Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Change control for security roles

Former Member

‎11-05-2012 9:32 PM

0 Kudos

Can people share their workflows for changing (or creating) a security role?

- do you have a concept that only authorized requesters can request changes to security roles?

- who approves?  role owners?  role owners plus functional area or transaction owners?  does the security team manager need to approve? 

- how are details and approvals captured?  email?  a request form?  ticket-system?

- do you have SLAs or lead-time requirements?  if so what are they?

Hoping to compare notes here.  Many security roles at my client will be redesigned and we need processes to make sure they stay securely built.  right now, basically everything is handled with emails and inconsistent approvals.

thanks...

1 REPLY 1

Former Member

‎11-14-2012 11:42 AM

0 Kudos

Hi,

- do you have a concept that only authorized requesters can request changes to security roles?

   Each role has role owner which is responsible for role content and must approve any role change

   role change can be requested by functional expert on requerst of end-user

- who approves?  role owners?  role owners plus functional area or transaction owners?  does the security team manager need to approve? 

   Validation : authorization specialist/functional expert

   Approvals : role owner and system owner

- how are details and approvals captured?  email?  a request form?  ticket-system?

  Ticket system for workflow, forms for signatures/details

- do you have SLAs or lead-time requirements?  if so what are they?

   3 weeks  to complete change

regards,

Wojtek