We will have three AD groups. Being in just one of these three groups will get you access to engine.
Dev access: everbright_platform_technicians (this will include all of technology team)
QA Access: everbright_platform_technicians (this will include all of technology team)
Onboard and mirror access: everbright_customer_testers (this will include all of customer success), everbright_platform_users (maybe grant them QA access depending on the lift)
Engine access: everbright_production_only_users (this will include all of everbright minus technology minus Customer success), everbright_testing_users, everbright_platform_technicians
AD Group proposal. We can NOT create nested/umbrella groups due to concerns of their reliability.
Rather, every group will be a backup group if our previous groups do not catch the users.
A backup group means that if a user is not in one of our existing groups, we can still use that group to grant them access.
We will use the following structures:
Dev access: everbright_dev_users (backup group), everbright_github_users,
Onboard access: everbright_onboard_users (backup group), everbright_github_users,
Engine access: everbright_engine_users (backup group), DL-EverBright-Team, everbright_github_users, everbright_onboard_users
AD group proposal. We will create three new umbrella groups.
...