I saw a comment yesterday about how IT admins have to restrict the privileges of other developers on their machines and was surprised by knowing this. I simply thought that employees in the software industry were essentially at equal parity in terms of their departments, and that the admin department was there just to centralise all the work done by other departments and keep track of the status of their systems. I did not think there would be a need to apply childlocks on other employees’ systems as I assumed that a person working at an industry like this would have basic computer literacy to know what is safe and permissible by company policy to execute and what is not.
This may come off as being too naive of me, but I genuinely want to understand how the hierarchy in such a company is actually like. I always thought of workspaces in the software industry to divide labour laterally and there would be no need for administrative powers apart from the management to exist, at least in regard to regulating other workers’ actions beyond normal workspace policies. It would be extremely kind of anyone to shed light on this matter.
It’s a liability and risk concern. If something were to happen (and this is guaranteed to happen eventually) you want to operate with the lowest privileges that you can to reduce the potential damage. This can be a mental health issue, a disgruntled employee or a simple accident that leads to compromise of company data and systems. For the same reason you don’t want to run every single application as administrator, you don’t want every employee to be an administrator at all times.
That said, with a good company, it’s not that difficult to get the access that you need provided that you have a legitimate use case. As a developer, I have a script I can run to give myself full administrative privileges at any time. Think of it as a safety on a firearm to ensure it’s being used deliberately. Even then, I don’t have access to the same documents that HR does because I don’t have a reason to know everyone’s data. And personally, I don’t want to have access to everything. If there were to be an incident (again, with infinite time it will happen eventually to somebody), I could become involved simply because I had access or knowledge. In many cases it could be grounds for termination if I should have known some information and did not act on this data in a timely manner. As I gain more experience I learn it’s often better not to have access to information without cause. It is against everybody’s interests.