07-08-2009 4:43 PM
Dear community
As you are aware Basis team needs Developer Access for many
reason i.e (Manual note apply-Support pack + SPAU and during SPDD). Basis
team is also responsible for moving transports from Dev>Test>Prod.
We have a Audit question where auditor is asking why Basis has
transport authorization + Developer access.. Risk is ->they might make
code and promote it to Prod.
We know that Basis team requires both the
authorization. BUt is your view on it. is there any work around. One work around is to remove Dev access KEy from table. BUt yet since we can still add key into that table its not full proof.
Regards
Ravi Gaur
07-08-2009 5:25 PM
Hi,
This type of scenario is handled by using Special User id where a Consultant need to have access for a different area which is not supposed to be present for his work. The special User id I was taking about is "Firecall User ID". Or in GRC it is popularly known as "Firefighter".
So please avoid providing extra access to any consultant in his user master. Instead, create few such Special user IDs with Access to distributed work environment. Use these user ids when required on Temporary basis. Hope you also agree with this.
Regards,
Dipanjan
07-08-2009 5:25 PM
Hi,
This type of scenario is handled by using Special User id where a Consultant need to have access for a different area which is not supposed to be present for his work. The special User id I was taking about is "Firecall User ID". Or in GRC it is popularly known as "Firefighter".
So please avoid providing extra access to any consultant in his user master. Instead, create few such Special user IDs with Access to distributed work environment. Use these user ids when required on Temporary basis. Hope you also agree with this.
Regards,
Dipanjan
07-08-2009 5:36 PM
An easy way to solve this problem is via the QA Approval steps.
In addition to the default System Admin approval, add a department or user step to the release procedure.
There is also a workflow option you can use in the TMS.
Cheers,
Julius