layered access management model streamlines multi-organisational software development projects
TRANSCRIPT
https://deveo.com
HOW TO HANDLE ACCESS RIGHTS EFFECTIVELY AND SECURELY IN A MULTI-‐
ORGANISATIONAL PROJECT?
https://deveo.com
A joint so?ware development project with mulLple organisaLons. Each organisaLon was responsible for developing one part of the whole project.
Actual so?ware development was done by the organisaLons’ vendors.
Our customer was responsible for coordinaLng the whole project.
https://deveo.com
1. TradiLonally the development had been done in vendors’ environments.
2. ParLcipaLng organisaLons had no experience on hosLng development environments.
3. ParLcipaLng organisaLons needed visibility to each other’s projects.
4. Vendors’ visibility had to be restricted to only the projects in which they were involved in.
https://deveo.com
Who is allowed to see all of the informaLon?
Who are allowed to set up repositories and projects?
Who manages the access rights?
With hundreds of user accounts, how can access management be seamless?
How can vendors’ developers be invited to the development environment, when the coordinaLng organisaLon doesn’t know them?
Follow-‐up ques,ons
https://deveo.com
Delegated Access Management
Version control
WebDAV for end-‐user documenta8on
Collabora8on
Issue management
Documenta8on
Code Review
Joint development pla5orm with all the necessary tools
https://deveo.com
Layered Access Management (LAM) model was created as well
Three layers:
1. Company Admins
2. Deveo Users
3. Collaborators
12
3
https://deveo.com
1. Company AdminsCoordinaLng organisaLon’s project managers acted as company admins. They had access to everything and rights to manage the whole pla`orm.
Company admins invited project managers from parLcipaLng organisaLons as Deveo users. Also 1-‐2 key persons from each vendor were invited as a Deveo Users.
https://deveo.com
2. Deveo Users
Had rights to set up projects and repositories and visibility to every sub-‐project.
Vendors’ key persons had Deveo User rights and they invited the rest of their developers as collaborators.
ParLcipaLng organisaLons’ project managers and 1-‐2 key persons from each vendor were granted the Deveo User accounts.
Had rights to invite external developers as collaborators.
https://deveo.com
3. Collaborators
Vendors’ developers were invited as Collaborators.
Visibility was limited to only the projects, in which they were invited in.
Rights to do the actual development work in the respecLve sub-‐project
https://deveo.com
Company Admins Coordina,ng organisa,on
Collabora,ng Organisa,ons
DEVEO Collaborators
Vendors’ developers
Coordinates the whole project
Adds the Deveo Users
Create Projects Grants user permissions
Manages Vendors
DEVEO Users Vendors’ key personnel
https://deveo.com
1. Deveo was introduced as the development pla`orm
2. A dedicated Deveo Company was created for the whole project.
3. Project managers set up separate sub projects in the Deveo Company.
4. Deveo’s delegated access management allowed the earlier described LAM model to be implemented.
https://deveo.com
Access management was delegated to people with the best knowledge of the needed rights. Tasks that required so?ware development skills were delegated to the vendor’s key personnel.
All development work was done on one pla`orm -‐> transparency.
All of the criLcal data was hosted by the organisaLons, not vendors.
IntuiLve UI made it easy for our customer to host the pla`orm although they were not seasoned so?ware developers.
https://deveo.com
KEY LEARNINGS
• Choose the right tools and host the environment yourself -‐> beder transparency and no need to jump between vendors’ environments
• Plan the access management well in complex mulL-‐organisaLonal projects
• Simple yet powerful development environments do exist
https://deveo.com
“Read and share: Layered #accessmanagement is the key to success: blog.deveo.com/layered-‐
access-‐management/ @deveoteam”
CLICK TO TWEET
https://deveo.com
Want to share your thoughts with us?
Pick your preferred channel:
@deveoteam
deveocommunity.slack.com
deveo.com
deveoteam