Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Lockdown or Let Them Free Expand / Collapse
Author
Message
Posted Saturday, September 19, 2009 11:57 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:52 PM
Points: 33,268, Visits: 15,440
Comments posted to this topic are about the item Lockdown or Let Them Free






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #790817
Posted Monday, September 21, 2009 5:50 AM
SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: Moderators
Last Login: Monday, September 15, 2014 9:16 AM
Points: 6,784, Visits: 1,895
Im in favor of giving them as much access as possible. "As possible" contains a lot of variables of course, but it's why when a DBA is hired they should find out what is really wanted - do they want data rigidly protected, or a slightly looser approach?

Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter
Post #791040
Posted Monday, September 21, 2009 6:02 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, May 7, 2012 9:23 AM
Points: 304, Visits: 716
Likely the biggest management problem I have dealt with in my career is the false presumption by various IT workers that technologies and data are "theirs". That somehow they were hired to "oversee" these company assets. In fact, they were hired to serve. Thats what IT workers do. In virtually all cases, we are secondary in our work to the front-line business. Our job is essentially to help other people do their job - to serve their needs for data, and the things they need to get done with data.

I have run into DBA's with (what I call) a "Caesar complex" and these people don't last long. I am not interested in excuses as to why a staff member cant have data or software they need to get their work done, and I have watched a number of times as egocentric DBA's seem shocked when I dress them down reminding them that our "clients" are in fact, our coworkers, and our primary goal is to serve them and enhance their abilities to do their jobs.

Data, software, hardware, and most technologies in the work place are assets of the company NOT the DBA or any IT worker. Those assets are there to assist those who need them to get work done and make profit for the company. Security concerns are not without importance, but at the bottom the line, any company has an IT staff to serve - not to conquer and hold.

If you work for my IT department, leave your ego and your "power" at the door and come in and serve our company staff. Otherwise, keep your resume up to date because you're going to need it.


There's no such thing as dumb questions, only poorly thought-out answers...
Post #791043
Posted Monday, September 21, 2009 7:42 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:52 PM
Points: 33,268, Visits: 15,440
It's not just a question of ego, it's more a question of matching things up properly. I've seen many people say they need access to get their job done. Developers have done this for years, claming the app won't work without "sa" access. 99% of the time it's BS because they don't realize what rights are needed, or are too lazy to check.

My point was that we might need to check access and privileges more often. Not set it and forget it. As someone grows, give them more responsibility. And take it away if they prove they can't handle it.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #791117
Posted Monday, September 21, 2009 8:08 AM
SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: Moderators
Last Login: Monday, September 15, 2014 9:16 AM
Points: 6,784, Visits: 1,895
blandry (9/21/2009)

If you work for my IT department, leave your ego and your "power" at the door and come in and serve our company staff.


Well said. That's the goal, or should be, of every support team. Lots of gray in the decisions, but if you try to serve that expectation I find things tend to work out pretty well.


Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter
Post #791142
Posted Monday, September 21, 2009 8:52 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Sunday, July 3, 2011 7:09 AM
Points: 258, Visits: 494
"The best way to handle rights and access is to selectively apply permissions to individuals, matching up their skills with their rights. If a user has problems creating indexes or adding tables, remove those rights. If they are a model DBA, then perhaps they deserve sysadmin rights. You can either loosely apply security and then tighten it up or lightly apply it and loosen it as people prove themselves."

But Steve, that's fine in a small to mid-sized company, where you know all the workers... but what about an enterprise sized corporation (let's say a Microsoft, IBM or EMC...) How do you manage this sort of tailoring in organizations that large?


Random Technical Stuff
Post #791179
Posted Monday, September 21, 2009 10:18 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, February 1, 2010 9:48 AM
Points: 3, Visits: 17
Having worked as a Systems and Network Admin in support of many types of businesses, developers, and DBA's, I have to say that security is a risk versus value proposition. Everyone needs to get their work done within an acceptable amount of risk.

For most users, and I consider everyone a user, doing the simple things like not running with Admin permissions, being aware of the potential risks involved with running software on your desktop/laptop/server, and understanding what the software does in your environment is critical. Running with normal, base user permissions, and in the case of any Windows OS, using an antivirus and spyware solution, can eliminate most security concerns.

With the boiler plate commentary out of the way, I would like to address the issue of Ego and the responsibilities of IT workers in general. The post was absolutely correct that IT's function is to serve the business and not our personal egos or goals. However, taking ownership of any system, whether that is your own desktop, a server, an entire network, database, etc. is a requirement of an IT worker. I have never worked in a place where there wasn't some form or process, verbal or heavily documented, where a user could request that new software be installed to meet their business needs. The idea that anyone can simply demand the permissions to install anything they want at any time is ludicrous within a business. You can do that stuff at home on your own systems. When a user installs software without understanding the impact it can have, not only on their computer or server, but within a network of systems, it puts everything at a potential risk. I have been privileged to work with some very senior developers and DBA's with skills I can only hope to have, and yet they too have installed and broken their systems and servers and caused hours of unnecessary work for themselves and others. I know it's not intential, but when the best and brightest of us can make mistakes, what is the potential risk for the average user who isn't knowledgable about their computing environment? IT professionals have to take ownership of their areas of expertise in order to serve the greater good of the business and all of the users rather than just the needs of the one. IT professionals must take ownership because they're the ones who must fix the issues and maintain availability of computing resources for everyone. In most operations, IT is a department serving the whole of the business or multiple businesses. IT is often a shared resource established to centralize Information Systems management to cut costs within the organization. So yes, IT can be a bottleneck, but it is most often one of choice and necessity within the orgainization.

If you work for a place without a process to address your computing needs, be proactive, develop a process. Take ownership and responsibility of your work and your needs and create or improve the processes you work within and realize that there are more than just your needs to be addressed. As a Systems and Network Admin, I serve, but I serve to the best of my abilities to keep everything available in order to run the business, not serve the ego of those who believe they have a right to administer their own computers.
Post #791286
Posted Monday, September 21, 2009 10:30 AM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Yesterday @ 12:39 AM
Points: 3,136, Visits: 11,494
There are many issues with no real black and white solutions.

If anyone can install whatever software they chose, them you end up with enormous cost supporting applications. If user A installs a little known programming language, develops an application, and them moves on to a different job, you may be stuck trying to support a language that no one knows or sending people to training to support it. What it the cost of supporting 10 different programming languages?

I worked for a small company (200 users) that had 4 different word processing programs, 5 different spreadsheet programs, and 4 different desktop database programs. Of course, each set of users expected prompt support from the 5 person IT department for their favorite program. You can say that people were empowered, but was there really any additional value to the company from this confusion of software?

Post #791296
Posted Monday, September 21, 2009 10:44 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:52 PM
Points: 33,268, Visits: 15,440
You can still do it in a large company, just need to use groups and spend a little more time on it. Or lock things down and take requests for additional permissions. Then handle those as people seem to have more knowledge.






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #791306
Posted Monday, September 21, 2009 11:26 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Friday, June 27, 2014 6:30 AM
Points: 14, Visits: 181
An old supervisor of mine used to say "it is better to lock them down in the beginning, because you can always get them more permissions but it becomes nearly impossible to take them a way".

I find that to be true more often then not.
Post #791323
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse