Video Screencast Help

CAB Approvers can edit changes during voting

Created: 24 Sep 2013 | 4 comments

Is there any way to lock down a change so it cannot be edited during the voting phase?

 

We have found that during voting the CAB approvers can modify a change. 

There is a huge risk here in that any CAB member can update the change,   then approve the change.   Thereby voiding previous approvals.  Approvers cannot see these changes from the approval task so will not be aware.   

Any updates need to trigger the CAB process again.  Allowing approvers to modify the change to suite their needs without other approvers being aware is a huge risk.   The CAB role appears to be a Change Management role but this needs to be locked down so approvers can view ALL details of a ticket, ideally from the 'Approval Task', can add supporting documents and can vote on a Change.

Operating Systems:

Comments 4 CommentsJump to latest comment

TGiles's picture

In the current 7.5 version of ServiceDesk the functionality doesn't exist to prevent a request from being modified during the voting process.

Lark's picture

So the last person in a 10 person CAB group could completely modify a change (lets assume accidentally) and all previous 9 people who approved would never know about the change or get a chance to review their vote.

This is a gaping hole in the CM module.  Is there any sign this will be adressed in the next release?

Dan B's picture

Further to this issue ...    A change can also be edited after it has been CAB/CM approved.

Fault was submitted for ...

After a Change has passed the Planning Phase, approved by CAB (or CM), Implementation task created and a delegated implementation task created, a change can still be edited and a ‘Template’ applied, or planning tasks updated.

 

This came back as working as designed.   Since the whole point of change is a transparent, auditable and secure change process I find it hard to accept the many points during the process at which a change can be edited without the various partys aware,  or voting triggered again.

After submittion only Change Managers should be able to edit the ticket.  Other participants can add but not Edit.

jmankin's picture

We ran into the same thing and all i did to get around it was modify  the "edit plan" under process type action and added a component to check what the current voitng status is. if its in voting or completed stage the page just exits with a message that says plan is locked for CAB voting.