Security administrator

JamesGH

Member
Is there any segregation of duties risk with having the same person act as Security administrator and CNC Administrator?
 
The JDE Skill Set Profiles defines CNC Administration to include "managing user profiles, application security, package builds and deployment, output managmenet, and OCM for software deployment".
 
As a project moves from Implementation through to Go-live, the duties that the CNC Administration will have to undertake will certainly change.

Prior to go-live, I find that the majority of tasks for a CNC administrator are Installations, ESU's, Package builds (and tracing issues), Troubleshooting issues, Performance Analysis and Tuning, Deployment planning and Environment copies - (there are of course other tasks, but hopefully you get the idea !)

As the product becomes ready to transition to go-live, you will find that less performance analysis will have to be performed and (hopefully) less troubleshooting. Your architecture should be in place, and should be designed to accomodate a long-term strategy. At this point, the CNC role becomes more Administration - and starts transitioning toward Security administration, Printer Administration and Upgrade analysis and support. Obviously, if changes and modifications continue to be performed, then package builds will continue - but if the system is in production, these packages will be less and will not be as "last minute" as the implementation phase (of course, we all know how "last minute" these production packages are !)

Now to directly answer the question of whether a CNC resource should be the individual performing this role - well, the CNC resource has access to the Database as the highest power-user direct, and has access to the Server JDE.INI which contains the highest level user ID. He is no doubt also endowed with the administrative privileges to be able to deploy OneWorld to a Citrix farm or to a Fat client farm. It is a good idea to reduce the number of people in an Organization with knowledge of the "power ID" - and the CNC resource should certainly be the individual(s) that continue to set up security.

If a change needs to be made to OMW - then that CNC resource would be the correct person to perform this. Often I see OMW configuration being changed even after go-live to accomodate a 4th Environment for Training or Regression Testing.

Hope that helps.

Jon Steel
OneWorld Technical Specialist
http://www.erpsourcing.com
 
Back
Top