11-05-2012 9:32 PM
Can people share their workflows for changing (or creating) a security role?
- do you have a concept that only authorized requesters can request changes to security roles?
- who approves? role owners? role owners plus functional area or transaction owners? does the security team manager need to approve?
- how are details and approvals captured? email? a request form? ticket-system?
- do you have SLAs or lead-time requirements? if so what are they?
Hoping to compare notes here. Many security roles at my client will be redesigned and we need processes to make sure they stay securely built. right now, basically everything is handled with emails and inconsistent approvals.
thanks...
11-14-2012 11:42 AM
Hi,
- do you have a concept that only authorized requesters can request changes to security roles?
Each role has role owner which is responsible for role content and must approve any role change
role change can be requested by functional expert on requerst of end-user
- who approves? role owners? role owners plus functional area or transaction owners? does the security team manager need to approve?
Validation : authorization specialist/functional expert
Approvals : role owner and system owner
- how are details and approvals captured? email? a request form? ticket-system?
Ticket system for workflow, forms for signatures/details
- do you have SLAs or lead-time requirements? if so what are they?
3 weeks to complete change
regards,
Wojtek