Beegle on Hacker News

Ask HN: Why not give access to everything, to everyone in an an organization?

I spend a great deal of my free time working for a small, local, all-volunteer non-profit. There are maybe twenty people that make up the core volunteers. I fill several different roles within the organization including the default “IS/IT” guy simply because of my background. Nobody else in the organization has a technology background so over the years, as we’ve needed things, people have looked to me to set those things up. I don’t have analysts to define user stories and requirements so along the way, I’ve had to just decide security myself. It definitely is something I always am thinking about and I try to get as many people involved (access-wise) in as many things as I can so the burden sits with me as little as possible.

One of our board members has decided everyone on the board should have complete, unrestricted access to everything. From the combination to the lock on the little cabinet that houses the modem and gateway router and the passwords for those devices, to full-administrator privileges on all of our software “systems” (Google Workspace, Mailchimp, Square, Azure, etc.)

Another board member is now rallying with that board member so it is going to be an entire discussion point at our next board meeting.

Part of me wants to just go ahead and do it. Everyone can start sending newsletters through Mailchimp (we have just one person who coordinates them all now) and we won’t have any standards on formatting, frequency, etc. Everyone can setup new groups and users in Google Workspace and create shared drives like they are folders. Why not?

I want to explain that less access means less exposure to systems being compromised. It means not having the person who does a function different from yours digging into your projects randomly and deciding to “help.” It means you won’t end up locked out later because somebody else in a few years decides tightened security is needed and starts arbitrarily making decisions about that.

Are there any other good reasons I should give these particular board members why this is a bad idea? Or, is this just me being too overly protective of the work I’ve been doing for years?

Any feedback or questions are welcome.

4Beegle2y ago7

Ask HN: Why not give access to everything, to everyone in an an organization?

Another board member is now rallying with that board member so it is going to be an entire discussion point at our next board meeting.

Are there any other good reasons I should give these particular board members why this is a bad idea? Or, is this just me being too overly protective of the work I’ve been doing for years?

Any feedback or questions are welcome.

Beegle

Recent submissions

Ask HN: Why not give access to everything, to everyone in an an organization?

Wild Horses Adopted Under a Federal Program Are Going to Slaughter (opens in new tab)

BPT Still Operating; Not Paying Out the Millions Owed to Customers (opens in new tab)

FAQs on Protecting Yourself from Covid-19 Aerosol Transmission (opens in new tab)

The United States of Guns (opens in new tab)

Lost Sunken City Revealed (opens in new tab)

Recent submissions

Ask HN: Why not give access to everything, to everyone in an an organization?

Wild Horses Adopted Under a Federal Program Are Going to Slaughter (opens in new tab)

BPT Still Operating; Not Paying Out the Millions Owed to Customers (opens in new tab)

FAQs on Protecting Yourself from Covid-19 Aerosol Transmission (opens in new tab)

The United States of Guns (opens in new tab)

Lost Sunken City Revealed (opens in new tab)