Re: Administrative Access

[Timothy Powell]

** Q: How is admin access given in most organizations?  Who makes this decision? What is the experience for other listers?   A: In my experience, rights to modify WORKFLOW is only given to those with the training and development experience....not untrained users that don't know what they are doing. The rights to modify CONFIGURATION DATA on the other hand is handed out much more freely. In either case, most organizations only grant either of these rights after the user has had some type of training and/or experience. IMHO, only an organization that doesn't care about it's applications and impact to end users grants untrained people any type of rights that might result in unwanted functionality, data corruption or outright outages. Would your management give the same user, admin rights to their HR or accounting applications or admin rights to all of their servers?   While we physically set the access, the ultimate decision of granting that access usually lies with the owner of the support process and application. But if he/she values their job, they won't let people that don't have experience monkey around in their systems. When that untrained person does something that crashes the entire system and brings the support functions in the company to a screeching halt....somebody is going to pay for it.     Q: How would you handle it if you were responsible for the Remedy application, and some un-trained user is given Admin rights by management.   A: I'd probably ask myself a few questions:   1) Was the management person that granted the access the application/process owner? 2) Why was that user given access? Was it to start them off as a junior person and ramp them up so that in the long run they can assist me in my job? Or was it given because the user is the management person's boyfriend/girlfriend that thought it would be "neat" to have access? If it's a boyfriend/girlfriend type issue and the grantor was not the application/process owner, I'd revoke the access and force the issue to the application/process owner level. 3) If this was the case of somebody that management wanted to learn the app to assist me, have I documented my change process (no changes on production, etc.) in writing and has that person continued to ignore that policy? If that's the case, that person needs to start following the internal processes for changing the system. If they don't, I'd revoke their access and force the issue.   If I did revoke the access, I'd have all of my facts ready so that I could immediately present them to the application/process owner to backup my actions and for consideration in making their decision. Lastly, I'd capture all of the decision discussions that I could via email, so that if the decision is made to still grant that access, I'd have a paper trail to back me up when the app goes up in smoke.   Bear in mind that the political ramifications of doing something like this can have negative impact on your career development path...in other words, it CAN get you fired. I'm not advocating a mutiny and I'm not saying you should do these things. These are thoughts that I and I alone have.  I think that should cover the legal disclaimer fine print. :-)   I hope you kept all the emails you sent where you strongly advised management to NOT let that untrained person have access and where you pointed out issues that arose from this person doing things in production.... ;-)   Tim From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Koyb P. Liabt Sent: Wednesday, September 06, 2006 8:14 AM To: arslist@ARSLIST.ORG Subject: Re: Administrative Access ** Similar thought -   How is admin access given in most organizations?  Who makes this decision? What is the experience for other listers? How would you handle it if you were responsible for the Remedy application, and some un-trained user is given Admin rights by management.   In my case, I am frustrated because I have an end-user (who is not a Remedy developer) making changes straight on production, and not taking the code thru development to testing, as I requested.  And management has given a end-user admin rights to do this.          __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___