Skip to Content
0
Former Member
Mar 12, 2010 at 04:27 PM

Service level accounts and security policy

16 Views

Hello Experts,

We would like to roll out production environment at a customer. The documentation does not provide very good solution for the scenario when service level accounts are changing.

Customer's security policy requires all administrative accounts to be named e.g. firstname.lastname@domain. Generic productadmin@domain which are not identifiable can not be used on production servers.

It is understood that the BPC application server runs using the permissions granted to the user ID which was used during installation (access to the Windows AD, SQL Server &c.

If specific domain user is also member of local administrators group, he/she can indstall the product. However, if this particular account is made redundant and the administrator's role is appointed to another employee, the latter can not access the system with administrative rights.

Moreover, if the BPC administrator's account is disabled for whatever reasons, the system fails.

Is there any good suggestions for this kind of scenario?

Thanks