ORC 17 ‐ Do automated administration tasks run under role accounts? - michaelthielemans/ProjectHosting GitHub Wiki

RPC 17 - Automated Administration Tasks Running Under Role Accounts

1. Identify Automated Administration Tasks:

   • Make a list of all automated administration tasks that are performed on your systems, such as backups, software updates, and system monitoring.

2. Review Existing Setup:

   • Verify if these tasks are currently being executed under role accounts or if they are running under individual user accounts.

3. Determine Role Accounts:

   • Define role accounts specifically designated for automated administration tasks. These accounts should have limited permissions tailored to the tasks they perform.

4. Create Role Accounts:

   • Create new role accounts for each automated administration task if they don't exist already. Use secure passwords and ensure proper access controls.

5. Assign Permissions:

   • Assign appropriate permissions to each role account based on the specific tasks they will perform. Limit privileges to only what is necessary for the task.

6. Update Automation Scripts:

   • Modify existing automation scripts or create new ones to ensure that the tasks are executed using the newly created role accounts.

7. Test Automation:

   • Test the modified automation scripts thoroughly to ensure that they function correctly and are able to perform the intended tasks under the role accounts.

8. Implement Logging and Monitoring:

   • Set up logging and monitoring mechanisms to track the execution of automated tasks. Monitor for any unauthorized access attempts or unusual activity.

9. Document Changes:

   • Document the changes made, including the creation of role accounts, assignment of permissions, and modifications to automation scripts.

10. Periodic Review:

    • Regularly review and update the configuration of role accounts and permissions to ensure they align with the evolving requirements of your environment and adhere to security best practices.