Wednesday, May 09, 2007

Empowerment

I got into the office to see $BigFoods had filed a Prio-1 ticket. One of their idiot users managed to delete the root admin. Now while you can't delete Charlie Root in UNIX & Linux, we're dealing with a database. An administrator with write privileges can delete any damned thing he wants. Restoring this isn't easy but can be done. I know it can be done because at least once a month some company sends in a Prio-1 ticket because this has happened.

Who the fuck gives root database and application admin access to goddamned call center monkeys? $BigFoods does. And why? I almost fell out of my chair when I read the response.

##

I sent the guy my standard response about how to fix the problem. There is one way which doesn't work:

1) Recreate the administrator user

This can't work for much the same reason that you don't rename root in operating systems from California and Finland so that you can have a normal user named root.

There are two ways which do work:
1) Restore from back-up.
2) Follow complicated process dependent on ensuring that our rules about base tables data weren't broken

The second option is the better of the two. Unfortunately few ever follow our demands to leave the fucking base tables and data the fuck alone. They'll add extension columns, new rows, triggers, whatever they can think of. They'll base intersection tables on certain variable positions of those base tables. They're idiots. I can't make up the shit they do because no one in his right mind would ever think to do such a thing. Who the help puts an index on the primary key column, stores that to a M:M table, then uses that table for keyed searches? (Answer: Roberto from $CarCorp.)

So the first one is usually the better choice. In order to prevent the loss of work since the last back-up (circa 1998), we also tell them they can edit redo logs to remove the deletions and then apply.

Nope. "Our DBA is away and our back-up DBA isn't sure about working with redo logs. We need you to assist us."

The database is sitting on AIX. I can't connect to do any sort of teleconferencing so that I can actually see what's going on and I'd have to talk my way through this with a DBA who can probably find his ass with both hands in a best of three. It woulda been a case of the blind leading the fuckwitted. As I was trying to figure out how to say this in reply which wouldn't get my manager's attention I got a follow-up response.

Hi REC,

we restored successfully the DB until the Time point before the users deletion. now the environment is up running. We had to full restore because the user deleted many more people.

I just stared at the screen. There are about 12,000 seats at this place and one of those fuckwit ell-users deleted the admin and then a load of other users? I couldn't let it go. I had to ask.

Joe,

I'm glad the system is back up and running. I strongly advise you find out why this user had admin rights and remove them. Your administrator should also evaluate the security permissions and settings for all users, both within the application and at the database level.

Love,
REC


Ask a stupid question...

"All users have administrative access. After an employee survey and discussion groups, the consultants explained that employee morale was being hampered by the previous heavy lock-down on the system. We agreed to conditionally lift the lock-down conditional on employee productivity remaining at or above the previous level. Productivity has in fact increased some 10% over the past six months."

Uh-huh... right up until one of those monkeys deleted the fucking administrator and half his cow-orkers, costing you a few hours' data across the entire center.

I'll bet those lost 10,000 man-hours or so still didn't cost you as much as what those "consultants" reamed you for. Root access for phone operator and data-entry monkeys so that they feel empowered? Root Cause: 17-Fuckwit.

I wonder if I could get them to pay me to come in and feng shui their server room.

x-posted from HuSi where there's a cartoon babe poll.

Labels: , ,

0 Comments:

Post a Comment

<< Home

In compliance with $MegaCorp's general policies as well as my desire to
continue living under a roof and not the sky or a bus shelter, I add this:

DISCLAIMER:
The views expressed on this blog are my own and
do not necessarily reflect the views of $MegaCorp, even if every
single one of my cow-orkers who has discovered this blog agrees with me
and would also like to see the implementation of Root Cause: 17-Fuckwit.