{ "metadata": { "owner": "ad-shop-seeding", "catalogVersion": "1.1.0", "marker": "[OIM-SANDBOX-SEED:ad-shop-seeding:v1]", "oneImQueryDate": "2026-04-26", "notes": "Risk, location, and birthright groups intentionally omitted. System-role-related entitlements included as SR_* AD groups for later OIM ESet modeling." }, "rootOu": "OU=OIM-Managed,DC=sandbox,DC=local", "ouLayout": { "applications": "OU=Applications,OU=Resources", "distributionLists": "OU=DistributionLists,OU=Resources", "businessRoles": "OU=BusinessRoles,OU=Roles", "systemRoles": "OU=SystemRoles,OU=Roles" }, "applications": [ { "code": "ATLAS", "name": "Atlas Office", "domain": "Productivity" }, { "code": "HELIOS", "name": "Helios Mail", "domain": "Productivity" }, { "code": "PULSE", "name": "Pulse Chat", "domain": "Collaboration" }, { "code": "FORGE", "name": "Forge IDE", "domain": "Engineering" }, { "code": "PIPE", "name": "Pipeline CI", "domain": "Engineering" }, { "code": "VAULT", "name": "Vault Secrets", "domain": "Engineering" }, { "code": "INSIGHT", "name": "Insight BI", "domain": "Data & Analytics" }, { "code": "LUMEN", "name": "Lumen Data Lake", "domain": "Data & Analytics" }, { "code": "TEMPO", "name": "Tempo HR", "domain": "HR" }, { "code": "LEDGER", "name": "Ledger Finance", "domain": "Finance" }, { "code": "BEACON", "name": "Beacon CRM", "domain": "Sales" }, { "code": "CITADEL", "name": "Citadel VPN", "domain": "Infrastructure" }, { "code": "SENT", "name": "Sentinel SIEM", "domain": "Security" }, { "code": "SPEC", "name": "Spectrum DAM", "domain": "Marketing" }, { "code": "VOYAGER", "name": "Voyager CMS", "domain": "Marketing" } ], "tiers": [ { "suffix": "READER", "label": "Read-only" }, { "suffix": "USER", "label": "Standard user" }, { "suffix": "EDITOR", "label": "Content editor" }, { "suffix": "ADMIN", "label": "Administrator" }, { "suffix": "APPROVER", "label": "Request approver" } ], "businessRoles": [ "HR", "FINANCE", "IT", "ENGINEERING", "SALES", "MARKETING", "OPERATIONS", "LEGAL", "CUSTOMERSUPPORT" ], "systemRoles": [ { "code": "WORKFORCE_BASE", "name": "Workforce Base Access", "description": "Baseline productivity access bundle for regular workforce identities.", "includes": [ "APP_ATLAS_USER", "APP_HELIOS_USER", "APP_PULSE_USER" ] }, { "code": "ENG_CORE", "name": "Engineering Core", "description": "Engineering contributor bundle for source, CI, and secrets read access.", "includes": [ "APP_FORGE_USER", "APP_PIPE_USER", "APP_VAULT_READER" ] }, { "code": "ENG_ADMIN", "name": "Engineering Admin", "description": "Privileged engineering administration bundle.", "includes": [ "APP_FORGE_ADMIN", "APP_PIPE_ADMIN", "APP_VAULT_ADMIN" ] }, { "code": "DATA_ANALYST", "name": "Data Analyst", "description": "Analytics and data lake consumer bundle.", "includes": [ "APP_INSIGHT_USER", "APP_LUMEN_READER" ] }, { "code": "FIN_OPERATOR", "name": "Finance Operator", "description": "Finance operations bundle.", "includes": [ "APP_LEDGER_USER", "APP_INSIGHT_READER" ] }, { "code": "HR_OPERATOR", "name": "HR Operator", "description": "HR operations bundle.", "includes": [ "APP_TEMPO_USER", "APP_ATLAS_USER" ] }, { "code": "SALES_OPERATOR", "name": "Sales Operator", "description": "Sales operations bundle.", "includes": [ "APP_BEACON_USER", "APP_PULSE_USER" ] }, { "code": "MKTG_CREATOR", "name": "Marketing Creator", "description": "Marketing content creation bundle.", "includes": [ "APP_SPEC_EDITOR", "APP_VOYAGER_EDITOR" ] }, { "code": "SEC_OPERATOR", "name": "Security Operator", "description": "Security operations bundle.", "includes": [ "APP_SENT_USER", "APP_CITADEL_USER", "APP_VAULT_READER" ] }, { "code": "PRIV_ACCESS", "name": "Privileged Access", "description": "High-privilege infrastructure and security administration bundle.", "includes": [ "APP_CITADEL_ADMIN", "APP_VAULT_ADMIN", "APP_SENT_ADMIN" ] } ], "distributionLists": [ "ALLSTAFF", "LEADERSHIP", "ENGINEERING" ] }