Custodian Affinity
The Custodian Affinity Model provides automatic custodian assignment for assets based on the "Last User" field populated by network discovery. Rather than requiring manual assignment or simple overwrite rules, the affinity model uses configurable logic to determine when and how an asset's custodian should change based on usage patterns. This page explains the three assignment models and when each is appropriate.
Prerequisites
- Network discovery should be configured and running, with the "Last User" field being collected from discovered machines (see Discovering a Network).
- Custodian records should exist in the system (custodians are typically imported from Active Directory or another identity source).
Why Custodian Assignment Matters
Knowing who is responsible for an asset is critical for:
- Accountability — ensuring someone is responsible for each asset's care and return
- Software licence compliance — user-based licences need accurate custodian data
- Security — tracking who has access to sensitive equipment
- Financial reporting — cost allocation to departments depends on knowing who uses the asset
Discovery data provides a "Last User" field that shows who most recently logged into a computer. However, the last user is not always the right custodian — shared machines, temporary logins, and IT support access can all produce misleading data. The custodian affinity model addresses this challenge.
The Three Assignment Models
xAssets provides three models for custodian assignment, each suited to different scenarios:
1. Manual Assignment
| Aspect | Detail |
|---|---|
| How it works | Custodians are assigned manually by administrators. Discovery data is ignored for custodian purposes. |
| When to use | When custodian assignment requires human judgement, approvals, or is governed by a formal process. |
| Pros | Full control; no unexpected changes. |
| Cons | Labour-intensive; custodian data quickly becomes stale if not maintained. |
With manual assignment, the custodian field is only changed when an administrator edits the asset record directly or uses a bulk update operation.
2. Always Change (Last User Wins)
| Aspect | Detail |
|---|---|
| How it works | Every time discovery reports a new "Last User", the asset's custodian is updated to match. |
| When to use | For personal devices (laptops, phones) where the last user is almost always the correct custodian. |
| Pros | Fully automatic; custodian data is always current. |
| Cons | Unreliable for shared machines, conference room PCs, or lab equipment where many users log in. |
This model is the simplest automatic option. It works well in environments where each device has a single primary user and shared devices are rare.
3. Affinity Rules (Recommended for Most Environments)
| Aspect | Detail |
|---|---|
| How it works | The system tracks login frequency over time and only changes the custodian when a new user has demonstrated sustained usage, indicating they are the primary user. |
| When to use | For mixed environments with both personal and shared devices, or when occasional logins by IT support or temporary users should not trigger custodian changes. |
| Pros | Balances automation with accuracy; filters out transient logins. |
| Cons | Slight delay before custodian changes take effect (by design). |
The affinity rules model is the most sophisticated option and is recommended for most organisations. It prevents custodian "flapping" — the situation where a custodian changes back and forth between users due to alternating logins on shared equipment.
How Affinity Rules Work
The affinity model evaluates login patterns over a configurable time window:
- Discovery collects login data — each discovery scan records the "Last User" for each machine.
- Login frequency is tracked — the system builds a picture of how often each user logs into each machine over time.
- Affinity score is calculated — users with more frequent and more recent logins receive a higher affinity score for that machine.
- Threshold comparison — the custodian is only changed when a new user's affinity score exceeds the current custodian's score by a configurable margin.
- Custodian is updated — once the threshold is met, the system updates the custodian field automatically.
This approach means that a single login by an IT technician performing maintenance will not change the custodian, but a new employee who uses the machine daily for two weeks will trigger a custodian change.
Configuration
The custodian assignment model is configured through Admin > Settings. The key settings are:
| Setting | Description |
|---|---|
| Custodian Assignment Mode | Selects the assignment model: Manual, Always Change, or Affinity Rules. |
| Affinity Window | The time period (in days) over which login frequency is evaluated. A longer window provides more stable assignments but is slower to react to genuine changes. |
| Affinity Threshold | The margin by which a new user's score must exceed the current custodian's score before a change is triggered. Higher values prevent changes from minor usage differences. |
Choosing the Right Model
| Environment | Recommended Model | Reason |
|---|---|---|
| All personal laptops, no shared devices | Always Change | Simple and accurate when each device has one user |
| Mixed personal and shared devices | Affinity Rules | Filters out shared-device noise while keeping personal devices current |
| Highly regulated, formal asset assignment | Manual | Custodian changes require approval workflows |
| Hot-desking or shared workstation environment | Manual or Affinity Rules | Always Change would produce constant, meaningless changes |
| Server room / infrastructure equipment | Manual | Servers do not have meaningful "Last User" data |
Tips
Tip: Start with Affinity Rules for workstations and laptops. If you find that custodian changes are too slow or too aggressive, adjust the Affinity Window and Threshold settings.
Tip: Exclude service accounts and administrator accounts from custodian consideration. IT support staff who log into many machines should not be assigned as custodians. This is typically handled by the discovery data loading process, which can be configured to ignore specific accounts.
Tip: Review custodian changes periodically using the Additions and Changes reports (see Additions and Changes) to verify that the chosen model is producing accurate results.
Warning: Changing from one model to another may trigger a large number of custodian updates on the next discovery load. Plan model changes during a maintenance window and review the results before relying on the updated data.
Related Articles
- Transfers — manually changing asset ownership and location
- Bulk Update — changing custodian on multiple assets at once
- Additions and Changes — reviewing custodian changes over time
- Active Directory Integration — importing custodian records from AD