[PH95VuimJjqBqy]

the reality is that someone, somewhere, is going to have access like this. Depending on the industry and the type of data there's typically a separation of concerns.

For example, if you can get code into production you cannot have access to production data and vice-versa.

You'll also see data in different databases where no one has access to both. You'll also see things like this with the use of encryption keys, such as KEK vs DEK where no system has access to both.

https://security.stackexchange.com/questions/93886/dek-kek-a....

typically speaking these compliance frameworks will have exemptions for "business need" and companies will try to drive a semi-truck through that hole. Whether they get away with it depends on multiple factors such as the size of the company and the auditor's mood.

It's almost like being "too big to fail". I have seen some absolutely heinous setups surrounding compliance related data that was allowed via "business need" because pulling that rug would cause the entire company to stop functioning. Generally when companies do things like this and they get to that size they'll spend years rectifying the problem because auditors will start giving them the stink-eye or they'll actually hire people who aren't comfortable with what they're doing.

it's all very messy, but don't assume that just because you have that kind of access that you should (and don't assume the reverse either). Without knowing more about what you do I couldn't say.

But for sure the other poster went quiet when I asked who the company was because they're fully aware they're on shaky ground. Which was my point in making that statement.

[lannisterstark]

>But for sure the other poster went quiet when I asked who the company was because they're fully aware they're on shaky ground.

No. It had nothing to do with 'shaky grounds.' I do what my job requires me to do.

I didn't respond because I didn't want you to potentially doxx me. Why would I reveal the company name where I work?

That being said, post your passport details here. If you don't, you're obviously a criminal on shaky grounds with the law. If you weren't, you obviously would have no problems doing so.

See how that works?

[PH95VuimJjqBqy]

that's an excuse, if you as a contractor has direct access to raw logs with that sort of data in it the company is at risk.

That is the truth regardless of your claims about why you won't reveal the company name.

[lannisterstark]

That's just an excuse you're using to not provide your passport details. Surely if you have nothing to hide you would not hesitate for one second to reveal your personal details. Right?

Absurd arguments all around.