If you tell enough stories, perhaps the moral will show up.

2010-04-10

Organisational Truth Lies in the Email Distribution Lists

Now this is a really good idea.

"All data access should be approved by the data owner"
That sounds so reasonable, it's easy for the auditor to say. But it's absolute murder in practice:

Most access is routine, and based on who you work for. Requiring an approval for this sort of access diverts effort and attention and provides no real control because if the facts are right, the access is approved unthinkingly.

I've been messing around with the idea that the official org chart from HR is a suitable proxy for this sort of approval. Essentially, I'm claiming that if the line is on the chart then the manager can't -- won't even be asked -- to decline access to his own team's area. And the same would go for project managers: if you're on the team, you're in the folder.

Now that's an OK sort of plan except for one detail: The org chart is wrong most or all of the time. Lot's of temps are missing and there are important lines that never get on to paper. To be fair, the people who manage it never intended it to be a moment-to-moment authority, but that, unfortunately, is what I want.

I could actually live with that loosesness -- "Good enough" is a lot better than most people's practice, and I think it would do. But we can go a little better, thanks to Kate.

This afternoon I was tidying some permissions, and I ran into trouble because the team group was wrong. And Kate, bless her white pate, told me to populate the group from the team mail list.

I can do something with this!

Because one thing that managers and their PAs care about is that the team or project distribution list is OK. It'll be updated when the structure changes, and everyone will be on it. If you work for two bosses you'll be on both lists. And, crucially, with Exchange, distribution lists can feature in access control -- you just have to turn on "security-enabled."

Do you see where I'm going? The distribution list structure, with its nesting, is a true org chart, kept up to date by people who care and understand what it means. And that means that it can be used for all your "because he works for me" approvals, without dealing with the constant stream of "oh that changed" errors.

Finally!

2010-04-07

It's OK -- It's Just Normal

Stupid article in Friday's Kent Messenger about a rapist on the transplant list. The editorial comment asked the question "Would you donate your heart to a Rapist?

Well, the obvious answer is "No: I'm still using it," but it's still worth a look because it makes a rather wonderful example of the way normals think.

As far as I can tell, it's not a joke. We're not intended to say "No, and he shouldn't get blood transfusions either" or "No, and donor registration should allow you to opt out of patients with unpaid parking tickets as well." Or, and I particularly like this one, "No, and convicts should be denied medical attention generally."

Someone wrote this, someone subbed it and the editor put it on the front page of the Maidstone edition. None of them gave it the ten seconds thought required to see that there's no principle here, that even if the transplant immunologists didn't already have enough to worry about, there's no line, no criterion offered which will serve to guide donors or doctors.

There is a real story -- that some judges are much too prone to make stupid remarks -- and I'm hoping that it wasn't just cynicism that got it covered this way. I can't really object to journos who fail to take an idea to its limits to see where it goes. It is, after all, just normal.