[a4isms]

I'm not entirely sure that is a nonsensical argument.

I am permitted to use any client I like to perform SQL queries of our customer data, but if the client were to happen to route the data through a third party, I would be in employment-jeopardy breach of our security policies.

Similar rules goes for hardware: I can bring my own device for reading and locally storing our email and chats, but customer data is not to be accessed on any hardware not authorized by the company.

Roster data is not customer data, and there are reasonable arguments to be made that this is not an exact parallel. But in principle, I can understand a company wanting to have control over certain types of data and how it might be exfiltrated from the company, even if it is intended for employees to use to do their jobs.

[krferriter]

But in this case, isn't the "third party" just a piece of client-side software that performs a bunch of http requests to systems the client user is allowed to access, on a device the user is allowed to use, in order to aggregate the results and show them all in one spot? It's not being sent to third party systems off the user's phone.

Banning it would be like restricting certain sql clients, like allowing the CLI clients, but banning pgAdmin or MYSQL Workbench.

[a4isms]

I agree with you!

I also don’t really agree with the ban, and seriously doubt that they have any reason other than, “We dunno what this is, and are too lazy^H^H^H^H busy to think it through, give a decision, and deal this the precedent of allowing screen scraping and/or third-party clients.”

All I was trying to say is that while I may disagree with their call, I wouldn’t go so far as to say it’s “nonsense.” Just wrong :-)