My previous place of employment had similar protocols. To ensure
quality, We had four environments:
Development, which is the ONLY environment on which the Devs have admin
rights.
Test, which is in theory the Admin's olayground - a place to test
patches, and so on, so that the Admin does not obstruct the DEVs work.
Pre-Production, which was used for End-user accept testing before
production.
and of course, Production.
Besides this, we used object reservation on all servers, with system
forms locked by a per-server account, to prevent accidental modification
(we had a strict policy of not altering system forms).
The different tiers also means that basic things such as user privileges
and server configuration changes are well described, since the Devs are
forced to test on environments where they have no admin rights.
We had one further modification; all the Admin forms the Devs would need
access to in order to troubleshoot were given an extra permission group,
which the Devs would get on their PRod user.
Hope this is inspiration.
best regards,
Jonas Stevnsvig
Den 05-08-2011 21:31, Arner, Todd skrev:
**
We have been given a directive to separate the Remedy Development and
Administrative functions. Basically, we have been instructed to come
up with a way to ensure that no one person can make development
changes and also be able to set up users accounts. We currently split
the roles between two groups so that no one person is doing both,
however, since the developers and admins have Administrator
privileges, there is nothing stopping either from performing all
functions.
Does anyone else out there have a similar requirement? If so, can you
share your solution?
I am just not seeing a way to do this. Or maybe I just don't want to
see the way. :) Seems to me both rolls need to have Administrator
privileges to complete their tasks.
Any insight is greatly appreciated.
ARS 7.5 p7
MS SQL 2005
Windows 2003 SP2
Thanks,
Todd Arner
Great Lakes
--------------------------------------------------------------------------------
The information contained in this communication may be confidential, is intended
only for the use of the recipient(s) named above, and may be legally
privileged. If the reader of this message is not the intended recipient, you
are hereby notified that any dissemination, distribution, or copying of this
communication, or any of its contents, is strictly prohibited. If you have
received this communication in error, please notify the sender immediately and
destroy or delete the original message and any copy of it from your computer
system. If you have any questions concerning this message, please contact the
sender.
================================================================================
_attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
