Channelling the BOFH

I'm on group mailbox duty this week, which always gives me a bad attitude.  Or at least a worse one than I had already.

To explain - every week, one member of the team is mailbox muggins, which means we get to monitor the team's mail drop box, action requests for systems access, sort out faults with same, and generally put up with every crap inquiry that some clown from any other business unit can heave over our fence.

This is in addition to the team member's own duties, and is expected to be done in a reasonably timely manner, usually when it's inconvenient.

I'm kind of channelling the BOFH at the moment, and I'm taking it out on the users, which only seems fair.

First request - user wants engineer access to a system.  I know this particular person and what they do, and not only do they not need engineer access, I don't trust them with what they might do with it.  I authorise it for read-only access and send it off.  Chances are they'll never notice anyway, because they wouldn't have a clue what to do with the thing.

Second request - another (l)user wants engineer access.  I used to work with this person at another company, and I'm not terribly pleased to find myself working with them at this one.  Just to be a pain in the arse I deny the application due to no business case for write-level access, and if he applies for read-only later in the week I'll have to come up with something like a trailing whitespace on his username or something.

Third request is one of those "what in the name of dog alone would you want that for?" requests.  I don't think most people know that system exists, let alone know what it does.  What *does* frequently happen though is that people mistake this system for others because it has a couple of common words in it, and it's the top one in the list, so plenty of people just pick it without taking the time to read and understand.

I did briefly consider knocking the application back, but I decided that that would be wasting a perfectly good opportunity for some fun, so I provision the access as requested - the user is actually entitled to have access to the thing.  I approve the request, with the comments that the user needs to log into two different servers to update their temporary passwords before the account can be used, that there's no replcation between the servers so they both must be done manually, the temporary passwords are a 24-character mixed-case alphanumeric with special characters (different on each server, naturally) and cut-and-paste doesn't work into the terminal server window, so it's all got to be hand typed.

The merriment will start in a couple of days when he discovers that what he applied for is the wrong thing, and he has to start again.