Determining Data Sources and Ownership

The first step in categorizing existing data is to identify where that data comes from and who owns it.

Identifying Data Sources

To identify the data to be included in your directory, locate and analyze existing data sources.

• Identify organizations that provide information.

  Locate all the organizations that manage information essential to your enterprise. Typically, these organizations include your information services, human resources, payroll, and accounting departments.

• Identify tools and processes that are information sources.

  Common sources for information include the following:

  • Networking operating systems, such as Windows, Novell Netware, and UNIX NIS

  • Email systems

  • Security systems

  • PBX or telephone switching systems

  • Human resources applications

• Determine how centralizing each piece of data affects the management of data.

  Centralized data management might require new tools and new processes. Issues can arise when centralization requires increasing staff in some organizations and decreasing staff in others.

Determining Data Ownership

Data ownership refers to the person or organization that is responsible for ensuring that data is up-to-date. During the data design phase, decide who can write data to the directory. Common strategies for determining data ownership include the following:

• Allow read-only access to the directory for everyone except a small group of directory content managers.

• Allow individual users to manage strategic subsets of information.

  These subsets of information might include their passwords, descriptive information about themselves, and their role within the organization.

• Allow a person’s manager to write to some strategic subset of that person’s information, such as contact information or job title.

• Allow an organization’s administrator to create and manage entries for that organization.

  Organization administrators in effect become your directory content managers.

• Create roles that give groups of people read or write access privileges.

  For example, you might create roles for human resources, finance, or accounting. Allow each of these roles to have read access, write access, or both to the data needed by the group. This data might include salary information, government identification number, and home phone numbers and address.

  For more information about roles and grouping entries, see Chapter 9, Directory Server Groups, Roles, and CoS, in Oracle Directory Server Enterprise Edition Administration Guide and Chapter 11, Directory Server Groups and Roles, in Oracle Directory Server Enterprise Edition Reference.

As you determine who can write to the data, you might find that multiple individuals require write access to the same information. For example, an information systems or directory management group should have write access to employee passwords. You might also want all employees to have write access to their own passwords. While you generally must give multiple people write access to the same information, try to keep this group small and easy to identify. Small groups help to ensure your data’s integrity.

For information about setting access control for your directory, see Chapter 6, Directory Server Access Control, in Oracle Directory Server Enterprise Edition Administration Guide and How Directory Server Provides Access Control in Oracle Directory Server Enterprise Edition Reference.

Distinguishing Between User and Configuration Data

To distinguish between data used to configure Directory Server and otherOracle Fusion Middleware servers and the actual user data stored in the directory, do the following:

• Provide different backup strategies for user and configuration data.

• Provide different high availability standards for user and configuration data.

• Shut down, restore, and power up configuration servers quickly.

• Keep configuration servers up while performing maintenance on other Directory Server instances.