Who keeps check on system admin?

Depends entirely on the chain of management within the company in question, but the IT Director would be a pretty good bet in most cases.

I was the LAN administrator on the submarine I served on while in the navy...I had no-one really overseeing what I did...I had ultimate power and there was nothing anyone could do about it....I don't know how it is in the civilian world, but that was my experience...

Thanks guys...

The System Security Engineer/admnistrator or Informaton Assurance Officer would usually keep tabs on the system admin. This is usually accomplished through Role Based Access Controls (RBAC) and Least Priviledge.

This is where the Security Group has the privilidges to check and modify security logs and the security tools and the Admins only have the least required priviledges to accomplish admnistrative duties.

often the admin is the only person in an organization with the technical knowledge to do his job and as long as things run smoothly, everyone (rightly so) is happy.

the admin reports to or is the it dept manager / director, or reports to the cfo.

"no one understands what i do" is usually something a network admin can truthfully say. most ppl can't begin to fathom his (statistically it is "his" not "her") job.

Hi,
Thanks for the help guys.

in big companies system admins have managers, and they work in teams anyhow. in smaller companies there is always a chain of command

Most of what's been said here fits the bill. In many establishments Systems Administrators work in teams, so they check each other, but for the most part they collectively sit on a fairly high chair in terms of control. The management structure above them is what keeps them in check and enforces accountability.

I have heard of some large companies, however, that control their security access in a very granular fashion, to the point that some employees have rights to add/delete user accounts but not much else, while others can perform network configuration, yet others can deploy and manage applications, etc.

what i found gets most people in larger company's is who watches over the Computer Security People, in most cases they have to have root access to almost everything to do there job effectively, I’ve worked in Information Security before and because its fairly new in the IT world a lot of CIO's / IT managers wont get anywhere near overseeing what the IT security people do...off topic maybe but i thought it was a interesting discussion point

the Audditor

In most networks the admin is not usually allowed to be a full superuser (root) but just a highly privilged user. basically what this means is that he cannot mess with the logs. there is then an auditor who has full read access on the logs

no, the admin does have root access. the auditors ONLY have access to the logs, to verify sysadmin's work has been done properly.

but generally, even in military industries, the admin is going through lots of background tests before he is hired, gets a high clearance and then is allowed access to whatever

I was the LAN administrator on the submarine I served on while in the navy...I had no-one really overseeing what I did...I had ultimate power and there was nothing anyone could do about it

but generally, even in military industries, the admin is going through lots of background tests before he is hired, gets a high clearance and then is allowed access to whatever

wow ft33ssgeek could have started nuclear war

yup :)