Plausible Deniability
Security is an interesting arena. Half the time you seem to want to gather privileges, the other half you seem to want to get rid of them.A good example is access to a production system.Sometimes it's awfully nice to log into the production box to diagnose a problem. It's a convenience that is sometimes even taken for granted.Then, when there is a security breach of some type, it's just as nice to know that you don't have the password and you couldn't have been the one to blame for it. The simple knowledge that you are no longer "one of the usual suspects" is a way of resting a bit easier.The same can be said for auditing. Having a "paper" trail is a good way to make sure you're not going to get blamed for a screw up. It cuts both ways though -- if you are responsible, of course it'll point right to you; it gives you incentive to not screw up. ;-)This is just coming up from me locking down stuff at work.Locking it down and almost throwing away the key. That way I'm no longer one of the usual suspects. (Ok, more broadly, none of us are!)