Re: Application Admins with Local Admin on Servers

[Adam Pal <pal_adam () gmx net>]

Hello Megan,

I can give you 2 examples about what i saw so you can eventualy get
some more ideas:
*) in a medium size company where developers are working with the
IT-Staff together (or maybe they are the same) an are on the same
location local admin privilege can be granted, eventualy also
admin-privilege to some server, but not to all. Nothing about
harrasment but just in case some developer-machine goes nuts...

If i would be part of developer-team, i would like to ensure that the
development-enviroment is completely separated from the
production-environment.
If you see any danger in affecting production-systems then DONT grant
privileges.

**) in a big project where locations are distributed all over the
world, usualy the developer needs and has full-rights on his host, but
restricted rights on the shared medium (cvs, development server, nfs,
etc) which can be more or less restrictive according to the status
(project manager, etc).



-- 
Best regards,
 Adam Pal   

Tuesday, July 10, 2007, 4:15:02 AM, you wrote:

<==============Original message text===============
MK> System Administrators -

MK> I am trying to get a feel for what other companies do with regard to
MK> application developers needing local admin privileges on servers. I am
MK> specifically working in a Windows environment but believe that the
MK> same principles would apply in any environment. Here are my questions:

MK> Do you grant admin privileges to application developers?
MK> If not, do you grant them specific access or do you take care of the
MK> work for them?

MK> I do understand that it is a violation of separation of duties to
MK> allow application developers to have local admin or root on systems, I
MK> am simply try to get an idea of what the rest of the community does in
MK> practice.

MK> Thanks!

<===========End of original message text===========

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature