Our management thinks that sysadmins should not know admin / root passwords and when they need it, they should get it from a privileged identity management [1] software for say 15 minutes. However, I think having an software / appliance that has administrator rights on your all infrastructure is more problematic than a disloyal employee. Since it is the master key that opens all the doors, attacker would love them. If an attack succeeds, its result would be global. For a disloyal employee, effect should stay local for a large organization. Also I don't understand the idea of trusting some random company's employees and their closed source / un-audited software but not trusting your own employees. Our management say that this is the industry best practice. Is this really the case? Do your companies also follow this practice?<p>[1] <a href="https://en.wikipedia.org/wiki/Privileged_Identity_Management" rel="nofollow">https://en.wikipedia.org/wiki/Privileged_Identity_Management</a>