...
In the financial operations of Penn State most access management mechanisms were hard coded.
When someone resigned or changed departments, there was a need to manually remove them.
This was an expensive solution.
We PSU used an LDAP approach to create a better system, using roles to control access. Took the policy and made it into
actual software called WebRAT.
...
Q: Are roles are different for academic than for finance dept?
A: yes Yes. In academic side we don't have spending limits. Couldn't reuse sane roles.
Tool has to gather info to define roles.
Comment: U-M has a similar situation. Debating if we need to build something to capture
who is everyone's budget approver, etc. Haven't started or scoped the project.
Comment: Data sources are the big problem.