Using Folders for Organization and Inheritance

When most computer users think of electronic organization they tend to think about a Windows file system. 

While you certainly could keep all your documents in the root of your My Documents folder or your Desktop, that makes it quite cumbersome and difficult to find, use and share documents when needed.

Instead, users quite rightly create folder hierarchies to organize these files into some logical structure.

Much like these modern file systems, PAM operates with the same underlying structure of folder organization. 

PAM folders contain records or folders and provide the following benefits:

  • Can be used to easily categorize records based on similarities like department, asset, geographies, office locations and the like.

  • Can be used to simplify sharing by establishing a permission inheritance model on a parent folder.

  • Can be used to simplify workflow bindings by establishing a workflow inheritance model on a parent folder.

  • Each folder can be thought of as individual vault with its own permission model.

When planning your folder hierarchy think about these benefits and how they may be applied to your business need. The more you can take advantage of all forms of logical groupings and inheritance, the easier it will be to manage, maintain and understand PAM.

Example of a common IT scenario

You are managing several IT assets in PAM, a domain controller, a development web server and a production web server. 

Your IT Manager will need access to all three, your Web Developer will only ever need access to your web server and your AD Admin will only ever need access to your domain controller. 

 

How would you best create a folder hierarchy that would support this scenario (and be extensible to support future growth) while keeping the earlier benefits in mind?

A recommended approach would be to start with a parent folder like IT Infrastructure and then create sub-folders beneath it to organize assets by usage.

For example, a folder for Web Server assets and another for Active Directory assets. 

 

When looking at this hierarchy it makes use of PAM folder benefits by:

  • Grouping assets by logical similarities so users can easily find what they need.

  • Makes use of permission inheritance by allowing IT Manager(s) access to all assets, Web Developer(s) access to only the web servers and AD Admin(s) access to only AD controllers.

  • In a comparable manner to permissions, approval workflows can be applied (as needed) to these same folders so extra safeguards are placed on the child records.

  • Allows for future growth with logical extensibility. As you bring your other IT assets into PAM like your PBX servers, Azure, and Amazon Web services accounts, API keys and more you simply create a new folder under IT Infrastructure and begin to apply the same methodology.

In summary, think about not only how records should be stored in folders, but also how they will be shared (or not shared) with others, if additional safeguards like approval workflows will be used and finally how this hierarchical structure can be expanded for future asset growth.

Once you have a handle on your folders, it’s time to begin thinking about your records. But before you jump into creating records, we need to think about a record’s foundation which are record types.