Remove obsolete GACA access to our 3pao folder
Opened this issue · 2 comments
pburkholder commented
The cloud.gov team has a folder, FedRAMP JAB - cloud.gov - 3PAO access.
Over time, we have granted access to these files/folders via GACA, and now we need to remove obsolete access.
Acceptance criteria:
- No access to these folders for addresses of the form gsa.fname.lname@gmail.com
Sketch:
- Can one remove recursively in the UI?
- Do we need GSA IT helpdesk support?
- Do we have to manually remove all these?
- Do we need to write scripts to do this (with
gamorgdrive, for example)?
bengerman13 commented
to manage this better in the future - can we put GACA accounts into groups? (probably a follow-up ticket needed there)
pburkholder commented
It's worth a try. A group of `cloudgov-3pao-secureit` with zero members
would have the same effect as removing users.
…On Wed, May 11, 2022 at 1:14 PM Ben Berry ***@***.***> wrote:
to manage this better in the future - can we put GACA accounts into
groups? (probably a follow-up ticket needed there)
—
Reply to this email directly, view it on GitHub
<#256 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJHWCWLRT4NWVOYFQBPPVDVJPTF5ANCNFSM5VVJLSYA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
-
*Peter Burkholder | *
*cloud.gov <https://cloud.gov> ISSO, compliance & security lead*
please use ***@***.*** for cloud.gov matters
*202-709-2028 <(202)%20209-2028> | ***@***.***
***@***.***> *
*| pronouns he-him <https://www.mypronouns.org/he-him>*
*Free/Busy Calendar
***@***.***>*