Silly question but here goes:
Are there any examples of uses of authorization rules section to meet the needs of SOX compliance?
Last company I worked at were audited by SOX. Usually someone would have a checklist they went through making sure our systems met their standards. But most of it did not really make sense...
So maybe they are confusing you in this case. They should not audit CSLA or its authorization rules. They are a mechanism not an implementation (you could probably word this better) so really you should be providing extracts from your code such as what happens in your objects CanAdd(), CanDelete(), CanWriteProperty() etc...
Thanks for the info. I did some checking and I am not sure how serious to take some of these things. I am a bit confused on it. Silly government. But they are going through our source code. Asking questions.
Copyright (c) Marimer LLC