The GPS Staff Database project is prompting a discussion of access privileges. Users commonly suggest elaborate rules for viewing, editing and creating data. While I take privacy and privilege very seriously, I often argue in favor of a mallet rather than a scalpel approach to security.
- Building a complex security layer requires more work and more development time. While this is never justification on its own, it's part of the equation.
- In my experience many degrees of access that seem important in the beginning, eventually collapse into fewer in practice. You're left with a system that makes distinctions, the logic of which is forgotten and the business process no longer supports.
- In my freelance career, I often felt access privileges were determined by personality and politics rather than job function. When someone quit or advanced, the access layer no longer "fit" the organization.
- Quis custodiet ipsos custodes? Who guards the guards? A system has yet to be build that prevents malicious use. Trust, Training, and Tracking. We have to trust people. We have to train them not only on the system but the business process around it. We track who does what, when. Not in secret, but in a log where everyone can see.
- IT should never be part of the access plan. Sure, we have the master password, but we're outside the business process. We have to rely on what others tell us. In which case, why not make it so those in-the-know can do for themselves?
- IT can't be integral to the systems we build. Think of us as freelancers who disappear once the work is done. You can call us back for further development but day-to-day operation has to be owned by users.