EOL Asset DB – Owner / rights matrix

The IT Assets Database was replaced by the IT Admins CMDB and is EOL / End of Life, no further development will be done on this project.

The owner matrix or rights matrix is based on a category and sub-category definition that you can chose freely. You then give it a title / path or URL and description. Further do you assign employees to this matrix entry and you can leave a note with details what the employee in there that can state like secondary approve, additional approve etc..

If you set an entry inactive, the inactive date will auto-fill by default, you always can remove it.

To make sense of this imaging the following file-system example:

You have a departments folder with a sub-folder per department, e.g. IT, Accounting, Marketing – all those departments have managers or directors that actually can approve who will gain access to their department folder.

Now an employee requests access to a certain department folder, you now need to know who can approve this request. You go to the rights or owner matrix and look it up.

What you would see in the data is for example this – depending on how you structure it

File SystemDepartmentsS:\Departments\Marketing
File SystemDepartmentsS:\Departments\IT
File SystemDepartmentsS:\Departments\Accounting

Now you chose the entry you need to know about and see who are the owners and whom to contact about the request to approve.

Of course you are not only able to do that with the file-system, you can fill in to those fields what ever you feel fit, in the end you have three fields to divide and categorize and you then can add employees directly with further notes and instructions on what they can decide etc.

Further can you relate LDAP groups to the owner matrix. This helps to even document the purpose of a certain groups and show the big picture.

Notes and TAGs are available as everywhere else.

Data field and reference overview


Another feature are checklists that you can attach to those entries. This is especially helpful for creating folders, e.g. in your DFS file system. You can automate the LDAP / Active Directory group creation, the folder creation and the rights assignment, down to automatically add them to your DFS namespaces with a a few checklist scripts. Examples are below – you of course need to create a checklist that will provide the correct parameters to those example script and adjust them of course to your specific needs. This eventually does a great deal of automation and avoids possible mistakes in the whole configuration. Folders constantly come and go – may be not whole department shares, but project related folders definitive do in any bigger business. It is essential to standardize groups names and right assignments as well as making sure they follow the same name schema and NTFS rights. I wrote an DFS structure blog article about a nice example as well.

Keep in mind, you need to necessary PowerShell modules and DOS tools installed on the system where you execute those script.