As you know, with the recent IPO, we have had to classify all sweetgreen employees into 1 of 2 designations: Insider or Non-insider.
Insiders include ALL VP's and above (no approval needed), as well as any SGSC employee who has been approved by their VP to be an insider. A business justification is not necessary when a VP has approved the request.
- In Okta, VP's and above are added to the Senior Leadership Team okta group automatically and do not need approval
- In Okta, employees below VP level who have been approved by their VP to be an insider are manually added to the SGSC Insider group. A business justification is not needed if a VP approves
- All insiders (people in the SGSC Insider group and Senior Leadership Team group) have access to Tableau
- Insiders do not necessarily have access to every other system designated as an insider system. For example, someone can be aninsider and not have access to Compeat.
Non-insiders are all other sweetgreen employees
- Only non-insiders who have been approved to have Tableau access specifically are added to the SGSC Non-Insider group. This grants non-insiders limited access in Tableau.
- Not every non-insider employee is in the SGSC Non-Insider okta group
I created this diagram to outline the steps needed to take when a request comes in for access to an insider system.
When a current employee is reclassified from non insider to insider, they should be added to the SGSC Insider group and deleted from the SGSC Non-insider group.
Keep in mind the Non-Insider group is specific to Tableau...the name is Tableau SGSC Non-Insider. Other apps that need to segment access based on Insider vs. Non-Insider access may use the SGSC Insider group, and for non-insiders may use other dynamic or manually-managed groups as per the access policy defined by the Business or System Owner.
Article provided by Ilene
Article provided by Ilene