dce icon indicating copy to clipboard operation
dce copied to clipboard

Published 20 hours ago verified publisher icon Optum

Alert and create a status when a child account isn't healthy

Open kddejong opened this issue 5 years ago • 1 comments

Certain configurations could result in a child account becoming not healthy. Can't use the trust, etc. We want to move accounts that run into that issue into not being healthy and alert appropriately.

kddejong avatar Dec 12 '19 17:12 kddejong

Just ran into a couple "unhealthy" accounts, so I'll get started with a list of things we could check:

  • AdminRole exists and is assumable by master
  • PrincipalRole exists and is assumable by master
  • PrincipalPolicy exists
  • PrincipalPolicy matches hash in DB
  • PrincipalPolicy is attached to the PrincipalRole

eschwartz avatar Jan 13 '20 16:01 eschwartz