× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MAPICS-L
  3. October 2004

Re: PROGRAMMER ACCESS TO PRODUCTION ENVIRONMENT

Candy,
 
Back in my days as a staff programmer in a large corporate environment, we had 
a similar situation with our own internal auditors.  Basically, our internal 
auditors had issue with programmers having access to the production 
environments mostly because their (the auditors) fear was undetectable 
corruption of data with testing.  We supported 15 divisions on seperate 
machines from our corporate offices basically, we implemented the following 
procedure.
 

   Only one designated person on the staff was given a user profile to assign 
security.
   The security administrator set up a user profile that would allow a 
programmer access to the production environments.  The security administrator 
would "own" the password to this user profile.
   When a programmer or analyst needed access to the production environments, 
we would have to complete a form.  The security administrator would then set 
the password for the production profile and allow the programmer or analyst 
access.
   When the programmer or analyst was finished doing what needed to be done in 
the production environment.  He / she would notify the security administrator.  
The security administrator would then disable the password on the user profile.

This process satisfied our auditors.  After we implemented this process, we did 
not get any comments on the division's EDP audits.

As far as doing accurate development work, we would have to have a test 
environment established for each division.  These environments would be 
refreshed at a minimum of one a month.  The company I am referring to was a 
Fortune 500 company.  So please keep in mind the magnatude of the machine.  

Just some food for thought.

 

   

Candy.Hein@xxxxxxxxxxxx wrote:
My boss asked me to pose this question on the MAPICS user group list. We
are a small shop with 2 full-time programmers and 2 part-time contractors.
The full time programmers are responsible for setting up MAPICS security for
users. Part of the audit comments during our Sarbanes-Oxley audit was to
eliminate all programmers access to the production environment including
security (of course they have no suggestion on who would set up security).
We would like to know how other small shops handle this situation. Do your
programmers have access to the production environment? Who is responsible
for establishing MAPICS security on your system?



Thank you,

Candy Hein



_______________________________________________
This is the MAPICS ERP System Discussion (MAPICS-L) mailing list
To post a message email: MAPICS-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/mapics-l
or email: MAPICS-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/mapics-l.




Sincerely, 

Richard T. Molder
President
Moldrich Solutions

Have a nice day unless you have made other plans.
                
---------------------------------
Do you Yahoo!?
vote.yahoo.com - Register online to vote today!

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.