VP Requested "Full API Access to the ERP" for Claude Integration
Posted by greendookie69@reddit | sysadmin | View on Reddit | 180 comments
Specifically he reached out to our PM without IT on the email and then explicitly stated he doesn't need us when the PM pushed back.
ERP doesn't even have an API. All of the existing integrations either use a JDBC connection or run a remote command (IBM i ACS) to retrieve data/perform work.
I can't imagine what he's trying to do but I feel like it's time to jump ship. Not really looking forward to this
jordaniangoon@reddit
“Full access” and “doesn’t need IT” in the same sentence is always a massive red flag 😅
bitslammer@reddit
Sounds crazy, but hopefully you already have a formal process for reviewing and approving/denying such access.
DiscipleOfYeshua@reddit
And you have solid backup, history / undo etc
Brandhor@reddit
claude will take care of it
KeenanTheBarbarian@reddit
The amount of times Claude has attempted to rm -rf shit couldn’t be zero could it? Or tried to DROP ALL to resolve some weird relationship / inheritance in Postgres certainly isn’t only happening to me is it?
goingwreck@reddit
The f is to save a few tokens. You're welcome
OkDimension@reddit
There are a few articles out there already of people having their databases or storages wiped, including "backups" (snapshots)
https://www.theguardian.com/technology/2026/apr/29/claude-ai-deletes-firm-database
https://www.tomshardware.com/tech-industry/artificial-intelligence/googles-agentic-ai-wipes-users-entire-hard-drive-without-permission-after-misinterpreting-instructions-to-clear-a-cache-i-am-deeply-deeply-sorry-this-is-a-critical-failure-on-my-part
https://alexeyondata.substack.com/p/how-i-dropped-our-production-database
GallowWho@reddit
"Claude did you just delete my production database and backups?"
"I did."
virtualstaticvoid@reddit
That's such a good question. I'm glad you asked.
Aki-oda@reddit
You're absolutely correct!
procsysnet@reddit
This guy went a bit clickbaity but had the llm see that he was running out of space and began trowing
rm -rf $folderaround. Correctly scoped but a bit dangerous non the lesswebguynd@reddit
I haven't had it happen to me (yet) with Claude Code, it has by far been the best model/tool I've used.
I also don't give it direct access to prod, and all the pull requests it make still get reviewed by me before merging.
Cormacolinde@reddit
Like the mafia takes care of things, in the “take it out the back and take care of it” sense?
GolemancerVekk@reddit
(I said take care of him, not take care of him!)[https://www.youtube.com/watch?v=Xf32oJ_9HLg
jefbenet@reddit
You’re looking for Clyde, we get that mixup a lot. But yeah if you need that type of work done definitely want Clyde, not Claude.
PCRefurbrAbq@reddit
Clyde and Claude, Gork and Grok.
Evil twins for the other LLMs: ChatGIT, Tergemini, Charter Pilot, and Bong.
absurdamerica@reddit
Hilarious comment!
brokenmcnugget@reddit
the only way to take care of an in office problem. permanently.
entropic@reddit
it sure will!
519meshif@reddit
And you're sure it works
TheFondler@reddit
Preferably off-site/air-gapped and inaccessible to Claude.
Nathanielsan@reddit
It's much more fun to see it in action without solid DR!
dabbydaberson@reddit
Just give him full access and let him cook
Serialtoon@reddit
Yes! Document the hell out of everything as well as log every change and interaction. He might just go from VP to PP and get canned.
tdhuck@reddit
And if not, make sure everything has been documented so when it breaks you aren't the one that is blamed.
GreatAlbatross@reddit
Printed, notarised, and in a safe deposit box.
beanmosheen@reddit
That position should explicitly be forbidden from that decision lane. They're boned.
Thoughtulism@reddit
Just clone the database and the ERP in a testing environment, randomize any personal information, and then give it to him sans API and ask him to submit his design proposal which will be reviewed with a risk assessment.
He'll get exactly nowhere.
osopeludo@reddit
Seems like a significant amount of work for no good reason.
ibreatheintoem@reddit
It's a medium amount of work to get the VP off their back with the ball in the VPs court, which sounds like an excellent move.
ScannerBrightly@reddit
What sort? If it's name, sure, I guess, but if it's also address, that makes mapping features useless.
Thoughtulism@reddit
Testing environments always have limitations. Frankly they'll probably never get around to getting to a point where this will be an issue.
Centimane@reddit
It drives me nuts when someone starts some crazy request with "just...", it's an attempt at trivializing what is really a significant ask.
One_Target2740@reddit
Perfect response. Also have the VP confirm they'll have sole ownership of the project's implementation and support. Keep it polite, give them what they want so they can have Claude play with it, but follow every change process there is and he'll get nowhere.
SirLoremIpsum@reddit
100%
I don't know why everyone just jumps to "let's give them production access"
Give it in a like-ish test. Demonstrate proof of concept. Get other business ppl to say "this sucks"
Founder-Awesome@reddit
the "full API access" ask is almost always a symptom. what the VP actually wants is to automate something specific in the ERP, probably a report or a status lookup, and they don't have the vocabulary to describe it technically so they reach for the biggest-sounding thing they know.
the part worth paying attention to isn't the bypassing of IT. it's that your org has no defined path for AI integration requests. so the VP routed around you because the formal channel didn't exist or didn't feel safe. that's the structural problem.
what tends to work: instead of responding to 'I want full API access for Claude,' respond with 'walk me through what you're trying to do in the ERP that you can't do today.' you'll almost always find it's three specific use cases. from there you can scope something that's actually safe to build, and you go from obstacle to the person who actually solved it.
the harder version of this problem is that most IT teams don't have an AI request intake process at all. without one, every VP who wants AI access makes up their own path to get it.
yojimboLTD@reddit
No capitals Friday?
BasicallyFake@reddit
IBM does have an MCP for the ibm i I think.
jmbpiano@reddit
Am I the only one who read that as "Master Control Program" and went looking to see if Dillinger wrote it?
Mammoth-Hawk-1106@reddit
no
https://old.reddit.com/r/sysadmin/comments/1tdymin/vp_requested_full_api_access_to_the_erp_for/om0lv8e/
greendookie69@reddit (OP)
Interesting, not sure I'm going to take the initiative to suggest this, but cool to look at on my own time. I appreciate the info.
sync-centre@reddit
Are you publicly traded.....
conceptsweb@reddit
Oh god. Someone needs to explain APIs and MCPs to that guy. You'd need a proxy/middleware to talk to the JDBC from anything modern lol
Mammoth-Hawk-1106@reddit
Leave TRON out of this, you'll have that guy thinking he can send a programmer in there to fight the MCP with a disc.
gakule@reddit
Great, so you want to arm a dangerous idiot with a vibe code predisposition with the pathway to make this happen?!
FauxReal@reddit
Can you act like you think it could be a good idea, then get some sort of cybersecurity third party opinion to shut him down with tales of getting completely reamed?
bloodguard@reddit
I'd explain that there is no api and ask if he wants a project budget for creating one. Either way I'd start making air-gapped backups of said ERP and whatever databases it can reach into.
CoffeeAcceptable_@reddit
The scariest part of this post ( from my perspective) is that directly underneath OPs post is an advert for Claude..........
But seriously, IT can and should push back and say no to things that can affect security.
phoenix823@reddit
How do you know he isn't trying to use Claude to build an API for it?! I'd love to be around to watch (but not clean up) that disaster.
/s of course
nycola@reddit
I have a company (which has existed since August of 2025 - thats when its domain was registered) trying to suck the dick of my president right now, composed of 4 frat bros from college (graduated 2-4 years ago), who are trying to convince them they can build an API for our ACS environment to "Integrate with everything". For anyone who isn't familiar with ACS, it is a greenscreen terminal from the 1980s.
I should add they were all business majors, no IT, no CS, the closest thing was the 23 year old who had BIS degree. We are a manufacturing & production outfit. What is sad is that he seems to be entertaining them, and I've said my peace, and now well - I guess we'll see what happens..
MrGreenMan-@reddit
holy shit this brought me back.
anomalous_cowherd@reddit
I guess there's a lot more chance of driving a simple CLI based system correctly than one with lots of menus and views made to be driven by a mouse. It was a common thing to do for a long time to 'modernise' old CLI systems...
Evil-Bosse@reddit
Give Claude full access to an SAP instance, and that's how we will get the robot uprising on our hands, because it will probably be easier to make sure humanity is extinct that to understand SAP
anomalous_cowherd@reddit
Isn't the SAP business philosophy to make a super complex product so they can foster a culture of consultants making it usable for the customers while paying SAP extra for certs and training and support?
phoenix823@reddit
Almost. They give your Finance team all the rope they need to hang themselves 10x over and then watch you do it.
evilkasper@reddit
ACS, I didn't realize anyone was still on it after it was bought by Aptean.
sac_boy@reddit
Robot hands for the keyboard, camera for the screen, and you have an API for anything
WHPIJack@reddit
Love me some green on black!
Jaereth@reddit
color 0a
$host.UI.RawUI.BackgroundColor = "Black" $host.UI.RawUI.ForegroundColor = "Green"
yankeesfan01x@reddit
AS/400
Stonewalled9999@reddit
sh#t do you work here? Is the guy's name Kevin or Kyle? I know that ACS screen well
gakule@reddit
God, this isn't Eagleeng, is it?
Random_Effecks@reddit
Jeff?
shimoheihei2@reddit
You're looking to jump ship because your company wants to integrate AI into ERP? I have bad news for you then..
I think the bigger question is, why doesn't your ERP have an API? Any software that doesn't have an MCP server, or some direct AI integration, with proper access control, is going to be losing market share soon.
billy_teats@reddit
I think the bigger issue is a non technical business VP wanting to integrate AI into ERP without involving IT and then when challenged on that doubled down. I see two probable reasons - the VP doesn’t want IT to be aware of it, or that the VP doesn’t want to deal with the (hassle) standard procedure for integrating two IT systems.
This should be a project proposed by the VP to have the technical professionals evaluate. Even if they are the decision maker, they clearly don’t even know what this project entails. They likely bit hard on the marketing sales pitch, said it’s a zero touch integration, just grant the permissions! When in fact the API’s don’t even exist
shimoheihei2@reddit
I agree that non-technical VPs shouldn't make IT decisions, however I would disagree that it needs to be driven by IT. Each business unit know how AI can help them best, and they shouldn't have to wait on IT to come up with every use case first.
billy_teats@reddit
I don’t think IT should drive it. The VP comes up with the idea and asks IT how realistic it is to implement.
oldspiceland@reddit
What are you basing this claim about market share on, exactly?
shimoheihei2@reddit
I work in IT with large enterprises all day long and all I can hear from their executives is how they need to use more AI. Maybe your experience is different, but in 2026 it's all about how can we add AI into every piece of software. If you're hoping to get away from that, I'm not sure you'll have much luck.
oldspiceland@reddit
So, this is entirely based on executives fad slapping on a buzzword.
NDaveT@reddit
The poster is probably trying to pump up stock prices for one AI company or another.
greendookie69@reddit (OP)
No, because a nontechnical person wants to do things himself.
ERP doesn't have an API because they suck, not saying I necessarily disagree but it's the reality and we're not migrating any time soon.
knightofargh@reddit
I’m getting a whiff of JDE in your description. If it is I wouldn’t hold your breath on an API or AI integration. JDE is ancient and Oracle has about zero interest in making it better.
Darkace911@reddit
Ironically, Oracle is going to die as a company when OpenAI doesn't pay their GPU bill later this year or early next year. I think the report was that OpenAI owes Oracle $72 Billion a year for the Stargate Datacenter when it comes online. That price may go down if they don't finish the build-out but Oracle has bet the company on this.
ycnz@reddit
"Hi. I've given you full access to all APIs"
bigbearandy@reddit
This is one of those things where you might want to quietly take backups, do a DR simulation, and pretend you don't even know about the VP. That way, he either quietly goes away after doing minimal damage, and you can be "shocked and dismayed" to find a "serious and undisclosed impact on our operational systems," or you can play hero when Claude happily drops the database.
