I am keen understand what the practices others are following with regard to version/change control of permission sets in IFS.
We have tried Exporting Permission sets via XML to a version control system SVN/Git Repository with mixed success. If carried out diligently, is that it provides a full audit and commentary and it is possible to restore the old permission set (it does need to be imported as a new name)
However, it is easily forgotten or skipped in a rush, and we were finding that a large number of Permission sets were updated with either Quick Report or IAL deployment. Exporting each permission set in this scenario was not workable..
We are keen to audit/track permissions changes that grant/revoke the Functional Areas that we have defined within Segregation of Duties analysis. We are now looking to capture changes to this with a daily report (using two IALs that snapshot the access on alternative days). This will allow us to interrogate and possibly ensure compliance with the external version control system, however this could end up being time consuming.
Are we missing anything? What would be ideal is a Security Checkpoint that would force you to re-authenticate and enter a comment when making a change that is going to impact Permission Sets…
I am hoping we are missing something that could simplify this? We are currently using APP9 Update 16
Best answer by mwilson
View original