After a few years working in technology consulting for large enterprises, I started working as a freelance "jill of all trades" IT consultant for small businesses. My clients are typically Small Business owners or sole traders who don't have an IT department aside from me. This doesn't make their IT admin or security needs any less business critical. Small Businesses that work in construction
My consulting client Melissa runs an amazing business recruiting quality candidates in the industrial trades. She's been very successful and had many new starter employees and a few moving on to do big things. I was doing a lot of things like adding permissions to office 365 profiles as people's roles changed, and adding them to different shared email inboxes as the business got big enough to have multiple of these... I thought, what If Melissa could have access to the Role Based Access Control software that I was consulting on implementing for Big Banks back in the day?
At the same time, I was looking for a way to document all these things that I was doing, to enable someone to take over this work from me in the future, and allow the client to self-service where possible. One day Melissa will have a full-service IT department, but for now, I built her a coda pack.
What it does
Primarily it reports on the current permissions and access level per user. This is done in a matrix format so that the non-technical user can easily see any anomalies, eg.
- why does one of my apprentice mentors have access to this group but the other one doesn't?
- what are the steps for onboarding a new user?
- What do I need to make sure I've removed this user from?
How we built it
This uses the coda cli typescript scaffolding with the Microsoft Graph API. All of the data displayed in the demo pack is a Microsoft Developer Sandbox data set.
Challenges we ran into
Not everything I want to do is available via the Microsoft Graphql API. I can't delegate permissions to a shared email inbox via this coda pack, so in lieu of that, I report on all the current permissions and link out to instructions on how to add those permissions via the Microsoft admin panel.
Accomplishments that we're proud of
The multi-axis matrix required to show the RBAC on "User Membership reporting" took some doing and was the biggest accomplishment.
What we learned
Doing this pack and the document also helped me to systematise and document the process I go through for onboarding and offboarding employees for Melissa.
What's next for Sysadmin for Small Business
Before this is ready for "prime time", I will need to do a review of "least required permissions". This paradigm is also applicable to Google Workspace admin. There are a lot more tables I want to build into it, and am currently trying out a Sync table with an Autocomplete parameter to make the RBAC easier.