Either way, playing all sides against the middle is IT's surest defense against unlimited wants in a world of scarce resources, and giving the proponents of unfettered AI hype a political bloody nose is fair play. At this point, these unproven tools are a distraction and a sink on the budget.
nullrecord@reddit
Put your CISO or security on cc and ask them if this is is allowed according to policy.
dabbydaberson@reddit
Ciso role is a lap dog to cto and cio anymore. They are just carted in for the dog and pony show that is a board meeting.
I_cut_the_brakes@reddit
I would happily woof all over the place for a CISO role.
nullrecord@reddit
So what. If CISO approves it, it's no longer the OPs problem.
dabbydaberson@reddit
Oh sorry thought we were actually trying to reduce risk thinking the ciso would be some kind of voice of reason. Yeah sure make the ciso the scapegoat, fuck that guy lol
Ssakaa@reddit
That guy makes probably 10x or more what OP does and is paid to be responsible for shit. So yeah, if he signs off, fuck that guy.
Triairius@reddit
There’s a delicate balance between doing what’s best practice/right for the company and fuck the company/covering your ass.
meatballwrangler@reddit
seriously. I can voice my concerns to higher powers all day long, but if they want to make dipshit ass decisions, then that's on them. I just leave enough of a paper trail for CYA purposes. I genuinely do not fucking care anymore
Arudinne@reddit
There's only so many fucks one person can give in a day.
badasimo@reddit
This. Just make sure you thread the needle language wise, so that it doesn't seem like you're challenging them just doing your due diligence
surveysaysno@reddit
"Hey ITSec, legal, finance,
I'm having trouble running this down, what is the approvals process for granting 3rd party write access ERP to outside vendor? See attached"
anomalous_cowherd@reddit
plus finance and legal, they are very likely to be interested. Or they should be, at least. And if they aren't, it's definitely time to jump ship!
Superb_Raccoon@reddit
CFO should throw a shitfit over anyone fucking with "his" financial system.
Don't mess with the guy that prints the checks.
Booyanach@reddit
do you have a CTO within the company structure? I'd raise concerns with him. Depending on the organizational structure, a VP can either have a decent amount of decision making, or is just a glorified Senior PM.
One_Monk_2777@reddit
Time for malicious compliance. Advise against it and document it, then do exactly what theyre asking
squibby_sh@reddit
Yeah that’s how I feel if the VP wants rope to hang themselves with then let them
ashimbo@reddit
OP should just respond that the VP already has the same API access as everyone else.
TheFondler@reddit
Include a list of possible disaster scenarios and an associated cost estimate for each.
Abysuus@reddit
While OP might not shoulder any of the blame for the following dumpster fire, they very well might be the one putting humpty dumpty back together and benefit from maybe not letting things go terrible in the first place.
Nietechz@reddit
You can't, because they see you as an obstacle rather than helpful one. The redditor is right, document everything and warn them. In the end you will suffer the consequences no matter what.
kilkor@reddit
What people don't seem to think through here is the other path where you actually do put your foot down successfully and what that entails.
Once you do, the other party escalates the issue and you're now in several meetings to haphazardly plan this hair brained idea and become responsible for architecture, planning, implementation, and maintenance of it.
No thanks. I would personally rather advise against it with strong reasoning and let it go through and fix it back to the original state when it breaks. Let the other person crash and burn while you are the one that removes roadblocks and demonstrates your capabilities. Once it's been shown to cause issues it becomes much easier to get buy in on stopping it entirely, or telling them its going to be 3-6 months of planning and implementation and you need an extra 3 heads to account for the work.
One_Monk_2777@reddit
I agree with what youre saying, but in reality if my boss says do something and I say no, they will no longer be my boss ykwim
Abysuus@reddit
Every workplace is different and ya gotta do what ya gotta do. If someone not IT requested that here id be going over their head no problem like a crazy person from the future warning of global disaster
fresh-dork@reddit
that's just compliance with CYA
slowclapcitizenkane@reddit
You do have an AI policy that covers this, don't you?
