Segregation of duties with Build Manager
Bookmark :
Another tip by Craig Schumann.
Segregation of duties is a big part of any governance initiative that involves development. It’s incredibly important, but also creates a few headaches for developers and admins that have to work it into their daily routine. Build Manager can help a lot here with two important features.
( read more...)
The first is Promotion Authority. Promote authority is simply a list of people that are allowed to promote the template using that promotion path. This can even be configured to be dependant on the server that is the target of the promotion which can be made un-editable. This simple feature allows you to control ‘Who’ is allowed to move code into Test or Production.
The second feature is ‘Promote As’. What promote as does is allow you to set up an id that gets stored in BM and then used when the promotion path is run. Now, by itself, this doesn’t do much, but what it allows you to do is then remove access to Test and Production to all users besides that ID. The fact that the ID is securely stored in BM means that no one can get access to the ID and is now locked out of those environments.
Then you set up the promotion authority to restrict the promotion to just the admin group and you now have a secure test and production environment that neither development nor admins can make direct design changes to, and only a select admin group can move a database from dev to test or production.
