[antris]

>They further said that if you need to access any sensitive personal data, or if you need to log in as a user in order to debug a problem, you need to have approval from your manager _before_ the access, not after.

But were you still able to just look at the data or login as the user without the permission? I think that's the key question.

Talk is cheap. As a user it's not good enough for me that people are being told internally not to abuse their access. Just remove the permissions from the employees and make them request the permissions for each individual case instead of trusting the employees to follow the rules.

[darkwizard42]

Disclaimer: was at FB in 2014

You could at the time start trying to log in as a user and MULTIPLE red warnings came up that proceeding further would automatically notify your manager and skip of access and a reminder of data policies. Now at that point I did not go further but I did know that content moderation and security teams had special access so I imagine they did both, heavily warn avg FB eng AND restrict access.

[jsbdk]

How about people with direct database access?

[edmundsauto]

I am close with some people who worked there until recently. All data access is audited; production access is limited via ACLs in both the main data storage system as well as all the others like the warehouse, realtime ingestion, etc.

FB appears to take this extremely seriously. I just pinged my friends and they said the only way people get fired is for sexual harassment or improper data access. And the second is the one that gets audited and monitored every day.

[kmeisthax]

I imagine at Facebook's scale that nobody has direct access to individual database or application instances; and that if someone actually needed to run queries of any kind in production, it'd be as stringent as deploying a code change.

[darkwizard42]

Pretty strict. You don't get direct db access unless in a very specific team/role. You have to request access to tables on a per-table basis.

I believe this is similar to how Google does it.

[ryan93]

I believe they dont allow you to access peoples public profile while at work.

[tmule]

I am not sure I agree with this framing. Equivalent framing: separate the genders since rape is possible, even if rape is punishable by death. This is not just talk - FB does have capital punishment for abuse of access, which creates REALLY strong incentives. Of course, this isn’t fool proof.