On Mon, Apr 26, 2010 at 5:50 PM, ibcarolek <[email protected]> wrote: > We have change management tools for promoting database changes and > server programs (AS400 - Aldon), which requires the change to be > staged, blessed by our security director based on lovely documentation > and data owner approval and then put into production by a "change > admin" so the programmer can never touch production (in theory). > We've been dotnetting for a couple of years and now our external > auditors want us to have the same "no programmer" access for our > application servers, despite our lovely documentation and data owner > approval along with security director blessing. We're a small shop > with 1 and a half .net programmers. > > What tools or methods do folks use to promote their code to production > that conforms to SOX "well controlled" processes which prevent > programmers from directly touching production? ---------------------------------------
Sounds correct from my POV. You make your lovely documentation that defines what to do and what to change. App pools in IIS as well as any changes in web.config that are need. You should have the web.config data for connection strings encrypted already and give the network mover team a gui to create replacement text, as well as read what is already there. They should do the move from Stage to Prod and it should just work. The first few you may have to work with them because they are not admins with years of experience in IIS per your story above. Just help them out and let them do it. -- Stephen Russell Sr. Production Systems Programmer CIMSgts 901.246-0159 cell
