Are you a snoop? Apparently 1 in 3 sysadmins are according to this survey (Slashdot has an interesting discussion). I'd like to think that most DBAs aren't involved in any snooping around and that most of us actually have better things to do. In light of the recent issues with Terry Child, perhaps some managers need to do a bit more snooping.
I'd like to say that I've never accessed data I wasn't supposed to, but I have. I admit it, I'm a little disappointed in myself, and I knew better. At one point I worked at a small company, I'd been there awhile, and I had to do some work to integrate our sales order/inventory system with the accounting system. Up until then we typically had 20-50 orders a day and those were manually entered into the accounting system. However we had taken on a new line of business with many more sales and we needed to dig through the system to find a way to import the data.
This was at the end of one calendar year and Christmas bonuses were due. They came, but they were much smaller than expected, especially as the company had done well. However the owners had been looking to invest in some new ventures and must have wanted to conserve cash. To shorten the story, I flipped through the salary and bonus allotments in the accounting system to see if everyone had gotten smaller bonuses. Everyone hadn't, I wasn't happy, but I didn't say anything since I was guilty of poor behavior myself, and moved on in my life.
Since then I've seen administrators checking email, especially executive email and files to see what might be happening in the company, looking for gossip, and often, checking to see if there is any reason to fear for their jobs. I've warned people away, knowing I made a mistake once and got away with it, and not wanting anyone else to lose their jobs for doing something stupid.
Power is a very seductive thing. We hear many stories, some true, some not, about people taking advantage of their positions for any number of reasons. System administrators have quite a bit of power, and access to data that they probably should not be allowed to see. Vendors have slowly started to build products that allow people to administer them without having rights to the entire system. Even SQL Server is slowly allowing us to store data that "sa" or a sysadmin cannot view. This wasn't the case for many years and many versions.
Companies need to have oversight implemented over everyone working there. From the CEO to the janitors, allowing anyone unfettered access to any part of the organization is asking for abuse.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are now available at sqlservercentral.mevio.com to get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.
or now on iTunes!
- Windows Media Podcast - 31.9MB WMV
- iPod Video Podcast - 25.3MB MP4
- MP3 Audio Podcast - 5.1MB
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.