Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
spam spam bacon spam

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 36
Reply with quote  #1 
I would love to tell you all the gory background on what led to this question, but the server hosting this forum would run out of available storage.  [wink]
 
Actually, the idea of posting this has rolled around in my head for the better part of 2 days, and honestly, I've been completely stumped on how to explain what I'm looking for.  I was hoping to provide a little background, because a lot of times, when I explain "why" I want to know, ya'll educate me  - like making me aware of factors I'd not known about, etc.      
 
However, the "why" in this case is "because I'm now working for a boss who has me starting to question whether my job is really just some sort of hidden-camera setup where, while being secretly filmed, I am given increasingly ludicrous activities to perform, in the hopes that my various reactions cause hysterical laughter from some unseen audience.    

The alternative...that this is real... well... I feel an incredible urge to curl up in the fetal position under my blankets and hide.  

After realizing there was no way to provide a sane reason for this question, I finally decided to just ask, without providing any context, whatsoever.  If you end up wondering why the hell I'm asking about this, see 3rd paragraph above.

_______________________________________________________________________________________

When setting up new users/(employees), IT staff frequently add the new employee to some sort of third party service (SaaS) the company utilizes... G Suite and Office 365 are two examples.

When the user logs in to these services for the first time, they are (usually) required to agree to (acknowledge and accept) the terms of some sort of written disclosure about  privacy/usage/disclosure/ethics/etc.  Usually, the first time they use the service, they are required to formally accept the disclosed policies, before being allowed "in."
   
   
My question is:
What's stopping an IT tech from just going ahead and "accepting" the disclosures in order to gain access to the newly created account?

Asked another way:

What would your response be, if a tech came to you and said "since we can't change "x" configuration from the admin console, how about we just log in to brand new accounts as if we are the user and change "x" directly."


~spammy

__________________
If at first you don't succeed, destroy all evidence that you tried.

0
Donato

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 67
Reply with quote  #2 
Obviously, IT management is going to do whatever they want, including cameras in the office. As soon as you or anyone else clicks on acknowledge & accept, they have agreed to whatever they haven't read. Have you read the agreement?

BTW, thanks for keeping the forum's storage limitations under consideration when you post.
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 914
Reply with quote  #3 
Quote:
Originally Posted by SpamSpamBacon (Hummm Bacon) Spam
My question is:
What's stopping an IT tech from just going ahead and "accepting" the disclosures in order to gain access to the newly created account?



Small companies don't have automation, workday/ servicenow/ some other solution.
IT have no idea who person X is....could be new CTO/ CISO/ third party hacking company/ or a general run of the mill average joe person.
Generally no interesting info in an account that hasn't been initiated, wait at least 3 months before yo go poking in their accounts.

Edit - Had wrong name in as I posted incorrectly - Apologies Donato


__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
Donato

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 67
Reply with quote  #4 
I didn't post that question wobble! Thanks for correcting it.
0
spam spam bacon spam

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 36
Reply with quote  #5 
Okay, I see by your replies that I was unclear about what was/is bothering me.

Lemmee try asking another way.


What's bothering me is the action itself, of acknowledging and accepting the legal disclosure provided at "first run."

Before I say anything else, let me say for the record... yes... I know that those disclosures are not some life-altering legal contract... you can't negotiate individual clauses, you can't refuse to accept them and still gain access, etc.  I know that almost no one reads them and that they rank somewhere down near "register or die!" nag screens on the akthy scale of unnecessary keystrokes.


Is it okay for an IT tech, in the course of setting up an account, to go ahead and accept the legal disclosure just to gain access for some (who cares) reason?

It seems like if we do that, we've acted on their behalf, and entered into a legally binding agreement, but without telling them afterwards, nor with their consent. 

Maybe we've even removed some of their rights - without asking them, we have gone ahead and agreed to conditions to which they are now bound.

I know these agreements are "no big deal", but still the same, I don't think it's okay for a tech to assume the user doesn't care and therefore just accept the terms to gain access.

But is it okay?
Maybe it is.
I couldn't find anything about requiring IT staff to refrain from accepting the disclosures.

I won't do it, but am I correct in refusing?


~spammy




__________________
If at first you don't succeed, destroy all evidence that you tried.

0
Donato

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 67
Reply with quote  #6 
You weren't unclear in your original post. I fully understood what was happening. If you're not exactly sure why they are doing it, I have a little saying. "Whenever the question is WHY, the answer is money."  Apparently, they have a deal with someone to be paid for information & to protect themselves, they need everyone to click on accept.

Quote:
Is it okay for an IT tech, in the course of setting up an account, to go ahead and accept the legal disclosure just to gain access for some (who cares) reason?

It appears to me that the reason would be to keep their jobs. The same saying applies.
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.