This is a true story.Jimmy is a manager in Department A. He has been given access rights to a department folder stored in a server. Recently, Jimmy was given new duty and seconded to Department B. He has to take on extra duty in Department B while continue to work for Department A.
On his 2nd day of his new duty, he found that he could not access Department A's folder anymore. He alerted the Human Resource and IT Department. The human resource officer informed Jimmy that her department did not instruct anyone to remove Jimmy's access right to Department A folder.
What is shocking is that the IT officer did not seem to do any check and merely ask Jimmy to get his boss to authorize him to have access to the folder. Jimmy was very furious. He cannot see why he should ask his boss to grant him the access to the folder since he had already have access to the folder before the new job. Jimmy now demanded IT department to answer to him who in the first place remove his rights and in whose instruction that the action was taken.
This may seem to be trivial, but it could mean a serious weakness in the process and control of granting access rights. What do you think could be the problem and how should we avoid such thing from happening?
No comments:
Post a Comment