2

Everyone talks about the importance of delegation. But how can a manager delegate work if password sharing is verboten under the organisation’s IT Security Policy? This means that the PA would have no access to his email account, no access to cloud storage accounts and many other information sources etc. This set-up I imagine would make the delegation of work difficult if not impossible?

Anders
  • 65,582
  • 24
  • 185
  • 221
daikin
  • 1,069
  • 1
  • 8
  • 9

2 Answers2

3

In many e-mail systems, one can delegate another to act on their behalf. So Pat, the secretary, can send mail on Terry (the boss) behalf. In Outlook, for example, the email says "from Pat on behalf of Terry". Additionally, cloud storage and other accounts can have multiple permissions on accounts/directories, access. So Terry can grant Pat access to any directory desired. Of course Terry should be careful to not grant too much access, lest Pat get access to Terry's personal files, which quite often contain subordinate payroll information and other confidential documents that no one else should see.

This type of delegation has happened in every company I've ever worked for, and I'd imagine that any IT person who's been in the business for a short time would know how to handle delegation. That way you still have traceability from shared access without sharing a password.

Think of it this way: suppose Pat could just log into Terry's e-mail. Then an e-mail comes out: Pat has done a fantastic job. HR: please immediately send me paperwork granting a 10% raise. Who sent it? You can't prove anything; both parties deny it. By using delegation, we can see that Pat has indeed done a fantastic job and deserves a nice pay bump.

baldPrussian
  • 2,778
  • 2
  • 11
  • 14
  • https://support.google.com/mail/answer/138350?hl=en - This site seems to make out that the "delegate" can also send emails on behalf of someones else. This feature could be used to send an email to HR asking for that raise! – daikin Feb 15 '18 at 12:37
0

But how can a manager delegate work if password sharing is verboten under the organisation’s IT Security Policy? This means that the PA would have no access to his email account, no access to cloud storage accounts and many other information sources etc.

Why would they need to share access to the same account?

Most systems allow multiple users, and often granular permission levels per user. When you delegate a task, you give that person's account access to do the task, if they didn't have it already. This is the less frequently mentioned part of the principle of least privilege: you have to give people the privileges they need to do their work.

Often the person delegating won't actually have the permissions to do the work themselves. For instance, a CTO probably wouldn't have access to change DNS records, because if they need that done, they'll delegate it to a sysadmin underneath them.

Xiong Chiamiov
  • 9,432
  • 2
  • 34
  • 81