So what is administrative privilege? It refers to those who have unrestricted access to the data and are able to set permissions to that data.
The obvious question that comes about from the administrative privilege discussion is, “Who’s watching the watchers?” Configuration control processes reviewed and approved by a board, which includes non-technical as well as representatives from every aspect of the business, is one means of ensuring that configuration and modification to the production environment are communicated to the appropriate business representatives. Auditing software with reports being sent to the “watchers of the watchers” is a way to monitor those key people that have complete access.
Consider the hypothetical case of a typical small business where everybody has access to all information. Even if it’s outside of the scope of their assigned duties. Do you really want your marketing person to have full access to the company financials? If your marketing person IS the finance person, then that makes sense. However, financials are sensitive materials that should be viewed on a need-to-know basis.
We should never have a case where only one person has “the keys to the kingdom.” For an additional example, do a Google search of Terry Childs. If you read more about the Childs’ case, his refusal to divulge the passwords was allegedly based partly on his belief that new management had insufficient knowledge to do anything constructive with the administrator privilege/administrative access.
Administrative privilege is having the right people with the right level of access to the information that they need and nothing more. It’s a balancing act. The point is to have a balance between too many and not enough people having administrative access.