You absolutely do not need all that red tape to use a script written for a well-known program. The IT guy just didn't care to spend the teensiest mental energy to save people an enormous amount of work. "No" is the easiest, safest call possible, not a hard call at all. People like him should be shamed.
"Shamed", come on. You don't ask the guy in charge of maintenance to validate new tools. That person's job revolves around stability, and they will always make the safest possible call.
If a new tool is needed, a steering committee of some kind should be used, and IT will be one part of that.
Where I work, IT in general has little say about what tool I use on my PC. They do periodic scans to check that I don't have any known unsafe tools, or tools that are known not to be OK without a formal license. But otherwise, as long as I'm not violating a license and not circumventing my virus scanner, I can use whatever tool I want.
Work would come to a crawl if IT had to validate every single tool used in our company. The notion that this is within IT's scope is flawed. It's the equivalent of asking a government agency to vet every single product that is produced by any company for consumer safety in the whole of the United States, and then rejecting most of them because of the lack of resources to thoroughly vet them.
Would they get in trouble when someone used an automation tool that submitted hundreds of thousands of empty or even worse completely incorrect records, with no reconciliation plan?
If so, then they're completely right to stop some novice programmer from bringing their scripts to bear. There's no reason to take that risk if they have the funding for the current human solution. Bring it up to the superiors and pitch it, talk to some devs. I've seen groups lose hundreds of millions of dollars when one of these excel vbscript python enthusiast AHK things go off the rails. It's a mess, and - again - risk aversion is the most reasonable stance from a business standpoint. He's not a hacker founder, he's a business IT manager.
Edit to say, it sounds like you work at a company with <500 engineers, maybe even <500 employees total. That's fine! It's good even, but it's not an experience that's easily exported to the realm of Actual Business, at least not exactly. As a consultant, I've had billion dollar companies that need the fast fix (python script with a csv datastore to keep some account info or whatever) and I've worked for companies where this sort of approach would get you insta-canned. They're both right enough, but assuming one size fits all is absolutely crazy. It sounds like the mega oil corp above was the latter, at least to me.
> Would they get in trouble when someone used an automation tool that submitted hundreds of thousands of empty or even worse completely incorrect records, with no reconciliation plan?
As I said in my comments above, it's a question of who owns the data. In general, other than things like financial information and HR records, IT does not own the data in our company. They provide lots of services (version control, Jira boards, etc). They often are responsible for backing them up at a specified interval (daily, etc). And they are responsible for configuring them to be secure (which may involve shutting off APIs). But they don't own whether someone can write a script to automate clicking on fields, etc.
They don't own the data and outside of the agreed backup are not responsible for it. They absolutely would not get in trouble if someone automated something that destroyed that data. The policy is "We provide the service, but you are responsible for what goes into it and how." They do not need to see that we've vetted people's scripts for bugs, etc. They expect us to be responsible. If the data is lost, we will be in trouble, not them.
If IT was responsible for every database, Jira board, etc in the company beyond their regular backup, little work would be done. It's a huge company, and we cannot have one org be a bottleneck.
At times they do need to put some restrictions, but even in those cases, the department is free to get their own hardware and run their own database/JIRA board/whatever. There are a few security requirements to hook it up to the network, but IT will not get in our way if we set up our own Jira board/DB. They'll just tell us that we are responsible for backing things up nor will they provide support if we break things.
This is why my company has lots of pseudo-IT teams across departments. The company wide IT is responsible for the big things. The smaller pseudo-IT teams exist to be more flexible and not be constrained. They don't exist in defiance of IT - IT actually endorses it.
> I've seen groups lose hundreds of millions of dollars when one of these excel vbscript python enthusiast AHK things go off the rails.
But why is IT responsible for it? Perhaps in your company this is in their purview, but not in ours. And I'd argue that it shouldn't be. IT cannot go into every org and police what VBA scripts people use, and if they did they'd likely do more harm than good. While you may have seen losses of hundreds of millions of dollars, I'm pretty sure the gains from Excel VBA scripts is much, much more.
> Edit to say, it sounds like you work at a company with <500 engineers, maybe even <500 employees total.
Nope. Well over 50K employees, with over 60% of them being engineers. Likely the top company in the field we're in.
No one has answered my question that I brought up several times: If I can write my own program to do it, should they ban compilers as well? I'm sorry but whatever damage a VB script can do can also be done by C#. Should we ban Visual Studio?