YukonCornelius1964@reddit
Document and give the asshole the permissions
ThatBlinkingRedLight@reddit
I did it using our ErP restapi
I put in safe guards and use the already established user permissions from the ERP software.
We use Azure site recovery and backups to protect it but so far it’s worth its weight in gold
We incorporated SSO and MFA from Azure To protect it further for external use
I plan on having it pen tested before I go live
I gave Claude the code and the instructions and it just went and built 500k worth of tools in 20 hours for less than 1k
highlord_fox@reddit
Yes, but are those tools functional? Were they sanity checked by a real human?
rayferrell@reddit
The part nobody's mentioning: even if he somehow forces a workaround, feeding your ERP data into an external LLM is a SOX compliance bomb. IBM i systems usually run the financial heartbeat. Your auditors will have questions, and "the VP went around IT" won't be a valid answer.
He's not just bypassing you technically. He's bypassing every control that keeps the company out of regulatory trouble. Document that you were excluded from the conversation, because when this goes sideways, the paper trail matters more than the technical solution.
alloygeek@reddit
You are right- it is time to jump ship. Just get another job lined up first if at all possible.
DocDerry@reddit
Let the PM handle it. There is no API and its probably an Infor system so the PM can tell him what is/isn't possible.
vhalember@reddit
Sounds like a decent PM too. They actually pushed back.
say592@reddit
I can almost guarantee some integrator pitched him on a solution he said "we can integrate with anything". Hopefully this is part of due diligence and he hasn't already signed a contract.
xSkyLinedx@reddit
I want an update when he is given full access to something
MattAdmin444@reddit
Have you linked them the several incidents lately of AI bots deleting entire databases?
Jaereth@reddit
Yeah I guarantee you this isn't going to be "create an API" if he actually gets his hands on it. It's going to be "Co-work" or whatever Claude calls it and he's gonna turn it loose.
Select_Reporter1911@reddit
Every time I see some version of this story, why is the go to 'jump ship'?
Droghan@reddit
VP is trying to do an end run around IT without any governance and when things go pear shaped the VP will scapegoat someone for their horrible choices that more than likely will not impact the VP in any negative way. Probably not the first time this VP has thought they do not need any oversight or perform "Shadow IT"
I agree jumping ship is probably an extreme response but not that far fetched.
Select_Reporter1911@reddit
Seems like the response from the PM is more than enough to form a paper trail. Along with corporate policies regarding new hardware/software acquisitions.
If the company doesn't have that. The let the VP do what they want.
greendookie69@reddit (OP)
Yes - but to add onto this point, there is a history at my company of executives doing things like this. Even just normally trying to work with them, gathering requirements etc. has us perceived as difficult. This isn't the very first thing that's making me want to jump ship, it's just more on top of the existing pile of shit
pspahn@reddit
I'm not familiar with the specifics of JDBC, but I built basically the same thing with ODBC for our legacy ERP. It's not that big of a deal.
Set the ODBC source to read only. Let Claude read the schemas. Turn it into an MCP if you like. I added a FastAPI layer for common queries.
VP probably just wants to be able to make novel queries using natural language and/or implement RAG. It's a perfectly reasonable business use case. Clone the DB and sandbox the session. Set up settings.json for whatever rules you need.
Jaereth@reddit
The key here is "I don't need IT"
Really? You wouldn't even want to take 30 minutes to discuss your project with what is basically the in house consultant team that knows the environment inside and out? Just hubris.
dynalisia2@reddit
He’s looking for business intelligence without having to make any effort.
wwbubba0069@reddit
glad my VP wont try this. He can barely use ACS let alone attempt to connect an AI to the iSeries lol.
Helpjuice@reddit
This should go through your existing process for legal review and approvals to justify this to begin with. If they have no real job function or requirement for this level of access then it should be denied by policy. This prevents them from obtaining any form of access beyond what they currently have. As the next thing you are going to get is a request to build an API if one does not exist.
