Hi All,
I am sure that some of you probably work in a similar environment - a Notes Domain that was set up when the Notes server was still called a Notes server and when applications were created by anybody and everybody. We are now trying to get a handle on this to stop the insanity.
As such, I am curious what measures that other folks have taken in terms of change control/change management. I am talking about who can put a database on a production server, who can manage the ACL for that database, who can make changes to that database (of course they need to be tested in pre-production first). Should the Notes/Domino Administrators be the only users with Manager access to given database? If not, who know what changes can be made. I guess the other big area of concern is the Domino Directory. This should certainly be locked down as much as possible, but again, the more you lock this down, the more of an administrative headache it becomes. For example, who can/should be able to modify a user group? (not only make the phhysical change, but who should be authorized to request the change?) And finally, what is the best method to track all of these changes? Afterall, we need accountability thanks to Sarbanes & Oxley.
If anybody has any thoughts or would like to exachange email on the topic, please let me know.
Thanks!
PD
I am sure that some of you probably work in a similar environment - a Notes Domain that was set up when the Notes server was still called a Notes server and when applications were created by anybody and everybody. We are now trying to get a handle on this to stop the insanity.
As such, I am curious what measures that other folks have taken in terms of change control/change management. I am talking about who can put a database on a production server, who can manage the ACL for that database, who can make changes to that database (of course they need to be tested in pre-production first). Should the Notes/Domino Administrators be the only users with Manager access to given database? If not, who know what changes can be made. I guess the other big area of concern is the Domino Directory. This should certainly be locked down as much as possible, but again, the more you lock this down, the more of an administrative headache it becomes. For example, who can/should be able to modify a user group? (not only make the phhysical change, but who should be authorized to request the change?) And finally, what is the best method to track all of these changes? Afterall, we need accountability thanks to Sarbanes & Oxley.
If anybody has any thoughts or would like to exachange email on the topic, please let me know.
Thanks!
PD