Our client is looking for a interface for design management so that the people who do the design management don’t have full server admin access. The interface application needs to be a full design management tool - sign, put onto servers as needed, run the commands to refresh/replace/convert, be able to do to a single database, multiple databases, single server multiple servers.
What do you suggest? What do you use in your environment?
Subject: hire an admin
If you don’t want your developers to be admins, you have to hire an admin to do the design promotion, and have someone review the designs before promotion. Because even if you find a way to have the designers ONLY be able to copy up a template, sign, and refresh … the agents they write could contain script to do any admin function. Since their scripts are signed by the server, they would run with the server access, doing anything the server/admin could do. So, as long as your developers can put a script on the server and sign it to run with serverID, they essentially have Admin access.
Subject: If a 3rd party tool is an option
Check out Teamstudio’s Build Manger. It automates and does everything you require and more.
http://www.teamstudio.com/Manage/managebuildmanager/tabid/107/Default.aspx
Note I work for Teamstudio so please contact me if you need more help
Subject: I don’t follow, you are describing what a template is doing.
I think you are describing one of the fundamental characteristics of a Notes template without buying or setting up additional tools.
Your designers can have full access to the NTF file, and the databases can block them out, but accept their changes.
But, as Maria suggested, if your designers are writing code, you need to have a process that will sign the databases with an authorized ID that can perform operations in each database. Notes ACL / Security will use the signer of the design elements to perform some actions–almost all schedule agents.
In a tightly controlled environment, the designer would code on a separate server that contains the templates. The administrator would sign their code and manually replicate the template to the production, and each night when “load design” kicks in your users will get the updates. The admins can also issue that command directly on the specific database.
However, I think this unrealistic for all cases at 100%. Some cases where there are production related bugs that needs to be fixed ASAP, your developers are usually on the hook fixing it with full access in production, anyway. Basically, if you lock your developers too much, they may be locked out of a critical system that needs to be fixed asap. (However, I have experienced sensitive apps that may have payroll, HR, etc information; but in those cases, there is 1 senior developer that is permitted access in the event something foul happens).
If you need to secure data from the developers, I would highly recommend using encrypted fields and issuing the keys to those that need it. This may help eliminate a crazy process and a nightmare when people change roles or leaves the company. The developers would see garbled information, and they still can security create design without compromising access to the information.
-Kyle Huang