On 9/08/2013 5:41 PM, Robert Brockway wrote: > On Fri, 9 Aug 2013, Bernard Robertson-Dunn wrote: > >> Sysadmins can only get at data that is viewable with "common" programs >> e.g. data in files with .txt .docx .wri type extensions. >> >> If the data are held in an application and can only be accessed via that >> application, then sysdamins can't get at the data - they need >> application level access. > The sysadmin responsible for managing the application
Sys admins shouldn't manage applications, they should only manage systems. Application managers should manage applications. It's a question of division of responsibilities. If the data is held in an SQL database and only an application can access that application, then the sysadmin would have to go through the application. If they are not in the ACL (which is under the control of the application manager), then they can't get at the the data. If necessary, the data in the SQL DB can be encrypted. > There are approaches that can be taken to limit this sort of behaviour but > they generally take a level of effort and discipline I've rarely seen in > organisations. If it's important enough, it can be done. The ABS does it for census data, national security is somewhat more important. > I don't agree that it is easy to all. Siloing can be used to restrict > access but it tends to be an expensive and cumbersome approach - so > much so that most organisation don't use it at all, even many that > should. DoD and NSA are not "most organisations" -- Regards brd Bernard Robertson-Dunn Sydney Australia email: [email protected] web: www.drbrd.com web: www.problemsfirst.com Blog: www.problemsfirst.com/blog _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
