I'm working as a team member in Business Objects, there's a handful of us and we spread the wealth among Administration, Universe Design, and Report writing. The BO server (running Tomcat) resides on a Windows 2008 machine.
We get on to this machine for various BO Admin tasks (recently: setting up Active Directory Authentication, getting Auditing set up, etc.). BUT - by virtue of doing this on the W 2008 server, we are required to get a Security Plus certification . . . that seems a bit of an overkill to me.
So the logic here is that by logging on to the Windows server, that (by definition) gives us "privileged access" (aka "root access") and therefore we need the certification to prove we are trained not to crash the system.
What do you think ? As a business objects team member, this seems like a lot of training on Security Plus for basically no value to the organization.
My main question though is - what exactly is "privileged access" ? Just by logging on, does that gives me privileged access ? Isn't there a way to get on the machine with "Non-privileged access" ? In other words, only give me access to Business Objects things, and therefore I really don't have "root access"?
It's a lot of time and effort to get Security Plus certified, time that seems to me would be better spent on Business Objects training.