Recently I encountered a file permissions issue. Long story short, I had a service that needed to run a .bat file, but because of a Windows quirk, it needed list access to the root of the drive the file was on. I called up my friends at our Information Security department and after getting transferred around a bit, I was informed that their policy was to not grant special access to the root of any
drive.
Rather, their preferred solution was to create a file share and grant the ID access to that, and then require the ID to reference the share through it's UNC path name.
The computer scientist in me balked at the idea (thankfully I kept it all internal). "Are you kidding me? I'm not sure windows is smart enough to figure out the share is local, the service might wind up bouncing off of a switch or router somewhere to get to a drive on a machine it's already on! Clearly this is not a good solution." (It's like typing "google" into Chrome's awesome bar to pull up google.com and search for something).
I took some time to think about it and try to come up with a better solution (because there are better solutions out there) but then I stopped to think about it. This is a business, and the goal of every business is to make as much money as possible and spend as little as possible making it. Our information security department has a system they understand and are comfortable with and are providing a workable solution to allow my project to continue (round-a-bout as it may be). The argument, "We can't do that! It's....it's.....bad!" Isn't going to hold much water.
From a business perspective, there's no noticable performance drain, no monetary reason not to use the solution that's in place. It would also cost a significant number of hours to research a "better" solution and train the employees on how to implement and use it.
We computer scientists often think we are working on Platonic computer science. Computer science for computer science's sake, make it as correct as possible just because it's more correct. For better or worse, we don't. We all want to get paid for what we do, and for that to happen, we need to be making the company money and not wasting more than we need to.
I'm not saying we're going to stick with this solution, I discussed with my manager long enough to get some time to look into a more correct solution. But before you go after your business area for implementing a less correct or less technical solution, do some quick mental cost/benefit analysis of what you want to suggest and make sure it's as good for the wallet as it is for correctness.
No comments:
Post a Comment