How do tech companies gives permissions of repos to the new employee

Question

Hi, I recently joined a tech company as SDE, one flaw I found was the way in which they give permissions to their github repos, jira, NuGET and angular packages to the new joiners. The current method they follow is to send mail to IT support with your manager or senior in CC, then manager/senior will send "OK" to the request via the mail, then IT support gives the permission to the respected person manually. How about a solution where we bypass the chain of mails and manual approval of IT support? This solution exists in some companies(they made it by themselves), they made a dedicated platform where everything is one click, the request is approved using github/jira API's. But not all companies can afford to create such a homemade solution, So can it become a Product as a service company? do you feel need for such a thing?

alejo · Accepted Answer

At a company I worked for in the last we had one of those homegrown systems to manage identity lifecycle
We couldn’t get rid of the managerial approval as that was needed for auditing and compliance, but the platform made it mostly self-service and automated
In the case of joiners, there were a specific set of permissions that were assigned based in the role they were joining at, and managers always had the chance to add/remove access before day-1
After that, the employee could use the self service platform to request access to other things they may need

housemusicfan · Answer

If having your boss approve things via email is a huge problem, you are setting yourself up for a lifelong career of disappointment.

deltasquare4 · Answer

We follow a model similar to concourse/governance. Yaml based files decide team and repo memberships. The PRs have to be approved by a group of people and it's dictated with CODEOWNERS file.

skinner927 · Answer

Active Directory + LDAP integrations. Your manager is able to admin the groups who have rights to source repos, package repos, deployment keys, etc.

rogerkirkness · Answer

Rippling does this by having roles assigned to groups, and groups receive sets of permissions and access to different apps. Builds all this into one click.

satuke · Answer

I mean it's certain that there's a lot of steps that happens in the onboarding process of a new employee. But do you think that there's a need for this problem to even be solved? Like I doubt people really care, this is a problem people VERY rarely come across. I don't think making a product would be worth the effort to solve this.

mindcrash · Answer

If SSO is properly set up and combined with a SSO compatible SCM solution like GitHub Enterprise or GitLab Enterprise this becomes rather easy.Add user account to proper groups from the get go (Because as IT you know what permissions the new employee should have, right? Right?!?) and you are pretty much done.

dgunay · Answer

At one startup I worked for, all our GitHub repos were managed via Terraform. Adding or revoking permissions was easy: just ask DevOps and they'll add your username to the list of developers in the org or grant permissions on a per-repo basis.

cpach · Answer

I would be surprised if ServiceNow didn&rsquo;t have a solution for this. Probably quite expensive though.

jamjamjamjamjam · Answer

Just use terraform github provider.