of the account in e-mail, or discussions, it's self documenting. You immediately know what environment they are talking about. Thoughts? Thanks Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 <mailto:> [email protected] The Guardian Life Insurance Company of America <http://www.guardianlife.com/> www.guardianlife.com ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
<<image001.jpg>>
