There are a lot of inefficiencies that exist in most companies, and that is often true when it comes to work that needs to be done by the IT team.

What would you do if you were asked to automate some processes, but the the instructions you were given would grant too many permissions to people when they requested them?

That is what happened to the developer in this story, so after he objected, he implemented the automation anyway.

Let’s see what happened as a result.

HR & Payroll manager asked to automate their decisions away

In my first job, I worked in IT as an access and permissions administrator at a large company with significant technological debt.

The environment included custom software dating back to the Windows 9x and even DOS era.

Initially, the work was quite tedious, involving a lot of back-and-forth communication between multiple departments.

We had to ensure that each employee had the necessary training and documentation to access data in the scope requested by their manager.

This seems tedious.

Additionally, we needed approval from the manager of the department related to the system role in question.

On top of that, the company’s excessive paper-only bureaucratic workflow made the work go at a snail’s pace.

A single SAP account for a blue collar worker required at least three forms signed by different people.

The heads of departments responsible for signing those papers didn’t feel any urgency to send them to us quickly.

Here’s an example.

A good example of this is when I, myself waited over two weeks after being hired in the IT department before my first account was set up.

Until then I only had a guest account that allowed me to access the main internal website with the company’s procedures, regulations, and other basic information.

Up to this point each signed form had to be physically delivered to us, which was agonizingly slow given that the company had multiple branches.

This sounds like a good idea.

We decided to automate away the paperwork.

Our first step was to allow the use of scanned documents.

It was a partial success: while it eliminated the courier delays, management still required us to sign the physical copies afterward, which we mass-stamped at the end of each month.

Management was resistant to change.

The next step was to introduce a fully electronic workflow.

We faced significant resistance from upper management, so we had to settle on a system that mostly replicated the existing paper processes.

Despite this it was a game changer.

They made a lot of changes.

We created presets that managers could select and customize as needed, using data from these customizations to create better-fitting presets.

We also developed workflows that automatically generated and assigned sub-tickets for necessary approvals and tracked how long it took, sending reminders if needed.

And finally we got an approval from HR to access layoff data to generate user block/removal tickets.

Some time after we rolled out the new system, the HR/Payroll manager made a big fuss.

I would be mad too, it seems very inefficient.

She was furious that her team was still waiting weeks to get their permissions and questioned whether all our work had been for nothing.

That really struck a chord with me.

Inside, I was overjoyed, but I did my best to keep a neutral expression.

At that time, we were working on summary reports with burndown and bottleneck charts, and I already knew that tickets requesting HR/Payroll access were spending over most of their lifespan waiting for her or one of her sub-managers to approve them.

The manager had an idea…

The manager immediately went on the defensive, claiming she couldn’t keep up with the amount of tickets.

She then requested a change: she wanted any request from her employee to be automatically approved within the relevant scope of their sub-department.

For example, a request for an HR worker to have full HR access and limited payroll access would be automatically approved for HR access but not for payroll, and vice versa.

OP asked the boss.

I was sceptical but weren’t exactly in a position to argue.

I asked my boss to join the discussion and explained that the goal was to prevent overly permissive approvals that could lead to unauthorized access.

I tried to convince her to brainstorm together potential edge cases before making a blanket approval, but she was already set on her decision and wasn’t interested in discussing details.

The boss had one important stipulation.

My boss shrugged and said it would be her responsibility.

He told her to write up an official document, outlining the change, and we would proceed with the implementation.

The only request we had was to include a line that each such request would still be created, assigned to as normal and marked as “automatically approved by (name of the main HR/Payroll manager) decision”.

It is smart to always document everything.

I uploaded the scan into our system and, anticipating that it would eventually backfire, made a photocopy to keep it handy in the top drawer of my desk, the original copy went to the archive.

A few weeks later she stormed into our room.

The speed with which she flung open the door made it clear she was furious.

She demanded to know why we had granted full access to payroll data to her subordinate.

I think it was the only time I ever heard anyone yell in the company.

She never would’ve approved this request.

I calmly reminded her of her request to automatically approve in-department access requests.

She wasn’t having it, explaining that one of her low-ranking subordinates from the Payroll sub-department had accessed the salaries of everyone in their department, including managers, and was unhappy with the paycheck disparity.

Isn’t that obvious that they shouldn’t be able to do that?

“Well, yeah, to a human, but that decision was automated away by your request.”

She finally understood the problem.

I handed her a copy of the document she had signed, which instructed us to automatically approve any and all such tickets without exception.

Immediately afterward, she asked us to roll back the change while she wrote up another document to cancel the previous one.

That sounds like a lot of work.

In the following days, she meticulously reviewed all those tickets and requested us to reduce access for several users.

I have to admit, she did a thorough job and kept up a good pace in reviewing new requests – doing it daily instead of once every week or two as before.

In the end, we managed to distill a subset of permissions that could be approved automatically and proceeded to implement a similar approach with other departments.

She should have listened when they tried to warn her.

Read on to see what the people in the comments have to say.

They will have to make up another reason not to give him raises.

That is some valuable information.

It is terrible and only hurts the employees.

Hey, at least he knew.

This seems great.

When automating work, you need to be very precise.

If you liked this post, check out this story about an employee who got revenge on a co-worker who kept grading their work suspiciously low.