CONTROLLED DATA
Leidos Proprietary - US Citizens ONLY
The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.

AWS:     

*** For Audit requirements:   MUST SUBMIT 1 TICKET PER USER - NO MULTIPLES USERS ON THE SAME TICKET

Privileged Access Role - Line of Business CIOC Ticket Form.

Once the AD groups are created and privileged roles are published on CIO Central, each user needing access to the environment will fill out the LOB Privileged Access Role form to be added to appropriate roles. 

If you need a  y_account and token this form will get those established as well.

Location Information:

Is this request associated with systems accessible on Leidos Net or another environment?

  • Yes

  • No

Select the environment name from the list below:
ENV000xxxx (provided at DER Submission)

Access and Role Information:

Type of access:

    • Privileged Access Roles 
    • Unix User Access
    • Unix Admin Access
    • Privileged Access Roles for a Service or System Account

 Request action:

    • Add roles to the indicated account.
    • Replace all of the current roles of the indicated account with other roles.*
    • Recertify a non-employee account.
    • Remove roles from the indicated account.
    • Remove all privileged access roles from the indicated account.

Role(s) selection-choose appropriate role(s) 

Type in ECM-TenantName-Role  Example:  ECM-ProjectX-SysOps

*Can select multiple Roles at same time*:

      • ECM-TenantName-SysOps
      • ECM-TenantName -Ops 
      • ECM-TenantName -ReadOnly
      • ECM-TenantName -DevSysOps 

Check with the Environment Owner or Other team members on which role is appropriate.  More details on the role definitions can be found here.

Users:

Please enter the name of the employee for this request.  

          *** For Audit requirements: MUST SUBMIT 1 TICKET PER USER - NO MULTIPLES USERS ON THE SAME TICKET

Describe why this request is needed, and provide any additional comments:

** If already have y_ account and token copy, paste and submit the information below.

[FirstName LastName] is a systems administrator supporting the ECM Cloud Services Environment for [Tenant name].

Add additional role(s) to existing y_account

      • Full Name: 
      • Leidos ID:  
      • User Name:  
      • y_ account username

** If y_account and token are needed submit information below:

[FirstName LastName] is a systems administrator supporting the ECM Cloud Services Environment for [Tenant name].

    • Full Name: (can be found in Prism)
    • Leidos ID: (can be found in Prism)
    • User Name: (can be found in Prism)
    • Requires y_account be created: Yes/No
    • Requires a token be shipped: Yes/No
    • Shipping address: Insert Address
    • Optional:   Charge code for expediting shipping: X.XXXX.XXX

Azure:     

*** For Audit requirements:  MUST SUBMIT 1 TICKET PER USER - NO MULTIPLES USERS ON THE SAME TICKET

Once you submit your DER documents (Architecture Diagram and SSP) for the ECM Onboard, you will need to complete the CIOCentral Ticket for Privileged Access Roles-Azure ticket request for your "y_account" (if needed) and an aad_account (Azure AD account).

Note: The "y_account" is required to SSH/RDP into virtual machines and the aad_account is required to access the the Azure console environment along with RBAC roles assignment.

Use the example ticket template below to request a y_account and/or an aad_account using the Privileged Access Roles - Azure CIOC Ticket form.


After filing in the user information follow this template: 

Do you have additional location information you would like to share?

***User only needs aad_account for ECM Azure Tenant***   (be sure to copy and paste this into the ticket)

Access and Role Information:

Tenant Location:

US-GCCH (choose this option)

US-Commercial

UK

AU


Types of Access:

Azure Privileged Access Roles - Azure Active Directory 

Azure Privileged Access Roles for a Service or System Account

Azure Privileged Access Roles - RBAC (choose this option)


Request Action:

Add Roles to the indicated account.  (choose this option)

Replace all of the current roles of the indicated account with other roles.

Recertify a non-employee account.

Remove roles from the indicated account.

Remove all Azure roles from the indicated account.

Role Selection:

Type in and choose - Reader


Describe why this request is needed, and provide any additional comments:

***User only needs aad_account for ECM Azure Tenant***   (be sure to copy and paste this into the ticket)

**If y_account and token are needed submit information below:

[FirstName LastName] is a systems administrator supporting the ECM Cloud Services Environment for [Tenant name].

    • Full Name: (can be found in Prism)
    • Leidos ID: (can be found in Prism)
    • User Name: (can be found in Prism)
    • Requires y_account be created: Yes/No
    • Requires a token be shipped: Yes/No
    • Shipping address: Insert Address
    • Optional: Charge code for expediting shipping: X.XXXX.XXX

**If already have y_ account and token submit this information to obtain your aad_account:

[FirstName LastName] is a systems administrator supporting the ECM Cloud Services Environment for [Tenant name].

Add additional role(s) to existing y_account

      • Full Name: 
      • Leidos ID:  
      • User Name:  
      • y_ account username



  • No labels



The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.
CONTROLLED DATA