Account Cleanup Project
Background & Business Value
On an annual basis we would like to review the accounts we have in the system in order to remove accounts that should no longer be active and reduce our security risk profile. To do this we will want to check what accounts are not in active use or their owners are no longer affiliated with the University.
Goals
- Identity accounts which are no longer actively used
- Scenario 1: In general the API Key is not being used
- Scenario 2: The API Key is being used, but it has endpoints it's approved for but it's not using
- We should consider Personal Accounts as different from Functional Accounts
- Identify account associated with people/groups no longer affiliated with the University
- Determine if their account should be removed or deactivated
- Determine a plan of action to take for these accounts
Assumptions
Out of Scope
Requirements
Ticket(s) | Title | User Story | Priority | Notes |
---|---|---|---|---|
Account No Longer in Use | As an Administrator, I would like a report that shows if an account has not been used for over X weeks/months. |
| ||
No Longer Associated with the University - Personal Accounts | As an Administrator, I would like a report that shows if a person (email address) is no longer associated with the University. |
| ||
No Longer Associated with the University - Functional Accounts | As an Administrator, I would like a report that shows if a functional account is no longer in use. |
| ||
Extra Criteria for Determining if an account should be cleaned up | As an Administrator, do I need to attain other information in order to determine if the account should be cleaned up? |
| ||
The Cleanup Process | As an Administrator, cleaning up an account should ... |
| ||
User Interaction, Design & Architecture
Examples and References
Questions
Below is a list of questions to be addressed as a result of this requirements document:
Question | Outcome | Decision Date |
---|---|---|