Access Review¶
Version 1.0 | Classification: CONFIDENTIAL — Internal Use Only
Quarterly access reviews verify that all active accounts are still required, appropriately scoped, and assigned to current staff. The IT Manager and Security Ops conduct the review together.
Review Schedule¶
| Quarter | Due Date | Completed | Reviewer |
|---|---|---|---|
| Q1 2026 | 2026-03-31 | — | IT Manager + Security Ops |
| Q2 2026 | 2026-06-30 | — | IT Manager + Security Ops |
| Q3 2026 | 2026-09-30 | — | IT Manager + Security Ops |
| Q4 2026 | 2026-12-31 | — | IT Manager + Security Ops |
Active Account Registry¶
| Account | Full Name | Role | Systems | Provisioned | Last Review | Status |
|---|---|---|---|---|---|---|
| dnsadmin | DNS/DHCP Admin role | DNS/DHCP Admin | SKY, RAIN | 2026-03-10 | — | ✅ Active |
| monitadmin | Monitoring Admin role | Monitoring Admin | SUN, WIND | 2026-03-10 | — | ✅ Active |
| rajesh.chhetry | Rajesh Chhetry | IT Admin | GCP Console | 2026-03-10 | — | ✅ Active |
Review Procedure¶
Step 1 — Pull the Current Account List¶
# On each server — list non-system accounts
awk -F: '$3 >= 1000 && $1 != "nobody" {print $1, $3, $7}' /etc/passwd
# List active sudo grants
ls /etc/sudoers.d/
# List SSH authorized keys
for u in $(awk -F: '$3 >= 1000 {print $1}' /etc/passwd); do
echo "=== $u ===" && cat /home/$u/.ssh/authorized_keys 2>/dev/null || echo "(none)"
done
Step 2 — Verify Each Account¶
For each active account, confirm:
- [ ] The individual is still employed or engaged
- [ ] The access level is still appropriate for their current role
- [ ] SSH keys are current (not shared, not from a former device)
- [ ] No inactive accounts (no login > 30 days)
Step 3 — Revoke or Modify as Needed¶
Follow the Account Provisioning Procedure for any revocations or modifications.
Step 4 — Sign Off¶
Update the Review Schedule table above with the completion date and reviewer name, then rebuild and redeploy the portal.
Access Review · v1.1 · 2026-03-14 · GPUS-IT · Classification: CONFIDENTIAL — Internal Use Only