A Sensible Approach to Access Control in Configuration Management


middle manager does not like the look or feel or your project at one particular point in its timeline. Often, they take too much out of context and cannot
visualize or grip the direction that the software's development is heading. Such misplaced or incorrect conception can be detrimental. Control the access. Do not let the access control you!

Some will be able to access via an Intranet. Some may be able to access the project via a
web-based entrance. Some may only see it on a stand-alone platform, while others may access it through a wireless connection. 

Take advantage of all the different means of access and insure that your project management software enables access control to be flexible from many different platforms.

3.  The Level of Access by the Configuration Management Team Should Vary By Role

While you may offer full access to developers and programmers, end-users and management should have a different level of access.  This level or degree to which they may access the project can be controlled by you.

The National Institutes of Standards and Technology (NIST) effectively used Role Based Access Control (RBAC). 

RBAC controls access to computer system networks based on the users' role in an organization, and automatically handles complexities introduced by organizational hierarchies and separation-of-duty requirements. Under this practice, a users' role and duty in the organization and ultimately in the project, are used as a basis for granting access.

NIST's experience in implementing this practice has served as a bellwether for the private sector to implement a similar practice. 

The Research Triangle Institute (RTI) conducted an economic impact study on NIST's  RBAC and found that their experience, practice and lessons learned were adopted by
software developers in the industry and has subsequently saved the U.S. industry an estimated $295 million because it could safely use this method of access control.

Controlling privilege by roles enables the users to be given   all the information they need and prevent them from going somewhere they should not or altering something that
they should not.

Therefore, it is not just about who, when, or where to grant accessibility, but also how much accessibility they should get.  Again, insure that your project management software has this ability.

4.  Track Access. 

There are many commercial software solutions available for configuration management. For example, IBM® Rational® ClearCase® Change Management Solution is one of these tools and aptly describes their utility by stating that " solutions can help you improve productivity, gain better visibility into projects and processes, manage distributed organizations, and provide audit trails and traceability across the software lifecycle for fast delivery of high-quality software.   

For example, my own firm's product, Alexsys Team ® 2 software system, works under the same principle for the team environment. 

It is a useful tool for team players to  recording and assign responsibilities to boost team productivity.

With adequate project control, a successful project completion is that much more achievable.   Implement your tracking and control plan and you will put yourself well ahead of the lion's share of software developers who never gave it too much thought from a strategic perspective.

Software development, in many ways, can be a high-stakes endeavor, and many large-scale development projects do not make it to fruition for many reasons. 

The project leader knows that the right mix of people with privilege to access the project is central to its success.  Project managers should welcome an approach to access control that monitors who can come into the software project, when they can come in, how long they can come in for, and what they can do once they do come in. 

Embrace it fully and use access control to your advantage.

Rich Bianchi is the president of Alexsys Corporation ( visit http://www.alexcorp.com), based in Stoneham, Massachusetts.  Alexsys' Team Pro software manages complex projects.  Alexsys Corporation is an innovator in software solutions designed to automate the management of tasks and business processes
associated with

About the author

AgileConnection is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.