Aktuelle Seite: Start IT & Compliance
You can't be timelier than this: today I last minute finished two mandatory corporate compliance training sessions that I had dreaded and postponed and moved back for weeks. One was about Corporate Security, the other on my understanding of the Business Code of Conduct. Thankfully, I don't have to go through another Sexual Harassment training (BTW: shouldn't it be called "Anti-Sexual Harassment training"?) anymore.
But here is the point: all these things are necessary and make sense, and my brain says: "Mario: it is important to know about this and comply." Right! But my gut says: "How boring! Isn't there anything more fun that I can do right now?"
A rather boring and time consuming exercise in an enterprise is the administrators' tasks to assign authorizations to a system user. Regardless of the system, a new user gets assigned a profile with transactions that this user is allowed to access and use. You may for example create a new account and edit it, but not delete it. Or you may edit only your own records, but not the ones of co-workers, even if they are in the same team. Or you may not override certain limits in placing an order, but you would need the OK from your VP to do so. The same VP, who's actually never really working with the system and therefore is not familiar with it, which leads to the anachronistic situation that the system user may know the VP-user and password and logs in with this user's account by himself, just for practicability purposes.
Over time, of course, you need additional authorizations, as you become more familiar with the system and will more likely encounter on a regular base exceptions which require your supervisor's approval. That's when you submit a request for getting more authorizations assigned for your user. A system administrator, who - as is the case in a large corporation - may not even know you, has to decide, if your request should be granted. The decision is rarely based on whether you are actually qualified to use the transaction, but more if you are a VP or if the comment-field in your request contains a compelling case. And that case was written by you, and is not based on verifiable data.