System administrators (sysadmins) hold considerable organizational power by controlling access, enforcing or bypassing security, and mediating between users and systems. Previous research on sysadmins highlighted their technical practices, collaboration, update behavior, and misconfigurations, but rarely addressed questions of power, responsibility, and ethics within organizations. We surveyed 262 sysadmins from various countries and professional backgrounds on perceptions of power, morality, oversight, and insider threats. Sysadmins defined their power mainly through specific skills and their perceived irreplaceability, less in terms of destructive potential. Access rights played a role, but more important were how others---such as superiors---perceived them and their skills, as well as their actual decision-making authority. Demographic factors were largely irrelevant, though women were less confident than men when self-assessing their skills and power regarding their profession. Logging, dynamic privileges, and guidelines were not seen as restrictive. Sysadmins described facing ethical dilemmas and relying on their personal moral compass to work through them.
ACM CHI Conference on Human Factors in Computing Systems