IT Administrative Rights to Database
I, as the DBA, have been requested to give our IT Department administrative access to our donor database. However, IT has absolutely no involvement or oversight of NXT for us. My department is the only area of our school to really have access, minus some viewing access for administrators and Finance.
Any suggestions, comments, thoughts? My director and I are very uncomfortable giving our IT Director administrative privileges to a database he has never accessed. Thank you, all!
Comments
-
@Miki Martin I would be very uncomfortable as well. Have they said why they feel this is necessary? Are they concerned about some type of security issue? Why are they making this request?
Issues with granting access IMO include ensuring confidentiality of donor records and risk of accidentally making some kind of major change/deletion that would affect your whole database.
Access to a whole IT department definitely seems unnecessary. I can't think of a reason they would need it that would even make me consider granting admin access.
0 -
@JoAnn Strommen I just realized I said IT Department instead of IT Director. So, it's just one person getting access but they want him to have administrative access. As you mention, he would then be able to make major changes.
According to an email I received, there is a goal (I honestly do not know who set these goals) to have our Technology Department have “administrative rights on all databases at our school.” The Director of Tech thinks there would be a way to set up Administrative rights to NXT without giving access to the actual data in the databases. I do not see how that is possible.
0 -
@JoAnn Strommen At our organization our IT Director has administrative rights to our database and we have never had any issues, I mean he is IT. I have more concerns with the average RE User than IT. IT may at times need access depending on any updates or changes that requires an IT professional. Like I said, I worry about the average fundraising person than I do with IT.
4 -
@Miki Martin I would fight back. IMO there is no logical reason for him to have. He is not determining users, security options, roles for users. Or is that what they are looking for? If so, that requires a complete understanding of all the fields and functions of RE to set security groups and roles.
Yes, from my experience admin rights would definitely give access to the database at least in some capacity. If you could exclude all the rights to access the data, what's the use of him being a db admin? Maybe someone more techie knows more.2 -
@Miki Martin Having access just to have access, I would agree with @JoAnn Strommen is not necessary. My IT department will just send RE related help desk tickets to me anyway. However, as we try to integrate systems on campus we will likely give admin access to a developer in IT so they can connect systems together using the APIs.
1 -
I agree with @Joe Moretti. Also, there is a View Only option that you can use. The person can view the database but not make any edits or delete anything,
1 -
@Jane Van Ingen Agree with this! They really might need access to the Admin console if there is an update that needs to be made to this area. For example, enabling SSO for your org. Not much they would do in the database proper as none of that is in the realm of IT work.
If they don't handle any financial side with FE or a similar program, much less reason to be in database view.
1 -
@Miki Martin - In the past I've worked in small shops where the IT Department was one person, someone I trusted. In those instances, I have given the IT Manager access to the system as a back-up to me - although, this was back in the day when Citrix would prompt you to update a password and sometimes never accept it. More recently, IT had to be involved in a system due to updates on how users logged in, as the org transitioned to SSO.
1 -
@Miki Martin do you manage all aspects of NXT (billing, integrations, MFA, etc)? Are you using any other blackbaud products? Speaking as a former RE DBA and now IT DBA, it is helpful for me to be able to access the “nuts and bolts” of NXT for IT reasons, and to help troubleshoot security/rights issues our Advancement department encounters. I think you need to trust that your IT Director has similar aims.
2 -
@Miki Martin
I work in IT, so I can chime in from that perspective.Most IT departments operate on the principle that in order to properly support a product, you need to have high-level access to that product. Even if you rarely have to do anything to manage that particular product, if something goes wrong and the clock is ticking to get it up and running again, you need to have access to the tools you need to troubleshoot.
Plus, if your IT department is tasked with data security or data loss prevention, they've going to need access to determine how those policies impact RE usage in your org.
Your concerns seem to be centered around two points. One, that giving IT access will give them access to confidential information, and Two, that giving access opens up the possibility that they could change something that they shouldn't change.
The only thing I can say to those concerns is that responsible access to confidential information and caution when making potentially breaking changes are two of the core skills needed to work in IT. We have access to all manner of confidential data, and the ability to make changes that could quickly bring an organization to a grinding standstill. IT professionals who don't know how to handle those responsibilities do not tend to last very long.
So that's the boilerplate IT response for why we need access. ?
In your case, since IT hasn't been involved with this in the past, I think it's completely appropriate for you to ask what has changed that has prompted this request. But like Joe said earlier, I'd generally trust IT to handle these responsibilities more than the average user.
4 -
@Ben Regier @Lauren Henderson @Austen Brown @Lee Grisham @Jane Van Ingen @Dan Snyder @Joe Moretti @JoAnn Strommen thank you all SO MUCH! I appreciate all of the perspectives.
Our IT department has had absolutely no interaction to date with NXT. I am the “expert” here so all questions come to me. Currently, we only utilize NXT and Research Point, something I would LOVE to change, but that is another issue. So none of our systems currently talk. I am trying to get involved with the group to start working on consolidating our plethora of databases, but that has not gotten anywhere yet.
I will definitely be taking all of this information to our talk today with our CFO, who also heads up HR (if you can really call it that). Hopefully we can better understand the purpose behind the access request. Thank you, again!
1 -
@Miki Martin It's strange that it is coming seemingly out of nowhere, but it probably doesn't hurt things too much. Perhaps this is the result of an audit of some sort, but I doubt that they would request this access without good reason.
I don't think you should worry. The IT director probably won't be in the database often, if ever. I think the communication here is the biggest issue. If they were able to tell you why they wanted admin access, it would go a long way to ease your fears.
2 -
@Miki Martin, let us know what happens! I had a “who can have access” conversation a few weeks ago at my job--though not quite the same situation--so I'm sympathetic.
Jane
1
Categories
- All Categories
- 6 Blackbaud Community Help
- 213 bbcon®
- 1.4K Blackbaud Altru®
- 400 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 360 Blackbaud eTapestry®
- 2.6K Blackbaud Financial Edge NXT®
- 655 Blackbaud Grantmaking™
- 576 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 939 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.6K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 248 ResearchPoint™
- 119 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 241 Member Lounge (Just for Fun)
- 34 Blackbaud Community Challenges
- 34 PowerUp Challenges
- 3 (Open) PowerUp Challenge: Chat for Blackbaud AI
- 3 (Closed) PowerUp Challenge: Data Health
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 790 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)