[kronolith] Privacy in Kronolith 3.0 vs. Horde admin rights
Christoph Haas
chhaas-ml at uk-bw.de
Thu Apr 14 13:54:44 UTC 2011
Hello Jan,
hello Eric,
Jan Schneider <jan at horde.org> wrote on 2011-04-13 17:57:
> Well, the solution is simple, don't "misuse" admin accounts. Those
> should really be used for adminstration tasks only, and there is no
> reason to assign administration rights to a whole bunch of users.
well, Jan, we don't "misuse" admin accounts, and the "bunch" of users
are a few members of the network admin team, which are necessary for
work load balance and proxy for illness and holidays...
And you won't tell me, that in bigger orgnizations ther is only one
admin account ;-)
Eric Jon Rostetter <eric.rostetter at physics.utexas.edu> wrote on
2011-04-13 18:44:
> Quoting Christoph Haas <chhaas-ml at uk-bw.de>:
>
>> But your answer is not really satisfying in matters of data privacy
>> protection :-( there are a lot of thinkable (and existing) scenarios,
>> where this leads to real harm.
>> E.g. not all appointments of a team-leader should be visible to
>> team-members, etc.
>
> Have your users login with non-admin accounts on a regular basis, and
> only login to admin accounts when they need to do admin operations.
> Then they won't see them by default, but can see them when they want,
> which is what you said you wanted.
no, I said, that I do not want to see admin accounts by default private
things (appointments etc.).
> Best practices: only use admin accounts when needed, and use non-admin
> accounts for normal activity.
I can easily agree on that.
> Yes, there are probably other/technical ways to resolve this, but it
> seems that unless there are details I don't know that using non-admin
> accounts for normal non-admin access would fix your issue.
sorry, but no, it does not fix the issue at all!
>From my point of view it makes a big difference to have to do a
database-dump an analyze the dump to get private entries displayed,
which is a criminal act, at least a big disregard of privacy rules and
admin-ethos.
But to get all private things displayed by default from the Horde
application, by just doing normal admin-jobs is a worse neglect of privacy!
Sorry for my harsh words ...
Cheers
Christoph.
--
Mit freundlichen Gruessen / Yours sincerely
Christoph Haas
Linux User #99546
GnuPG-/PGP-fingerprint: 944B D713 F72F 4398 B156 8089 DA8B 68F1 1543 51C3
GnuPG-/PGP-public-key:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x154351C3
More information about the kronolith
mailing list