Groups > Microsoft > Microsoft XAL > RE: SOX compliance - screen security access




SOX compliance - screen security access

SOX compliance - screen security access
Wed, 5 Mar 2008 09:01:10 -0800 
We have auditors in who are reviewing the XAL system to ensure that it is SOX 
compliant and has segregation of duties. 

As standard the best way is normally to control access via Database tables. 
However there is no easy way or documentation which proves or show that the 
Credtable for example is where supplier details are maintained. this is only 
view experience. This not good enough for auditors. 
What would you recommend ? access via screen ?  by printing MNX can see the 
group access on forms but what about local menu options within individual 
screens? 
any ideas on the best way would be greatly received. 

cheers

 
--
Post Reply
RE: SOX compliance - screen security access
Thu, 6 Mar 2008 03:59:01 -0800 
Hi, Alan,

concerning the question, where the supplier details are administered, I 
recommend checking the possibilities of the version control system in XAL.
The version control form has a second page, on which you can see, where an 
element has been used and which elements are being used by the element.
Maybe this feature helps the auditors seeing, where the supplier details are 
managed.
Concerning access rights, I would rather rely on the group rights set on the 
individual elements than on the group rights to use a specific menu option.
The rights on the elements apply, no matter which menu option is called. Of 
course it is the best to have both in place and in sync.

Kind regards
Hannsjörg Zdarsky
Software Design Engineer
Microsoft Deutschland GmbH


"alan" wrote:

> We have auditors in who are reviewing the XAL system to ensure that it is
SOX 
> compliant and has segregation of duties. 
> 
> As standard the best way is normally to control access via Database tables.

> However there is no easy way or documentation which proves or show that the

> Credtable for example is where supplier details are maintained. this is
only 
> view experience. This not good enough for auditors. 
> What would you recommend ? access via screen ?  by printing MNX can see the

> group access on forms but what about local menu options within individual 
> screens? 
> any ideas on the best way would be greatly received. 
> 
> cheers
> 
>  
> --
Post Reply
about | contact