FUJ00232670 - Fujitsu RFC Post Implementation Review

Evidence on official site

FUJ00232670
FUJ00232670

Fe)
FUJITSU
REC Post Implementation Review

RFC # Parent/Project Ref Originator Ref
04330451867 TFS A13610324
Title: I LIVE - Remove access to APPSUP database role from SSC users
Type: I Service Management ‘Sub Type: I UNIX- ADHOCS
Category: I 3 - Minor Change i 3 - Normal
Implementation: I Start: 18 October 2016 18:00 Start:
End: 18 October 2016 18:18 End:

Request Details: I Non technical overview and scope of the change:
Recent audits have
highlighted that
some database roles have access privileges above what would be considered best practice in a financial system.. In
particular there has been a focus on the APPSUP role in the BRDB database.

The APPSUP role was originally designed for use within the Horizon environment, it carried forward into the HNG
databases by default.

‘The APPSUP role was assigned to SSC users as an additional role above their standard default role of DB_MONITOR,
to allow them to manage application related issues.

‘As APPSUP provides enhanced access it has been decided to remove this as a default role from the SSC users. If SSC
require a access to the ROLE for an operational issue this will be re-added to users on a issue by issue basis.

Justification for the change and urgency:
Highlighted by several audits including PCI and Deloitte

Technical proposals:
on BRDB database remove the APPUP role from the users identified in the attached document in the file store

Initial risk assessment. Additional POL testing?:
None required

Proposed dates/times/duration of the change:
18 October 2016 18:00 duration 20 minutes

ATOS approval required (Y or N) check with sponsor:
No

Impact on any POL Branch/Network/Testing?(Y or N) :
None

Technical infrastructure Impact(Provide Peak ref):
No impact upon live services

List services or devices affected by the change. :
BRDB database change for users

Install Move and Change (IMAC) HW/SW or Incidents:
No

Regression path and duration for regression:
Add role back to users regression 15 minutes

Does the change affect LST, SV8&d or RDT Test Rig:
Process will be tested in LST, prior to implementation on LIVE

Does this change the system build (if yes explain):
No

How will this be tested/peer reviewed/volumetric?:
Users unable to switch to enhanced role

Which other SDU's need to assess this MSC?:
Standard, plus LST and security

Who will action / manage this change (List)?:
Unix support

Document1 Restricted - Commercial 1 of 2
©Fujitsu Services, 2003
REC Post Implementation Review

The following information was submitted at the time the request was sent for acceptance:

td

FUJ00232670
FUJ00232670

foe]
FUJITSU

Objectives met

Customers satisfied
N/A

Side effects
N/A

Resourced as Planned
N/A

Implementation plan worked

Regression Details
N/A

il

Have ALL impacted and related Configuration Items been updated:
N/A

rovide document reference(s)

Other Comments
N/A

Document1 Restricted - Commercial
©Fujitsu Services, 2003

2of2