> As I said in my comments above, it's a question of who owns the data. In general, other than things like financial information and HR records, IT does not own the data in our company. They provide lots of services (version control, Jira boards, etc). They often are responsible for backing them up at a specified interval (daily, etc). And they are responsible for configuring them to be secure (which may involve shutting off APIs). But they don't own whether someone can write a script to automate clicking on fields, etc.
I don't understand what that means. With noted exceptions, nobody owns specific data in any of the many companies where I've worked or consulted. You own data stores, get restricted access to other data stores... that's services, even if it's SOA/P. Standard for many many years.
> If IT was responsible for every database, Jira board, etc in the company beyond their regular backup, little work would be done. It's a huge company, and we cannot have one org be a bottleneck.
Not sure what this has to do with the situation at hand, where a user who was a part of a human data entry team dealing with metrics around oil rigs and live oil pipeline data decided to automate their data entry dayjob. No data stores or backups were touched beyond their contribution.
> No one has answered my question that I brought up several times: If I can write my own program to do it, should they ban compilers as well? I'm sorry but whatever damage a VB script can do can also be done by C#. Should we ban Visual Studio?
I don't understand your insistence that a language is meaningful. Why would the IT guy sign off on a haskell program, or a java program, or a python or awk or bash pipeline? He doesn't have the expertise to verify that it does what your job is to do. He doesn't know the guy's job, doesn't see testing, can't verify if it's right or not. With no verification of correctness, he's completely right to block it, no? I almost feel like I'm missing something here.
Sure, my employer allows me to run whatever I want on my laptop. They don't let me pump piles of data into prod environments from that laptop even if it's done in AHK, F#, ... whatever. Why would they? That's a crazy requirement to have.
If you have over 50k employees and each person is allowed to script prod data, let me know the name and some prod endpoints for your company. I'll give you a hundred bucks on the spot :)
> Not sure what this has to do with the situation at hand, where a user who was a part of a human data entry team dealing with metrics around oil rigs and live oil pipeline data decided to automate their data entry dayjob.
You keep bringing up the oil fields, oil pipeline, etc. The original commented did not indicate that this is the purpose, and nor did he indicate the importance of said data, or the cost of the loss. I think I have an idea to what he is referring to, and the data is not that critically important. If it has some importance, there will be a paper trail. As another commenter said, they either have a process to audit the validity of data entry or they don't. Whether it was hand entered or automated is irrelevant.
Throughout this thread you've been arguing from extremes, invoking cases where such a thing could be disastrous, etc and using that as a general purpose argument. No one is saying there aren't occasions where IT should not interfere - I've acknowledged that there are cases where they should. There's nothing to indicate that the original commenters use case is one of those.
And this is what people in the thread are caring about: Someone who has no idea about the problem interfering with a perfectly fine methodology.
I could go on and address your other points in this and other comments, but I don't want to discuss this with someone who doesn't seem to understand the problem domain at all.
Spoken like someone who's never caused a prod outage at a real company, I guess. I'd say that - outside of some startup or small company that has few (or no?) users - the cautious approach is right. The IT guy knew that he was a podunk pissant warden of a very, very small portion of very, very large organization (an org of a few hundred people is basically nothing compared to the vastness of many oil companies) and that the value that his org provided was compromised by this automated approach, without knowing how to mitigate that compromise. He made the right call, assuming he was just there as a bulwark against exactly this.
Same that would happen with the manual typing process. The workflow either includes a process for auditing data quality or it doesn't, regardless of how it was entered in.
It's a data entry script. If it fails they just do their job the old way until the guy fixes it. It's typing text into forms. Just make everyone do things the "old way" once a week so they still know how to do it if the script ever fails.
Okay, but after a week (or two or whatever), how do you rectify the issue you found? It's easy to say get those people back and have them start entering again. What about the customers whose information was inaccurate, the resources that were misallocated, etc? Do you think data entry is done for fun? At AWS we use massive metrics and piles of data to decide what's right; why would an oil company be different, just because their metrics are collated by hand from smaller oil wells into larger spreadsheets or whatever? "By Hand" doesn't mean "totally without value", that's completely wild. Does your super low opinion of data entry people cloud your vision of their value?
There's not been a response to my question of how you reconcile things after this script messes up for the first time; how does that happen? What's the DR plan? if you have real business and real clients working on this data, tell me what the plan is; it shouldn't be that hard.
