Lockdown or Let Them Free

  • The idea of providing enhanced access to the competent is good in theory, but in the real world, the access gets provided to technically incompetent people who are just good at beating up you boss and whining till they get their way.

    The way people are judged had a big impact on the flexibility and accommodation they are willing to provide. If the network security guy gets beaten up every time there is a minor breach, he has no incentive to give extra access and plenty of incentive not to. A DBA who gets reamed out because a developer with extra access to a production database managed to take down an important application for several hours will not feel generous the next time someone requests extra access.

  • As a one man shop, I work both sides of the street. As yourself I have experienced the frustrations of both. From an IT side the tighter the security the less daily issues, from the developers side, the tighter the security the harder it is to create user friendly functionality.

    When I get close to my breaking point I stop and consider the following. The less issues in an IT enviroment the less need for staff. Management loves to cut staff. Instead embrace your ability to problem solve. If all went smooth every day any PC savy individual can run a server, just follow the task list and check mark each when done.

    I have always felt two things:

    1. Classroom instructors teach you how to work in a problem free enviroment, not much time is spent on the "When this goes wrong" discussions.

    2. My most marktable skill is my experience (knowledge picked up in the field problem solving)and willingness to do the research to find solutions.

  • This seems to take on two separate issues - control of their local computer and access control. As such I'll give my thoughts in that format.

    Local Computer - I lean towards role-based rights. Unless you're someone who needs to have specialized software for your job (mostly developers) then you don't get permission to install anything. There's no reason for it and it's a huge security hole. I've seen departments buy software and expense it then expect IT to support whatever they did and can't produce the licenses.

    Access - Give the minimum needed to perform the job. Use AD groups to control .. groups of people. If an individual can't handle creating indexes that's a performance/management issue, not one to be addressed with access control. It makes things much easier from an administrative side (add new employee to X groups) and keeps things consistent.

    I guess it boils down to letting them get their work done and keeping things under control.

Viewing 3 posts - 16 through 18 (of 18 total)

You must be logged in to reply to this topic. Login to reply