Who gets accounts (was Re: Advice, opinions, and ideas sought.)
Steve Blair
sblair at upurbmw.dell.com
Thu Jun 27 01:33:18 AEST 1991
An approach that I've used in several companies works around
a concept of paper trails. Especially important if you're an
Internet site, as things can & do happen.
Consider this:
A user is caught by the watchful eyes of the sysadmin group attempting
to connect to machine/companies/etc., that that user should *not*
be connecting to. A sysadmin from one of the other sites calls *YOU*
on the phone, and tells you:
"Someone is attempting to connect to our site from yours, and they've
not got a reason/account/friend here".
You're now stuck with a dilema, is this internal employee a breakin
artist, or just "exploring". If the case is the latter, then a
discussion with his *manager(NOT HIM/HER)* should then ensue,
with the manager of that employee about their behaviour is totally not
"net.acceptable", and that it'd better end immediately.
If you continue to watch the employee, such as the case with the first
example, there exists a clause in most companies that can cause
theivery as a situation that can be a cause for dismissal.
Many folks will ask for accounts on machines that they need. Also
there's another "class" that >perceives< that they need an account.
Best option is to allow management to decide, it covers your tail!!!
A simple form that has things like proposed login name, *reason for
access need, etc*, signed by their manager, will leave you a paper
trail that's a *MUST* in the case of the dismissal.
I know that the way the labor laws are going that most companies'
lawyers will *NOT* recommend a dismissal, if some type of paperwork
is not there. Because, if that employee who gets dismissed goes to
a sleazoid lawyer, for a wrongfull dismissal lawsuit, it's 100%
CYA with the paperwork.
I've had this at a company(NOT DELL) where I used to work, and it
took me a few hours to determine that this employee was *not*
just playing around. I will not discuss how I determined that, other
than to say, that with the help of several "impartial" observers
working through the evening, we were able to get enough information
to the next morning turn it over to the respevtive managers & H/R.
It's possible that we would have terminated that employee, had he not
resigned first thing the next morning.
**********************IMPORTANT*************************************
When considering the "circle of trust" that we as sysadmins have to
deal with, always have *some paperwork* trail. Without it, your company
could/would potentially be in for major hassles in court !!!!!!
CYA CYA CYA CYA, and then some more, you can't in 90% ++ cases, go wrong!!!
--
Steve Blair DELL UNIX DIVISION sblair at upurbmw.dell.com
================================================================
*Notice: "/earth is 98% full, please delete anyone you can...."
-anonymous @dell.com
More information about the Comp.unix.admin
mailing list