All geek questions in one place

What access do you provide BA / PM?

Where I work, we have a little dilemma ... I am working on a small team developing an application for internal use. Recently, we just got a new prime minister. She would like to have access to our database and our source code (stored in svn). Our previous prime minister did not see the need and did not want to have access to any of the things β€œin our sandbox”.

Having said that, What is the proper amount of access to the PM / BA? Is there any security breach? If you agree that the prime minister should have access to one or both, what access?

I thought about it a bit, and at first I didn’t want PM / BA in my sandbox, but on the other hand I thought, what harm can it do? Am I wrong?

Is this fight worth fighting?

+4
source share
7 answers

Give her access. Have her check this out of source control and track her like everyone else. If she changes anything, you will have a story. If she makes suggestions about the implementation, this may help. If she is a bully and starts talking about the source code well ... she probably would have found a way to do it anyway.

+4
source

It depends on how much PM knows about programming. Some PM that I work with, I would feel completely comfortable, giving them full access to SVN, reading and fixing privileges. Other PMs, I would trust them with read privileges, although I don't think they would know what to do with the code when they saw it.

+3
source

You probably want to provide read-only access. Since managers tend to keep everything in their hands, they can change the code at their discretion, disrupt your procedures for verification / testing, etc. Granting read-only access will satisfy them if they want to see only what is being done / who is doing what.

+1
source

I have never heard this be considered a security or security issue. In fact, after reading the question, I have some serious questions about what your last PM was doing ! By all means, include the fact that you have an interested manager and give her at least read access so she can check and see what her developers are working with.

+1
source

Give her full access if she wants to. She needs to manage the project you are developing, and in order to do it effectively, she may have to look at any part of the project.

Of course, there is always the danger that she can do something stupid or malicious. If you have part of your audit of the change process, you can find out that it messed up something.

0
source

It depends on what specific responsibilities PM has in the project. Will it help users with usage and troubleshooting issues? Help with testing? Is there a reason why being able to research the data would help her work this way?

I think that read-only access to db and no-commit access to the source is unlikely to be harmful, and if it makes her feel that she is more part of the team and attracts her to participate in the project, then this is all for the best. And this, of course, will do nothing for your communication with her, if you refuse, and she goes over your head and still gets access.

0
source

To resolve the security issue, make sure you receive a message from a higher level manager if you intend to give PM any access whatsoever. If something goes wrong, at least you can show that you followed company policies (or were freed from them by someone above).

Regarding access, PM has no changes to the business code, so be firm in the absence of write access. Even read access should not be necessary unless they actually perform code checks or something that requires code from them.

0
source

Source: https://habr.com/ru/post/1277241/

More articles:


All Articles