DataStage Security Model - DEV, QA and production (problems)

Post questions here relative to DataStage Enterprise/PX Edition for such areas as Parallel job design, Parallel datasets, BuildOps, Wrappers, etc.

Moderators: chulett, rschirm, roy

Post Reply
dnsjain
Charter Member
Charter Member
Posts: 34
Joined: Thu May 08, 2003 2:12 pm

DataStage Security Model - DEV, QA and production (problems)

Post by dnsjain »

I am implementing DataStage security across different servers, development, QA and production. We have a requirement that developers should be able to make changes only in development server but not in QA and production. In QA and production, developers should be able to see the job runs and logs. And third group should be able to migrate the jobs across different environments. Based on DataStage jobs roles, I have created two groups for the project in each environment.

1. projGrp group
2. prodSupp group

in Development server, projGrp group is assigned role of DataStage developer and prodSupp is assigned the role of DataStage production Manager.

in QA server, projGrp group is assigned role of DataStage operator and prodSupp is assigned the role of DataStage production Manager. Also the project is defined as protected project.

in Production server, projGrp group is assigned role of DataStage oeprator and prodSupp is assigned the role of DataStage production Manager. Also the project is defined as protected project.


Based on the documentation, all of this should work as we had the requirements, but we are running into following problems:

1. In QA and production server, projGrp users, can not see the jobs. I tried to check the forum and found that job should be released, if the jobs are server job, but for parallel jobs, there is no release concept so my best option is make projGrb as DataStage developer in QA and production and leave the project as protected. Is that the right solution of is there a better model?

2. The requirement was prodSupp users should be able to migrate the jobs in QA and production environment. Since the QA and production projects are protected, The jobs can not be impoted by production support group. Somebody need to unprotect the project. But unprotect project option is only available to dsadm user. Is there a way to import the jobs in project without accessing dsadm user?

Any suggestions to implement DEV,QA and prodcution model with different people performing different level tasks will be greatly appreciated.
Top
keshav0307
Premium Member
Premium Member
Posts: 783
Joined: Mon Jan 16, 2006 10:17 pm
Location: Sydney, Australia

Post by keshav0307 »

in QA and Production, i keep only executables. and the final code in VSS.
Top
Post Reply

Return to “IBM<sup>®</sup> DataStage Enterprise Edition (Formerly Parallel Extender/PX)”