The Administrator Shortcut Guide to User Management and Provisioning

This excerpt is from Chapter 1, Provisioning and the Management of Users in The Administrator Shortcut Guide to User Management and Provisioningwritten by Dave Kearns and published by Realtimepublishers.com. Download the entire chapter here for free.

User management is actually rather late to the IT party. Back in the days when IT was referred to as Management Information Services (MIS) and "the computer" lived in a big, climate-controlled glass room, the only management of users was making sure they lined up properly waiting for the delivery of printouts. "Authorization" meant identifying yourself to the guard at the door and "access control" meant having a key to the door of the computer room. The only people who actually interfaced with the computer were called "operators" and they all used a single account -- actually no account at all.

Timeshare systems, the advent of UNIX-based shared hosts, and especially the proliferation of workgroup, departmental, and enterprise networks of personal computers lead first to the use of user accounts to separate "my stuff" from "your stuff" and later to the concept of shared things, or "our stuff." Rudimentary security, in the form of simple passwords to control access, was fairly prevalent by the 1980s; however, the use of file, folder, and application security didn't really hit its stride until the late 1980s and early 1990s.

UNIX systems allowed a matrix of permissions that was three by three -- read, write, and execute permissions for the user, his or her group, and "everybody", whereas Novell, and later Microsoft, introduced a rich array of rights and privileges that could be assigned to individual users or groups of users. The advent of directory services—both those tied to the network operating system (NOS) directories and those that evolved from email address books into global access lists (GALs) and into what are now called enterprise directories -- further enriched the opportunities to control, on a granular level, the authorization of users and their access to resources.

The Evolution of Provisioning
Provisioning is both a more recent development than user management and a much older concept. Today's use of the term provisioning (often called electronic provisioning to differentiate it from older, manual provisioning) is simply describing the automation of the many manual tasks that Human Resources, Facilities, and IT departments have had to do for employees for many, many years. The term was adopted from the telco environment in which it has been used for decades to cover the process of providing premises equipment (for example, a telephone), identification (that is, a phone number), and a dial-tone to subscribers.

However, the telcos didn't create the term; they simply appropriated it from its earlier usage, which goes back centuries. When Christopher Columbus importuned Queen Isabella to pawn her jewels to support his expedition, it wasn't that he needed the money to hire a crew -- typically the crew was paid at the end of a voyage with a share of the ship's profit. Mariners needed lots of money to "provision" their ships -- provide food, rope, guns and powder, blankets, livestock, trade goods, navigational instruments, and more. Everything the ships might need had to be bought before they sailed because there were no shops along the way. Store keepers, unlike sailors, required "cash on the barrelhead" (you didn't get the barrel until they got the cash) for all purchases. This entire process was and still is called "provisioning the expedition."

Today's usage is surprisingly close to that definition, as electronic provisioning seeks to provide an employee with everything needed to navigate to and use the resources of the enterprise. You might say we've moved from provisioning the world explorer to provisioning the Internet explorer.

Download the entire chapter here for free.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Enterprise Identity and Access Management,   Enterprise User Provisioning Tools,   Identity Management Technology and Strategy,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Enterprise User Provisioning Tools Quiz: Compliance-driven role management Identity lifecycle management for security and compliance Content-aware IAM: Uniting user access and data rights Is Identity Management as a Service (IDaaS) a good idea? Top tactics for endpoint security How to edit group policy objects to give a user local admin rights Privileged account management critical to data security Making the case for enterprise IAM centralized access control Lesson 3: How to implement secure access Best practices for a privileged access policy to secure user accounts RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AAA server  (SearchSecurity.com) authentication, authorization, and accounting  (SearchSecurity.com) federated identity management  (SearchSecurity.com) logon  (SearchSecurity.com) onboarding and offboarding  (SearchSecurity.com) password synchronization  (SearchSecurity.com) RADIUS  (SearchSecurity.com) role mining  (SearchSecurity.com) role-based access control (RBAC)  (SearchSecurity.com) user profile  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.