I work in a small company (about 150 people). I manage developers here, and am the liason for the 3rd party infrastructure consulting firm/data center.
I have not yet been given access to the production servers--supposedly under SOD rules. So my question is, from a segregation of duties standpoint, I'm not asking for any sort of "change" access to, say the sql-server code. However, as manager, I would really like to be able to log into the box so I can monitor performance when I get slammed with requests about performance, etc.
I have the enough knowledge to do some preliminary troubleshooting and when my staff is either mostly gone (such as this holiday week) and the 3rd party is unresponsive (such as this holiday week), I would like to at least get the problem identified and have the actual 'doers' primed with a knowledgable diagnosis. This isn't so much a privacy issue--I have login access to our customer-facing software product and can see customer data.
So the question boils down to this--from a "Security Best Practices" or SOD standpoint, should the IT manager have login access to his production servers (both IIS and SQL Server)?