ID Creations/Access

[dsemeniuk]

We are currently in project mode and in certain environments, users will need DatabaseIds or System Access IDs to connect to the database to query it or to run the application.

What process do you use? This is in testing environments.

[ranjithraghunathan]

Not sure where the question is focused on.
If this is the access rights issue, it should be Change Management.
Access ID requests and new access rights have to be strictly governed by Change Management team.

Can anyone shed more light along this line?

[UKVIKING]

This sounds more like security mgmt

If this is development work; then from an operational aspect.. Change does not care because the dev environment should be separate from the live

Is this about user IDs, passwords, and other user data about logging into systems

or

is this about network ACL, routing etc

The former should be handled via service requests and in line with the security standards; change management may be involved but this kind of work should be standard changes(ITIL) that do not need change mgmt process/approval

the latter should go through Change because of the potential impact on the existing network environment
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter

[ranjithraghunathan]

UKVIKING -

My suggestion to have the access to development environment be controlled by Change Management arises from the fact that the application could be one of business critical importance.
Hence an access to development environment, should be governed by Change Management team, who will check factors like: who is requesting access to the development environment, the change going to be made in the code if already according to a scheduled implementation and is authorized etc. As you had mentioned this is governed by Security standards and the Change Management team will reference these standards.
Also in my companies the access IDs to the development environment thus granted through the Change Management process is called as FireFighter IDs.

I am theoretical, so if I am wrong guide me through.

Ranjith Raghunathan
ITIL Foundation Certified
P.S - Most of my posts are to understand the ITIL fundamentals clearly. So please excuse if not genuine answers to questions.

[dboylan]

I personally don't think that Account Management should be handled through the Change Management process. Yes, there does need to be controls on how accounts are created. Yes, there need to be checks and balances with considerations on how it might affect either the dev or prod environments. But I think that this is something that should be handled through the Security Management Process, which is not one of the core Service Support or Service Delivery processes.

The reason I would not put it in Change Management is because the definition of a Change is something that affects the Status or Attributes of a Configuration Item.

Is creating an account changing the status of the security system? No.

Is creating an account changing an attribute of the security system. Unless you are trying to track every single account as a unique attribute of the security system (which I think would bring a Change Management process to its knees), then adding an account would not be considered a change in the security system's attributes.

I would consider modifying the setting of the security system from a "3 Strikes lockout" to a "5 Strikes lockout" a Change that would need to go through Change Management.

There is the lure to use processes currently in place to manage aspects for which they aren't intended. My organization has just decided to use our Incident Management tool to handle the tracking of application enhancements. Why? Because we have a well defined Incident process and needed a communication tool to enable app dev requests.

So can you use the Change Management process to help with ID procurement? Yes. Should you consider ID procurements Changes? Probably not according to ITIL.

Don