开发人员应在其PC上具有管理员权限 [英] Should developers have administrator permissions on their PC
问题描述
开发人员应该在其PC上拥有管理员权限还是给予他们足够的高级用户访问权限?
一些评论:
- 如果他们想尝试一些需要安装
的新
应用程序,那么他们可以在
a虚拟机上进行尝试,然后再获得
网络管理员为他们安装
。您认为
可以工作吗? - 开发人员
是否需要在其PC上做任何需要
管理员权限的事情?
我们是由5名开发人员组成的团队,并构建Web应用程序
答案是是。开发人员将需要获取系统配置,以测试项目,安装软件(如果没有其他要求,以测试他们碰巧正在开发的产品的安装过程),戳注册表并运行在没有管理员特权的情况下无法正常运行的软件(仅列出一些项目)。
请记住,开发人员不一定具有对生产系统的root访问权限,这是开发工作中不可或缺的许多其他任务。
本地PC上的权限不会显着损害生产系统的安全性。几乎没有合法的操作原因可以限制需要工作的员工对本地PC的管理员访问权限。
但是,提供管理访问权限的最重要原因是,建立一个受到威胁的或二流的开发环境会向您的开发人员发送一条消息:
'我们珍视您的工作,以至于我们
愿意显着
损害您的工作能力
没有充分的理由。实际上,我们对
感到很高兴,以掩盖我们自己的
的资产,顺应
小官僚机构或
的异想天开,因为我们根本不会受到打扰。
那是最好的情况。最糟糕的
情况是我们实际上是
类型的控制怪胎,将其视为
我们的建议是告诉您如何
做您的工作以及您做什么或不做什么
需要这样做。善加利用您得到的
,并感激
根本没有工作。'
通常,为开发人员提供一流的工作环境(更不用说根本上有缺陷的工作环境)是惹恼员工的自然后果的秘诀-无法留住能干的人,员工流动率高,士气低落和质量差的交货。竭尽全力做到这一点-尤其是在顺应官僚主义的想法时,这是不负责任的。
请记住,您的员工流动不仅会带来更换员工的费用。员工流动最严重的代价是,大多数留在员工身边的都是无法找到更好工作的枯木。随着时间的流逝,这会降低受影响部门的能力。如果您的行业足够亲密,您也会发现自己的声誉。
需要注意的一点是,对于unix-oid而言,管理特权远不是开发的问题或大型机系统,而不是Windows。在这些平台上,用户可以在自己的域中做更多的事情,而无需系统范围的权限。您可能仍然希望开发人员具有root或sudo访问权限,但如果不这样做,那么访问权限的频率就会降低。这种灵活性是在计算机科学学校中不断普及基于Unix的操作系统的重要但鲜为人知的原因。
Should developers have administrator permissions on their PC or is giving them power user access sufficient?
Some comments:
- If they want to try out some new application that would need installing, then they could try it on a virtual machine and later get the network administrator to install it for them. Do you think that would work?
- Is there anything that a developer needs to do on their PC that would require administrator permissions?
We are team of 5 developers and build web applications
The answer is 'Yes'. Developers will need to frig with system configurations to test items, install software (if nothing else, to test the installation process of whatever they happen to be developing), poke about the registry and run software that will not work properly without admin privileges (just to list a few items). There are a host of other tasks integral to development work that require administration privileges to do.
Bearing in mind that development staff do not necessarily have root access to production systems, admin rights on a local PC does not significantly compromise security of production systems. There is almost no legitimate operational reason for restricting admin access to local PCs for staff that need it to do their job.
However, the most important reason to provide administrative access is that setting up a compromised or second rate development environment sends a message to your development staff:
'We value your work so little that we are prepared to significantly compromise your ability to do your job for no good reason. In fact, we are quite happy to do this to cover our own arse, pander to the whims of petty bureaucracy or because we simply can't be bothered. That's just the best case. The worst case is that we're really the type of control freaks that view it as our perogative to tell you how to do your job and what you do or don't need to do it. Make do with what you're given and be grateful that you've got a job at all.'
Generally, providing a second-rate (let alone fundamentally flawed) work environment for development staff is a recipe for the natural consequences of pissing off your staff - inability to retain competent people, high staff turnover, poor morale and poor quality delivery. Going out of your way to do so - particularly if there's an overtone of pandering to bureaucratic whim - is just irresponsible.
Bear in mind that your staff turnover doesn't just incur costs of replacing the staff. The most serious cost of staff turnover is that most of the ones that stick around will be the deadwood that can't get a better job. Over time this degrades the capabilities of the departments affected. If your industry is sufficiently close you can also find yourself getting a reputation.
One point to note is that administrative privileges are far less of an issue for development on unix-oid or mainframe systems than it is on Windows. On these platforms a user can do far more in their own domain without needing system-wide permissions. You will probably still want root or sudo access for developers, but not having this will get underfoot much less often. This flexibility is a significant but lesser known reason for the continuing popularity of unix-derived operating systems in Computer Science schools.
这篇关于开发人员应在其PC上具有管理员权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
