Monday, August 17, 2009
Should application programmers be bonded? Should they have regular production access?
The other day, I was in a conversation about bonded home contractors, and I recall a debate back in the 1990s, over the issue of not allowing application programmers (then in a mainframe environment) update access to production files, without specific access requests. Likewise, elevations were done through change control packages (CA-Librarian, CA-Endeavor, ChangeMan) with specific protocols, so programmers could not ordinarily directly update production source or libraries.
I found this practice, that started to become common in the late 1980s (with packages like Top Secret and RACF) reassuring. Production systems have to process millions of transactions perfectly. There is no possibility of being blamed for causing a problem when the systems are used properly. There were loopholes, such as when IDMS was accessed in batch through the CV (Central Version), or sometimes when Information Expert (Dun and Bradsteet) was invoked. The buzzword for this kind of security was “separation of functions.”
Yet some programmers found all this protocol annoying. Why not simply have all application programmers bonded, one would ask.
I think we were bonded on the New York State Medicaid project in the late 1970s, because we had to be fingerprinted. But nothing was ever made of it.