For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone
Note: ® ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.
The Itil Community Forum: Forums
ITIL :: View topic - How to handle database record changes?
Posted: Wed Nov 18, 2009 2:17 am Post subject: How to handle database record changes?
Hi,
I don't know how to handle abnormal database entries.
In my company there's a difference between changing the database structure or application data regard of changing abnomaly records.
I try to explain better.
Ofter we recieve requests for changing invaldi entries in production. Let's say a wrong name written or a wrong address and that you can't change from the application frontend. I don't want to discuss the application limit now, I want to understand how to handle this type of request.
The process now is:
- the end user opens a ticket
- the developer works the ticket typically by creating an sql script
- a request to make this change in production is done to che change manager
- the change manager asks the dba to run these scripts
Usually we have to do this 4-5 times a day. Does this type of request exist in ITIL? If so how are they named and managed? I know there's a problem behind this but now I need to manage this kind of requests.
Are they handled as normal changes like modifying an application or modifying the database structure?
I want to find a way to distinguish them.
Joined: Sep 16, 2006 Posts: 3110 Location: London, UK
Posted: Wed Nov 18, 2009 2:40 am Post subject:
it is called a data fix
What does your cm process say about data fixes ?
How are they controlled ?
if your process says this is a operational issue, then that is all it is
IF however, it is managed/controlled via change, then it is controlled/managed via change control
which means
tested in a non prod environment (usually a clone of prod) to see if the fix works
then after the testing is satisfactory
If there is no CM process documentation - get it down
if your cm process states that all changes must be tested by bozo the clown while wearing a live chicken on the head, then all testing by bozo must have a chicken _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
Thanks John.
Actually there is no process for this kind of requests so we're going to implement it now.
So for ITIL they are data fix. And how should be these treated for ITIL?
There is no process, it's new, to be implemented. I'm asking suggestions on this. Usually these scripts modify data that are only in production so can't be tested in UAT.
Thanks again.
Joined: Sep 16, 2006 Posts: 3110 Location: London, UK
Posted: Wed Nov 18, 2009 4:33 am Post subject:
tarak
you are not readfing my response correctly
ITIL does not say a thing about data fixes
YOU DO or YOU DONT
Where I am now, all back end data scripts fall under change control
as we have a production clone environment, data fixes can be tested in the non production environment
if you change data using automatic scripts - via the back end, this should be control
if the business user changes data from the front end.. this is controlled via his business front end processes
In order to be sox compliance, all things done to production must be tested in a non production environment - code deployment, data fix, mass updates etc
while it is true for some data fixes, you cant test the data but you can test the process used to execute the data and see whether it only does what it says
My last question - have you had any training in ITIL v2 or v3 ? If not, and based on your posts so far, I dont think you have. get the training and read the books
Also, the books are not literal books. they are guidelines and best practice _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
Joined: May 25, 2008 Posts: 413 Location: Sydney, Australia
Posted: Wed Nov 18, 2009 8:06 am Post subject:
ITIL isn't goint to tell you, and the forum can't.
If I were you I would get agreement about how a data change should be treated and then update the process document and communicate the information.
It depends on so many things - the nature of your organisation and the data that is being changed, for example how sensitive it is and what the implications and impact of data changes are.
Sometimes ITIL lets you be God. Just enjoy it. _________________ DYbeach
ITIL V3 Release, Control & Validation,
ITIL V3 Operation SUpport & Analysis
PMI CAPM (R)
"In times of universal deceit, telling the truth will be a revolutionary act." George Orwell
Thanks all for the help.
I thought this kind of things were treated by ITIL but as I understood from your replies they aren't treated so I will implement it as better as I think.
Thanks again for your help.
Tarek
Joined: Mar 04, 2008 Posts: 1883 Location: Newcastle-under-Lyme
Posted: Wed Nov 18, 2009 8:10 pm Post subject:
The data is the province of the customer, IT provides the vessel and the engine.
If incorrect data is arriving in the system several times a day then the big issue is the application, not the service. there is a mismatch between the level of data validation and the skill/knowledge of those submitting the data. If this is fixable by improved software or improved training, or both then that needs to be done. If it is not fixable in this way then it would probably be a good idea to develop a good repair application for the users to use themselves.
