Solution Explorer Tasks as SOX items?

How does your company/clients manage Solution Explorer tasks including the creation and/or revision of said items?

Once they became promotable items, managed by OMW it seems to me they are up for the SOX treatment- managed items requiring approval as a change to the system. But......they do not *have* to be promoted as objects must be promoted, they can be entered directly into Production by someone with appropriate permissions.


Your thoughts?

Hi,

You can set either DBMS or JDE ReadOnly security on the
Task Explorer tables (PRODCTL.F900x).

[ QUOTE ]
Hi,

You can set either DBMS or JDE ReadOnly security on the
Task Explorer tables (PRODCTL.F900x).

[/ QUOTE ]

Just to clarify, I am more concerned with how the business/governance is approached instead of the technical aspect.

Thanks for the tip though.

Jeff,

I see where you are going with this, you are headed in the right direction. Menus should be controlled and documented. We locked down OMW so that objects must be created in DV7333. All objects must have a change control record. Objects and menus are not created in PD7333. That's our standard.

Gregg

Menus should be documented - HOWEVER, they are data. I feel that there should be less "worry" about Menus as opposed to the security behind certain applications from the P00950 for SOX compliance.

Most of my customers log menu changes through the help ticket system - a standard menu form is generated - but there is no necessary "approval" above the CNC team to make those changes.

After all, SOX is supposed to try and "catch" issues appearing - and really if security is not set up well, then it doesn't matter what you set up for your menus - users can theoretically get by. Don't for a moment think that fastpath is the only way to bypass the menus.

Some companies were set up with "world" based menu security. I know that many of those companies are regretting that now - and hopefully many are changing to using a closed security model. If YOUR big-5 practice recommends menu-based security, hopefully you know enough now to show them to the door !

We do not include Tasks or Versions in our SOX audits. It doesn't matter what changes take place since access is controlled via security.