AD Group owners meeting summary:
we will have these AD group names ( all owned by Nishit)
everbright_technology_users (the members will include everyone in Technology) will give access to all environments approved by DL-Everbright-Technology-Approvers
everbright_support_users (the members will include customer success) will give access to production and onboard for myeverbright and engine approved by DL-Everbright-Support-Approvers
everbright_users (the members will include all of everbright minus technology minus Customer success) will only give access to production myeverbright and production engine approved by DL-Everbright-User-Approvers
the approvers of each AD group will be a DL email list consisting of all managers in that department
In order to add a new member to any AD group (ie in order for a new employee to get access to engine/app-dev/app-qa) that new hire or their manager will have to create an IT4U request, IT will then reach out to that DL list and when approved then that new hire will be added to the AD group
the AD groups will be in OU FPLRestrictedGroups in FPLU domain as Universal groups. They will be privileged/restricted AD groups
I will send a csv to IT with all the existing users needed when creating these groups
edit: users will still have to create users through the normal process
Who will be approvers of the AD groups? Each AD group will have a DL email list. Anyone on that DL email list will be able to say yes to adding a new member. We will need to communicate with people that this is how they can access engine.
...