1.3.1 General procedure for determining the settings to be specified for each user account

If there are a large number of employees distributed across multiple locations in the organization, a single system administrator might not be able to manage all the devices and hardware assets of the entire company. You (system administrator) can solve this problem by dividing system management tasks among several administrators. In addition, by specifying the permissions, task allocation, and administration scope for the user account of each administrator, you can limit the scope of information to be managed by each administrator.

To determine the permissions, task allocation, and administration scope to be specified for each user account:

1. Determine the responsibilities of each administrator.: Determine the system management tasks to be assigned to each administrator. For example, there are various system management tasks that include creating and assigning a security policy to computers, managing devices, managing software licenses, distributing software to computers, and managing user accounts. Assign these tasks to each administrator. For example, decide that Administrator B from the Security Division is responsible for creating a security policy and then assigning it to computers.
2. Determine the settings to be specified for each user account.: Determine the settings to be specified for each user account based on the responsibilities of each administrator. You can restrict the scope of operations to be performed by each administrator by using a combination of permissions, task allocation, and administration scope specified for each user account.

Example of how to set each user account

The description below assumes an organization with the following structure:

[Figure]

The following table describes how to set a user account of each administrator based on their responsibilities:

Administrator's name	Division under Information Systems Department to which an administrator belongs	Responsibilities	Settings specified for each user account
Administrator's name		Responsibilities	Permissions	Task allocation	Administration scope
Administrator A	General System Management Division	Oversee system management tasks. Manage user accounts.	System Administrator User Management	All tasks	All departments
Administrator B	Security Management Division	Create a security policy and assign it to computers. Execute a security countermeasure. Distribute an update program. Distribute software.	System Administrator	Security management Asset management Device management Distribution management	All departments
Administrator C	Asset Management Division	Purchase, replace, or dispose of hardware assets. Purchase, transfer, or discard software licenses. Register asset and contract information. Monitor the remaining number of software licenses and take necessary measures.	System Administrator	Asset management Device management	Information Systems Department
Administrator D		Purchase, replace, or dispose of hardware assets. Purchase, transfer, or discard software licenses. Register asset and contract information. Monitor the remaining number of software licenses and take necessary measures.	System Administrator	Asset management Device management	General Affairs Department
Administrator E		Purchase, replace, or dispose of hardware assets. Purchase, transfer, or discard software licenses. Register asset and contract information. Monitor the remaining number of software licenses and take necessary measures.	System Administrator	Asset management Device management	Sales Department
Administrator F		Purchase, replace, or dispose of hardware assets. Purchase, transfer, or discard software licenses. Monitor the remaining number of software licenses and take necessary measures.	System Administrator	Asset management Device management	Development Department
Administrator G		Register asset and contract information.	System Administrator	Asset management	Development Department

In the above example, Administrator A is responsible for the overall system management tasks, including overseeing system management tasks and managing user accounts. No restriction is therefore applied to the permissions, task allocation, and administration scope specified for Administrator A's user account. Administrator G, on the other hand, is only responsible for managing the assets of Development Department. Restrictions are therefore applied to Administrator G's user account settings so that Administrator G only has the System Administrator permission in Development Department. In addition, because Development Department is large, tasks are divided between Administrator G and Administrator F, and Administrator G is only responsible for registering asset and contract information. Task allocation for Administrator G is therefore restricted to asset management that is required to register asset and contract information.

To Page Top