Question:
Hello
Changes to our roles and profiles are made in our development client and the new / revised authorisations are transported to production.
Periodically we overwrite our development client with our production client data (client copy).
When we do this, we loose our audit trail of the changes to the roles and profiles.
(We use CUA for assignment of the authorisations to users so this audit trail remains intact)
This loss of audit trail for the changes to the roles is concerning our auditors who say that this is a potential Sox issue.
How are other companies managing this?
Please help.
Thank you
Answer:
very simple solution: one should never allow overwriting the dvelopment client. Call that best practice!!!!
Answer:
But from time to time it is wise to refresh Dev so....
You presumably have a 'Role Change Request' form (whether physical or electronic), append a screen print of the change(s) to it and keep it. This documents the 'why' and the 'what'.
And also doesn't SUIM show changes in prod ?
_________________
Best Regards
Bazza
Answer:
How about security on data contents, when copying prod date to any other client your data is on the street as most companies do not care much about security on non production clients. So anyone can read your LIVE data??
Can anyone give a sound reasons to "refresh"your development client??
Answer:
In my experience Dev environments are usually left clean & transactional data is refreshed into QA/Test environments. Seems to be a reasonable approach.
Answer:
1. It is not a good idea to have live transactional data in the development system.
2. You can have a backup of the user Master Profile and the roles which the basis team can copy back onto the current client and hence retain the history
3. I still don't know why you would need to refresh dev since the changes are supposed to be flowing from dev to prod and hence a refresh from prod is not a wise idea
4. for transactional data, it is wise to create dummy data using a data load tool.