On Thursday, January 20, 2011 06:02:38 am Giles Coochey wrote: > Data and Accounts are distinct, and the policies regarding their use > should be distinct too. +1. The third 'A' of triple-A (AAA) is accountability. If you share accounts you defeat accountability. This has nothing to do with data access, or user home directory data access; yes, there should be mechanisms in place for monitoring. But those mechanisms need their own accountability, too. The access should be done only by an account authorized to do so. Without accountability, authentication and authorization don't mean a whole lot.