Ability to control what object type can be added to a workflow

I'd like to be able to control what types of objects can be added to a CSR by workflow type. We have a 'data-fix only' workflow that I'd like to be able to select only a few object types that could be selected, sql scripts, lookup types and a few others. We have a normal workflow where the changes go through QA and UAT, but a data-fix workflow can be migrated directly to production once a manager approves, so this would be an additional security measure.

reneau.oglesby

Dennis Nelson over 2 years ago

Thank you Reneau for your idea. There are two actions that can be done in Stat today to minimize the risk of data fixes and meet the general IT control objectives for application change. First, add a step in your data-fix only workflow for a task to review the data fix code objects to ensure the changes are appropriate and don't include any code or objects not necessary for the data fix. This provides the approver with assurance that the data fix has been reviewed and is appropriate (not introducing any unauthorized changes or any malicious code). After the review is complete you can have the change request auto advance to the approval step and disable adding objects at that step in the workflow. Additionally, if you have the same developer doing all you data fixes you can modify their object type access to include only the objects needed for data fixes. I'd be happy to demo the steps in my Stat lab If you have any questions or the process as described is not clear.
- Cancel
- Up 0 Down
- More
- Cancel