Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Lockdown or Let Them Free

By Steve Jones,

This piece was originally published on Sept 21, 2009. It is being re-run as Steve is away on sabbatical.

I ran into this blog post about IT v other workers. The post is in response to an article in Slate about workers being oppressed by their IT departments. They're both relatively long reads, but the summary is that a writer at Slate thinks that the technology departments are too restrictive and unnecessarily hindering workers. The blog rebuts that point with the notion that many technology workers don't understand the complexity of their systems and there are valid reasons for not allowing workers to have free choice in what applications they install.

Having been in a number of technology departments, from small to large, I can say that I see both sides.  On one hand technology departments spend a lot of time and money cleaning up mistakes and problems from users. On the other hand, new applications and enhancements can often increase the efficiency or effectiveness of workers that find a new way to do their jobs.

The problem in both cases is a few extremes are being chosen to  represent both sides. Most users don't  require lots of attention from IT for their machines. And most IT solutions punish everyone for the problems that a few people provide.

I think that as DBAs we sometimes start to feel this way about developers. We classify them all as problems and give them no rights, or we think that every person must have all rights to all instances. This extreme set of solutions isn't practical, or effective, for most organizations. As much as I might seem to hate developers and make fun of them in these editorials, I recognize that there are many talented programmers and quite a few that know more about SQL Server than I do.

The best way to handle rights and access is to selectively apply permissions to individuals, matching up their skills with their rights. If a user has problems creating indexes or adding tables, remove those rights. If they are a model DBA, then perhaps they deserve sysadmin rights. You can either loosely apply security and then tighten it up or lightly apply it and loosen it as people prove themselves.

Let me say that I still highly recommend the use of roles for the actual implementation of permissions, but don't view security as a set it and forget it. You should re-evaluate it periodically, and that would include the permissions you give to your co-workers.

Steve Jones

Total article views: 204 | Views in the last 30 days: 2
 
Related Articles
FORUM

max worker threads

max worker threads

FORUM

max worker threads

max worker threads

BLOG

The Toilet Analogy … or Why I Never Recommend Increasing Worker Threads

The Toilet Analogy … or Why I Never Recommend Increasing Worker Threads Lately I’ve noticed an incr...

BLOG

Microsoft Changing Their Lifecycle Support Policy

Microsoft’s Bob Ward has a new post up on the CSS SQL Server Engineers blog about a change in their....

ARTICLE

A Walkabout

Steve Jones talks about a walkabout that one of his co-workers went on.

Tags
editorial    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones