Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1273
Views
5
Helpful
3
Replies

Question about permissions for an IT employee

pendal8286
Level 1
Level 1

‎08-25-2019 04:57 PM

Hello all and thanks for your time and expertise.  Please note this question is not a hard line technical question per se.  

Here's the scenario:  There's a tech in my department that has zero IT training or background (doesn't even half an A + Certification) but he's hounding management for Domain level access.  

He was brought into the department in a political move (as I work for a school district which is a political cesspool) and was placed in a certain building.  He handles some imaging and basic troubleshooting but doesn't even have foundational networking knowledge to know the difference between a one-to-one problem and a genuine network issue.  The previous IT Manager gave extremely unqualified folks domain administrator access just so they could reset passwords because he was lazy.

The manager is no longer with us so I've cleaned out the Domain admins group and used Delegation Control to deploy the permissions these techs need to do a level one job.  Please note this tech has access to the local administrator accounts, he has full access to imaging servers, and he can disjoin and join computers to the Domain.

He wants his previous access which was Domain Administrator access which I refuse to comply with.  I know as I came up the ranks and was a help desk tech or level one tech I had zero access to Active Directory or Switches.  I'm just amazed that a guy with zero background feels entitled enough to dictate access.

Please let me know your recommendations for handling this scenario.  Am I being unreasonable or should one earn higher level access.  Thanks.

Labels:
0 Helpful
3 Replies 3

luis_cordova
VIP Alumni
VIP Alumni

‎08-25-2019 06:27 PM

Hi @pendal8286 ,

 

I think that if this person has a higher position than yours, there is nothing left but to give him the permission he is requesting.

Now, from what you mention, I suggest you implement a system of recording changes and recording of responsibilities.

This is to protect you if this person implements a change to damage your network.

 

Regards

0 Helpful

pendal8286
Level 1
Level 1
In response to luis_cordova

‎08-25-2019 07:05 PM

He doesn't have a higher permission.  He's only a level one, entry level tech.  I'm one of the two network administrators.

0 Helpful

luis_cordova
VIP Alumni
VIP Alumni
In response to pendal8286

‎08-25-2019 07:41 PM

Hi @pendal8286 ,

 

In that case I think you should assign to him a profile that has only the necessary permissions to perform his functions.

Moreover, that is one of the basic measures of cyber security.

 

Regards

Customers Also Viewed These Support Documents