I have to manage windows local access rights from endpoints. The input is a csv file and looks as in the following example:
<endpoint machine id>;<local access right>;<entitled user ID>
My idea was to collect entitlements as a resource-action pair. The problem is that I don't have the full list of endpoints so during the requesting a user has to type in endpoint id. Also there is no field type in request forms to display only one part of a resource-action entitlement so I have to use also a drop-down list for seleceting access right type. This way in the request there will be no account or user changes so I can't use any approval workflow. Also how can I check for unauthorized changes if there is no proper account change in the request?
The fulfillment will be manual.
Does anybody faced such an issue? Any best practice to handle such requirements?