Understand from the Docs article Delete a production finance and operations apps environment
that anybody from the same tenant if has Security role as Project Owner on LCS will be able to Delete the production environment.
This is dangerous and need to control access on the LCS users.
The propose idea on top of existing one is that there should be JIT request for Production delete which can only be requested by Project owners of the same tenant.
JIT request should capture the user based on login and LCS project security role (non-editable) and ask for mobile number with country code (mandatory) and once it is submitted a verification code is sent to the mobile number as well as notifications are sent to the email address captured on the Notification list to inform the respective user is requesting for Production deletion.
Once validated the Production deletion button should be enabled may be just for 30 mins.
Comments
Yes, prod can be gone for good in a matter of minutes with this functionality!
JIT is a wonderful idea!! Just like the DBOwner access for sandbox DB, this time maybe environment admin can approve this JIT request after proper review.
Category: Lifecycle Services