Either way, the involvement of IT services depends on what your contractual obligation is wrt the provision of the application software. Ideally you should be no more than a conduit through to the application provider's support arm. and these incidents should be identified as application functional issues rather than service incidents.
In the "normal", far muddier, reality you will find yourselves involved and probably in the firing line. Nevertheless, if you think of the processes in the way I have described, then you will come to a clearer resolution. If nothing else, this will ensure that you retain the focus that the data is not yours and any changes you make to it must be very explicitly requested by the customer, through an authorised channel. _________________ "Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Last edited by Diarmid on Tue Mar 09, 2010 4:47 am; edited 1 time in total
Not sure if this helps you but having previously worked in IT audit, I have seen a number of clients of mine having difficulty in controlling and monitoring changes made directly to databases. As a result, I've been developing a web based application called claRelease with the following workflow:
- developer creates the sql script and submits it for approval
- once all approvals have been received (i.e. peer reviewer, change manager, business user), claRelease will automatically deploy the sql script
- once deployed, relevant stakeholders can provide post-implementation approval before the data change is closed off.
We're almost ready for our first release and are currently trialling the product at a few places, let me know if you're interested in giving it a go, would be more than happy to assist and give you advice from an IT auditor perspective.
Sorry if this sounds a bit sales pitchy, just hoping we might be able to be of mutual benefit! _________________ Justin Yoon
Director - CLB7
Joined: Sep 16, 2006 Posts: 3110 Location: London, UK
Posted: Thu Dec 03, 2009 6:58 pm Post subject:
Justine
It is sales pitch - not blatent but a saes pitch
My first question generic is
why have a tool when the CM process , work load tool and a DBA team will do the same thing ?
With this tool you are replacing staff with a non brainer tool
My first question about using such a tool as a Change manager
1 - where is the audit trail
2 - how can the tool back out work
3 - how can the tool's processes be tested
4 - does not tools like TOAD, SQL+ and other db tools do the same thing
5 - why should I pay for a tool to do what I expect DBAs to do ? Is this going to replace my DBAs ?
6 - does it work with mySQL, Oracle, Sybase, Microsoft SQL, db2, etc
BTW: I dont like tools that merely try to replace the person _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
First of all sorry. I posted publicly because I couldn't find an email address to contact Tarek directly (but I did try to tone the post down). However I am grateful for your response as receiving feedback will ensure I only sell a product that helps organisations.
Now, in response to your questions, let me start by saying that while this application will not be for everyone, it was built based on feedback from IT managers, business users, DBAs and auditors from organisations of different sizes and industries.
Quote:
why have a tool when the CM process , work load tool and a DBA team will do the same thing ?
claRelease is not meant overlap or replace, but integrate and assist. In the end, we're trying to: (a) simplify audits - reduce audit issues of insufficient evidence of approvals, direct developer access to production databases, or lack of proof that the sql tested is the same as what was implemented into production; and (b) free the DBAs to fulfil the rest of their responsibilities while giving them oversight over all changes.
1. where is the audit trail
All changes, sql, approvals (or declines), and results will be stored in claRelease. This is good for organisations who don't turn on database logging due to space/resource overload.
2. how can the tool back out work
For failed sql scripts, these will be automatically backed out. However if partial changes have been made, a new change needs to be created (note the database output is retained to help investigate the impacts). If you have a better way to address this, would love your input!
3. how can the tool's processes be tested
Not sure if I understand your question correctly but I'll try. The tool should be used to implement changes into the test environment first, so you can feel comfortable that it will work in production.
4. does not tools like TOAD, SQL+ and other db tools do the same thing
If the IT managers and risk managers are fine with the CM process, then that's great. However we're more about keeping a record of all sql implemented and giving peace of mind that all changes made were approved.
5. why should I pay for a tool to do what I expect DBAs to do ? Is this going to replace my DBAs ?
We want DBAs to write great sql with confidence that their script has the approval of everyone. It doesn't replace what they do, only makes their job and the CM process easier.
6. does it work with mySQL, Oracle, Sybase, Microsoft SQL, db2, etc
In it's first release, it will work with mySQL, Oracle, MS SQL. We want to get Sybase and DB2 integration soon after. However more will be added as we progress and they get requested. We want to integrate with as many DBs as we can so you have a single source of database change releases with audit trail.
Let me know if you have any other questions or advice. _________________ Justin Yoon
Director - CLB7
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
