Wade Curry wrote:
I understand the purpose. It does make it difficult to
create a profile that doesn't wreck existing permissions. It has
encouraged people to use the most general profiles they can, and
subverts the goal of having security in place.
Ayup. And this is why we all now use peecees and have crappy security.
The big problem is that good security is a technical issue which rapidly
mutates into a *political* issue.
The issue is the fact that the person who grants security access is the
de facto most powerful person in the company. As such, he is also the
biggest political threat in the company. Any technology which can
bypass this will be adopted readily.
That's what happened with PC's (actually workstations first) and
businesses. Minicomputers and networked terminals generally did a
better, faster and cheaper job than peecees when PC's first appeared.
However, having a PC meant that you did not have to go kowtow to the
keeper of access. This instant removal of a political threat absolutely
ensured the rise of the PC in business.
I saw all of this in action in IBM where mainframe access was
effectively *free* and PC's cost *real money*. Managers *still*
switched to workstations and PC's.
The same force also pushes managers toward sacrificing restrictive
access. Restrictive access puts more power in the people who dole out
access; loose access strips that power.
-a
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
