[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Joe Pluta
Sent: Wednesday, October 31, 2007 11:40 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Separation of Duties...
From: Wilt, Charles
Lastly, perhaps you could consider the Service Tools QSECOFR ID the
"system Admin" and the regular QSECOFR ID as the "Database Admin".
Oooo, I like this Charles. It probably wouldn't clear a
common sense check, because you don't need SST for purely
sysadmin jobs like backup and recovery, but it IS required
for the hardware stuff that you have to typically do on
Windows machines and that you rarely have to worry about on
the System i.
But then again, a LOT of auditing is not about common sense.
Trying to create common admin roles for the System i and a
Windows box is sort of like trying to create a common
driver's manual for a Mopar and a moped. So you might get
away with it.