|
|
|
|
|
|
by LanceH
1806 days ago
|
|
|
If you don't need access, you shouldn't have it. If you do need it to do your job, you shouldn't have to run to your manager several times a day to make a request to do it. You should have root or whatever is necessary and it can be audited. I'm not arguing against access control. I'm arguing for those with responsibility to work to be given the commensurate authority to do their work -- with auditing even. |
|
|
For 99.9% of employees, accessing customer data should absolutely be a "talk to your manager" level of occurrence, and each time it happens the manager should ask why it was necessary and what logging you need to add such that you don't need to do it again.