Small Update on Role Based Access Control Implementation

As you may or may not know, I am working on a big project to revamp the whole system in which we manage permissions for users, based on the Role Based Access Control (RBAC) model.

I will not go into the details of this, nor the reasons for doing it in this article, but if you are interested in reading about what I am doing, you can find the documentation for our infrastructure here: http://wiki.chino.k12.ca.us/operations/active_directory#role_based_access_control_infrastructure

And, even though, I couldn't really find a very simple explanation of what RBAC is, I thought I'd give you this link, in case you're interested in reading a quick excerpt on what it is, what it does, and its advantages (towards the bottom of that page): http://csrc.nist.gov/groups/SNS/rbac/documents/design_implementation/Intro_role_based_access.htm

The good news piece of this, is that I have finished revamping the permissions for all the departments at the district office, and I have written, and tested the new and shiny login script for everyone. In the next few days, I will contact some of you, so that we can start piloting the new script with a couple of departments at the DO.
After this is done, I will meet with those of you who have hands on responsibility to assign user privileges, to give you an overview on the new system and how to manage it correctly, and then, will go ahead and deploy this to the rest of the district.

This new system, though very complex on the back end, will make things so much simpler, and will provide real security, with user access to folders. There will no longer be a need to know which login script is needed for what user, and there will be no need to create custom scripts if a user is now working in 2 schools, and needs access to 2 different folders.

Before moving the school sites to the RBAC model, I still have one very big piece at the DO, and this is what I wanted to give all of you a heads up on: TECHNOLOGY.

Our folders, and applications are all connected to, pretty much, 2 ACLs (or Security Groups), Technology and Information Services. This is a big no-no, and I am working on fixing this. Unfortunately, because everything is connected to those and we have no documentation or logical way on how the security is setup, it's going to be a very tricky situation for me to seamlessly fix, whether it concerns access to folders, or some application access; At some point or another during my work on this, I can almost guarantee that some thing(s) are going to break.
I will be working on those ACLs during the evening time, so as to not deny your access mid-day while you're in the middle of work, and hopefully, in the mornings you'll be able to easily tell if you have lost access to something, before really starting your day.

Please keep me apprised on the situation if you see something weird related to access, and I can address it fairly quickly.
I'm hoping to work on all of this in the next few of days, so, please bear with me during this process, and I sincerely appreciate your patience and help to pinpoint and resolve any issues that may come up as a result of this change.