Security - What Methodology are you using?
For me, we are in the midst of a redesign from using all out of the box roles (bad practice I know, cringe) with AD groups as the members (support groups).
Currently, I have planned out to create two roles, 1 for analysts and 1 for end users, with additional roles planned for ROs/SOs. We are a relatively small shop in my opinion, with about 40 analysts over 15 groups, and finally breaking into the end user realm (over 400 users). To facilitate the new roles, I plan to do some nesting with an analyst and End user ad for with groups added to the analyst or end user ad group.
Please provide any feedback on my plan if you have any, but most importantly feel free to share how you are handling Security.