Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
General
SOx Compliance
Where and what objects to look for to review program changes - directory and file permissions in Unix
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Hitman
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5208
People Online:
Visitors:
420
Members:
0
Total:
420
Online Now:
New Topics
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Lawson S3 Procurement
RQ13 Approval Info
10/17/2024 2:12 PM
When a Requisition is approved on RQ13, what table
S3 Customization/Development
Read and Write CSV file COBOL
10/9/2024 2:53 PM
Does anyone have a quik example of a program that
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
General
SOx Compliance
Where and what objects to look for to review program changes - directory and file permissions in Unix
Please
login
to post a reply.
1 Replies
0
Subscribed to this topic
2 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
lidersuper
New Member
Posts: 1
7/6/2010 6:35 PM
I am auditing IT general controls for a Lawson GL application. I have normally looked at PD, WS, SCR, RPT, and PGM file extensions under the PROD and SYSTEM Unix diretories to review the population of program changes during a fiscal year.
1. Should I also be looking at other file extensions (.xml, .gnt ..) and other directories to identify production objects that have been modified and that could change the way the application performs calculations or reports?
2. Most of the files in the system I am reviewing have read-only permissions set. However most of the directories have rwx permissions set at the group and 'world' level. Users could replace production objects (delete old object and create new modified object).. can the application continue to work with these new objects without a new compilation? or would the new objects need to me compiled along with the rest of objects in order to work?
3. The system administrator says that he/she is using the permsmaint tool after each CPT to make sure directory and file permission settings are all restored back to the original / safe setting. Is permsmaint a utility that can be easily modified to set different permissions at the directory and file level.
4. Are program change developers required any specific access to the production environment, or can they perform changes in a separate environment and then turn them in to the administrator for implementation / compilation in the production environment?
Thanks!
Roger French
Veteran Member
Posts: 549
7/7/2010 6:44 PM
[quote]
Posted By lidersuper on 07/06/2010 02:35 PM
I am auditing IT general controls for a Lawson GL application. I have normally looked at PD, WS, SCR, RPT, and PGM file extensions under the PROD and SYSTEM Unix diretories to review the population of program changes during a fiscal year.
1. Should I also be looking at other file extensions (.xml, .gnt ..) and other directories to identify production objects that have been modified and that could change the way the application performs calculations or reports?
-- YES you should be looking at the other file extensions, especially .js, .htm in the web code folder and subfolders. Also look at .cfg, .properties, etc.
2. Most of the files in the system I am reviewing have read-only permissions set. However most of the directories have rwx permissions set at the group and 'world' level. Users could replace production objects (delete old object and create new modified object).. can the application continue to work with these new objects without a new compilation? or would the new objects need to me compiled along with the rest of objects in order to work?
-- If you're talking about COBOL, new objects (PD,WS,SCR,RPT) must be recompiled together for any new executible object to be create. You can't just replace the PD,WS,SCR,RPT and NOT recompile and expect a new executible object to be created.
3. The system administrator says that he/she is using the permsmaint tool after each CPT to make sure directory and file permission settings are all restored back to the original / safe setting. Is permsmaint a utility that can be easily modified to set different permissions at the directory and file level.
-- Permissions to run permsmaint should be that only for sys admin level. There are control files that are used in conjunction with it which can be edited to specific the specific folders and permissions you want to set.
4. Are program change developers required any specific access to the production environment, or can they perform changes in a separate environment and then turn them in to the administrator for implementation / compilation in the production environment?
-- It depends on your organization. Usually the case is that developers develop in a development environment, and promotion to a QA or production environment is done by someone else, many times it's the sys admin. Also (it depends on your organization), it may be that developers are locked out of PROD to do code changes and recompiles. This is something that you may want, but again it depends on your organization's policies. You may in fact want some type of ability to make program changes/compiles in PROD in case of critical issues that must be resolved.
-Roger
Thanks!
[/quote]
Please
login
to post a reply.