Who needs administrative priviledges to a network or website? The network admin obviously does. But others ask for root access, too, whether or not they truly need it. How should an admin-or the IT manager-handle the sensitive political situation when someone asks-no, demands-admin rights for a system when he really shouldn't have them?
This is not a hypothetical situation. Recently, I lurked on a converation in a network admin's discussion group in which one network admin's plight highlighted all the issues in one fell swoop. I'm reposting the meat of the original query here, with his permission, after removing specifics which might give away the poster's identity.
"More often than not," my online buddy wrote, "I find myself in a situation where someone 'higher' than me asks for access to a system, and they feel that their request is beyond question. This person may be the project manager for a project or someone above me in the food chain, but invariably they are always shocked and appalled that I asked why they need the root/admin password to the system. And then that's when the chain of meetings start, to discuss why am I being difficult, not a team player, etc."
"I may not be universally approachable, but I've always politely and respectfully asked my questions to get an understanding of what they were looking for," he wrote. "Experience tells me that often times they think they need root access but really all they need is sudo or a certain right granted, not full blown privileges to the entire system, if they need access at all. But from where I'm sitting, their anger seems to stem from, "This peon spoke back to me; how dare he.'"
For example, at one place I worked at in a time far away, the webmaster asked for the root password to the web servers. I asked him why he needed that kind of access, and the only response I could get was, "Because I need it." Of course I said No. A few days later I'm pulled into a meeting with the head of IT, my manager and the webmaster to discuss why I'm refusing to work with the webmaster.
Users who don't know the operating system certainly shouldn't have the keys to the kingdom, but sometimes that's exactly what they demand. No admin wants to give access to a webmaster who asks, "What's a shell?" The admin doesn't want to be a pain. He just wants to do his job, which is to secure the network and keep it running correctly.
Other admins in the discussion offered what I think are a pretty good list of policies for the network admin to adopt. I'm sure these aren't the only good Rules to Live By we could come up with, but they're a good start.
But before I let you peek at the suggestions, I'd like you to think about this for a moment. Whether you're an admin yourself, a programmer (who believes she needs root access to the production website to solve a development problem), or an IT manager... what's your response to the dilemma? You're the boss, after all; how would you solve this common source of friction? Even if you aren't moved to post a response here (and really, I'd love to see your own solution), scribble down a few thoughts. What would you do?
Got that done? Really? Okay, let's take a look at the suggestions other admins made, so we can compare their answers to yours.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.