AD Group proposal. We can NOT create nested/umbrella groups due to concerns of their reliability.
Rather, every group will be a backup group if our previous groups do not catch the users.
A backup group means that if a user is not in one of our existing groups, we can still use that group to grant them access.
We will use the following structures:
Dev access: everbright_dev_users (backup group), everbright_github_users, everbright_aws_product_managers, everbright_aws_devops, everbright_aws_data_engineers, everbright_aws_engineers, everbright_github_admins
Onboard access: everbright_onboard_users (backup group), everbright_github_users, everbright_aws_product_managers, everbright_aws_devops, everbright_aws_data_engineers, everbright_aws_engineers, everbright_github_admins, everbright_datadog_readonly_users
Engine access: everbright_engine_users (backup group), everbright_onboard_users, everbright_github_users, everbright_aws_product_managers, everbright_aws_devops, everbright_aws_data_engineers, everbright_aws_engineers, everbright_github_admins, everbright_datadog_readonly_users
AD group proposal. We will create three new umbrella groups.
Each umbrella group will provide the following access:
everbright_dev_users will allow users to get into app-dev
everbright_onboard_users will allow users to get into onboard
everbright_all_users will allow users to get into prod
everbright_dev_users group will be an umbrella of all of the following groups:
everbright_github_users, everbright_aws_product_managers, everbright_aws_devops, everbright_aws_data_engineers, everbright_aws_engineers, everbright_github_admins
— this will contain all of QA, PMs, and engineers
everbright_onboard_users group will be an umbrella of:
everbright_datadog_readonly_users
everbright_dev_users
any other users added individually
everbright_all_users will be an umbrealla of(add any user directly here):
everbright_onboard_users
remaining deal processing any other users added individually