Security Workbench P00950 Install Value (INSL) = 'Y' - Sox

Security Workbench P00950 Install Value (INSL) = \'Y\' - Sox

We are currently working on a security audit recommendation report so that we can ensure we are SOX compliant. One of their RECOMMENDATIONS: "The FSINSL setting for *PUBLIC *ALL should be set to ‘N’ to restrict install access to all JDE applications". It is my understanding that this option has nothing at all to do with who can run what application. I want to have this recommendation removed, but before need to ensure that I am not off base.

Re: Security Workbench P00950 Install Value (INSL) = \'Y\' - Sox

You are both right, kinda. This setting indeed would not restrict a user from running an application, so you are correct on that matter. However, for SOX compliance, they should and will recommend that you not only have *PUBLIC *ALL for this item set to N, but the FSRUN as well. Obviously, it's the FSRUN that is most important, but SOX compliance for E1 systems does include the restriction of FSINSL as well.

So you are correct in your statement that this setting doesn't have the effect of disallowing the execution of the application, you auditor is correct in recommending the setting to be fully SOX compliant, though his/her reasoning might be misguided.

Re: Security Workbench P00950 Install Value (INSL) = \'Y\' - Sox

thanks Jim, I don't see why it needs to be set to ensure Sox compliance, but it is much easier to just do it rather than to fight it.

Re: Security Workbench P00950 Install Value (INSL) = \'Y\' - Sox

Essentially, they are using the old addage, if the option is there, it must be there for a reason. The install application option was used/useful in older versions of OneWorld (pre XE), so it was needed back then. As with a lot of sysadmin tools in E1, development resources are usually used to add functionality, but not clean up the bloat from older versions. After all, companies don't decide to spend the big bucks on the system because of it's admin and configuration mechanisms. There are possibilities of this being a hole...although I agree with you, in the way that anyone is using E1 now, I don't think it matters. I think you are correct in just agreeing and live to fight a bigger battle!