In-house application development and deployment typically require three sets of computers, each with its own set of users and privileges:
- Development: The set of computers with the source code and tools for application development. You only want your developers and maybe one or two users to have access to these computers.
- Test: The set of computers used by QA to confirm that the application conforms to specifications. You only want the QA staff to have access to these computers.
- Production: The computers deployed throughout the enterprise. You don’t want developers or QA to have access to these computers.
You can use computer roles to ensure that only specified users have access at each stage. In this case, you would define two computer roles in the zone:
Then, you would do the following:
- Create Developer and Tester groups in Active Directory.
- Create Developer and Tester roles and add the rights in Access Manager.
- Assign the roles to the groups in the DevelopmentSystems and TestSystems roles.
- Add the development and test computers as a member to each role.
Now, only the members of the Developer and Tester Active Directory groups have access to the corresponding computer role’s member computers.