Deployment Auditing and Control


I'd like to be able to add a second layer of security for deployments. 

In brief, currently in our environment anyone with the Release Manager role, or Administrator role could potentially publish a change through lifetime (or even directly) to the Live platform without a second set of eyes or sign-off.

I'd like to implement an approach that enforces an additional sign off for deployments along with some audit process that alerts our Security Team whenever a deployment is done on production. 

What is the recommended approach for doing this?

Dear Richard,

I understand your concern of potential issues you can face if anything goes wrong with the production environment.

I would suggest following:
- You can include production configuration and development authorization to few people only. While other development Team can be totally isolated from this activities.

- You can create roles in Lifetime and assign these roles to specific users only as shown in below image. 

i.e. The one who is not authorized for production changes, you can give them similar role.

The logs are always there in lifetime under Deployment Plans having details about which activities happened to which environment.

Still if you think that this feature is mandatory, then I would suggest to create an idea or discuss with OutSystems Support Team.


Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.