Problem Exists Between The Ears
I work in internal IT for a retail company. I’m on a team that grants access to specific applications. We’re the only ones that have access to grant these permissions, although we do have several KB (Knowledge Base) articles that were created when we first took this over.
One day, I get a direct message from a coworker.
Coworker: “Hello, I’m talking to [User #1] and she says you approved access to [System], but I’m seeing that a group needs to be added. Can you help me understand what you did?”
Me: “I didn’t approve anything. We just grant the permissions after the user’s managers have approved the request. And that request was completed last week. What’s her issue? If permissions are missing, she’ll need to resubmit the access request because we grant what’s in the request at the time it’s submitted.”
Coworker: “No, for her, it’s working fine. But she just did the same thing for two employees and they weren’t added to the right group.”
Me: “What group? Who are the employees?”
Coworker: “[Group #1].”
Me: “Who are the users? You won’t have access to add them. They should be added automatically.”
Coworker: “I know I won’t, so I’m having them add themselves.”
Me: “Please don’t have users request access to the group; it will be denied. They should be automatically added, and if they aren’t, we have steps to follow when we grant the permissions.”
Coworker: “[User #2].”
Me: “She’s in the group.”
Coworker: “I searched and she’s not there.”
Me: “She’s there. And I also double-checked and she’s got [System] permissions based on [Record #1].”
Coworker: “[User #3] was the other.”
Me: “Same thing for her. I also confirmed her permissions.”
Coworker: “Oh, wait, the KB says it’s supposed to be [Group #2] that you need to add them to.”
Me: “[Group #2] is only needed if they aren’t in [Group #1]. Are you looking at [KB]?”
It should be noted that in the steps about adding the group, there is a giant red note that points out they only need [Group #2] if they aren’t in [Group #1].
Coworker: “Yep.”
Me: “That’s actually only intended for [my team].”
Coworker: “I don’t even know what that is.”
Me: “It’s my team. We’re the ones who grant the access requests. You’re not the intended audience for that KB, so you won’t be able to follow the steps.”
Coworker: “Well, all I know is that they don’t have permissions, and [User #1] called asking why not. Now I’m stumped and frustrated that I gave misinformation.”
Me: “I double-checked permissions for all three of them, and they have access based on their requests. Are there any errors? I’m on a call right now, but if you can give it a minute, you can call me at [number] and I can try to see what’s going on?”
Coworker: “Well, she hung up.”
She thanked me and went on to her next call, but I had to wonder why she: a) looked at a KB and realized she didn’t have access to it but still tried to follow the steps, b) somehow missed the giant red banner of “only do X if Y isn’t met”, and c) actually decided that users would know better than IT what the problem was and didn’t bother to get more information.
Without any further issue/information, I knew of two things off the top of my head that could have been causing the issue. And one of them was PEBKAC.