Greg,
I like your solution, I like it a lot! Thanks. And thanks also to Dale, Nick, Phil, Dave and Greg! Very good input.
Bryan Burns
iSeries Specialist
ECHO, Incorporated
Lake Zurich, Illinois
-----Original Message-----
From: mapics-l-bounces@xxxxxxxxxxxx [mailto:mapics-l-bounces@xxxxxxxxxxxx] On Behalf Of Greg Wenzloff
Sent: Thursday, July 24, 2008 8:19 AM
To: MAPICS ERP System Discussion
Subject: Re: [MAPICS-L] Change Management
Bryan,
We designated 11 MAPICS files as being financially significant for SOX.
Then we journalled those files.
We run a nightly program to read the journal and list whenever anyone
with *allobj authority touches one of them.
If they are touched then justification is required.
The controller signs this daily report.
SOX auditors are OK with this arrangement.
Greg
-----Original Message-----
From: Burns, Bryan [mailto:Bryan_Burns@xxxxxxxxxxxx]
Sent: Thursday, July 24, 2008 9:03 AM
To: MAPICS-L@xxxxxxxxxxxx
Subject: [MAPICS-L] Change Management
We'll be undergoing an internal controls IT audit later this year and
like a lot of small shops, our MIS staff has *ALLOBJ special authority
in their user profiles. In addition, all our AMFLIBx files have
authority for *PUBLIC as *CHANGE. Because our users don't have a
command line and we control ODBC updates through an exit point package,
*PUBLIC having *CHANGE to files isn't an issue. But the MIS staff
having *ALLOBJ to production files and being able to DFU any one of them
is an issue.
I believe there're at least 3 ways we can approach this:
1. Implement object level authority. (This is something management
really doesn't want to consider).
2. Run a nightly program to GRTOBJAUT of *EXCLUDE for every object
in our production libraries for every MIS user profile. In addition,
remove *ALLOBJ special authority from the MIS user profiles.
3. Implement a third party package like Authority Broker from the
PowerTech Group.
Have any of you had a similar security set-up as we have and had to
comply with Sarbanes-Oxley regulations or something similar? If so, I'd
like your input on the three approaches above or any other approach you
might recommend.
Thanks in advance,
Bryan Burns
iSeries Specialist
ECHO, Incorporated
Lake Zurich, Illinois
_______________________________________________
This is the MAPICS ERP System Discussion (MAPICS-L) mailing list To post
a message email: MAPICS-L@xxxxxxxxxxxx To subscribe, unsubscribe, or
change list options,
visit:
http://lists.midrange.com/mailman/listinfo/mapics-l
or email: MAPICS-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/mapics-l.
_______________________________________________
This is the MAPICS ERP System Discussion (MAPICS-L) mailing list
To post a message email: MAPICS-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/mapics-l
or email: MAPICS-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/mapics-l.
As an Amazon Associate we earn from qualifying purchases.