AromaticCamp8959@reddit
As many others have already said, document, document, document, and then document some more. Take backups, and prepare. Give him the rope and let him hang himself. Had an exec on my team that would feed PII and sensitive data into ChatGPT. I educated him privately, scolded him privately when he kept doing it, and then publicly in an executive meeting. CEO agreed there was “very little risk.” I told them they were a compliance nightmare, and I wouldn’t sign off on the annual cybersecurity audit. I decided to leave about 3-months later, watching them scramble like cockroaches as they thought I was bluffing and that I’d rescind.
StarSlayerX@reddit
Give Claude full god mode access to your ERP.... when it blows up, how they going to make a bot responsible?
SevaraB@reddit
Letting an LLM raw-dog SQL connections. What could possibly go wrong?
Anyway, SQL is an API, just not a REST API. Treat SQL access for an LLM the same way you treat SQL access for any greenhorn that joined the company yesterday and hasn’t proven themselves trustworthy.
LLM security fundamentally boils down to “don’t poke special holes in your access model for LLMs.”
konoo@reddit
Run this up the chain of command. This is the kind of thing that can destroy the company. It is your responsibility to make sure that this does not happen now that you know about it.
graywolfman@reddit
It is not this person's responsibility to stop it. It is leadership's responsibility to stop it.
At this point, escalate, document, escalate, document. If they don't listen to you then it may be time to jump ship. Don't fall on a sword for these people.
konoo@reddit
I disagree but it depends where you fall on the corporate ladder.
Do people above you understand what an API even does?
Have people above you seen the horror stories about AI causing security and data issues?
I would absolutely go to the mat with my boss over something like this.. Perhaps even the parking lot.
I am in a very high level position today so that's easy for me to say but I have always had the same take on this situation and perhaps that why I have advanced so far in my career.
Back when I was a jr system admin my bosses boss the CFO wanted Super User access to the ERP system. I refused and provided evidence why this should not happen. It was a tense week but ultimately that same CFO promoted me to Director of IT over the course of the next few years.
greendookie69@reddit (OP)
I report direct to the CTO. He generally defers to me with ERP related matters because that's what I do. To quite a degree I act with impunity but there are a select few people in leadership that have a history of getting their way.
We are a small business that ballooned very quickly over the last few years and it is really showing.
His position is basically let the VP learn the hard way because ownership doesn't understand, doesn't care, etc. and the doesn't want to deal with the fight.
In principle I disagree but in practice I kind of feel the same way. I dunno. I don't get paid enough to have this fight.
konoo@reddit
As long as you make your case to the CTO in a meaningful way then in my book you have done your job. You have a CTO to lean on when I was in your position I didn't so I had to take matters into my own hands.
I would make sure that you get something documented before granting access that you disagree with in order to protect yourself if it blows up. Just a quick email verifying that the CTO approves should suffice.
The fact that this feels wrong to you means something, dont make the same mistakes your CTO is making when you are in his position.
greendookie69@reddit (OP)
All fair points. I see my PM's status is busy right now, she's literally in the meeting with this guy right now. Once I get the story from her then I'll have enough information to proceed, hopefully.
fuzzyfrank@reddit
Update us, op!
tastyratz@reddit
I would also say this is the kind of thing Legal and compliance needs to be involved on to be made aware of the risks up to and including complete exposure of customer sensitive data and company proprietary information.
Internally, backups team is going to need to be verified with and I agree I would write a pretty high scoped email that you believe this could jeopardize the organization and wanted to formally document your position in the event of any legal issues with customers or government agencies.
Glittering_Power6257@reddit
A good reason to pick your battles wisely. Need to maintain the wherewithal to fight battles like these which could have substantial consequences.
Seiak@reddit
Companies have whistleblower policies for a reason.
igiveupmakinganame@reddit
doesn’t need IT… ok good luck then
Jazzlike-Vacation230@reddit
Sounds like a major Security/HR/Legal situation that could have been avoided by looping in the actual people who make 90% of society function now: INFORMATION TECHNOLOGY
Stinkles-v2@reddit
Flash forward 6 months: everything is fucked, the VP- "Oh well it's not my fault". Everyone shrugs their shoulders and look at you to unfuck everything.
SillyPuttyGizmo@reddit
You might want to have him read the license agreement of your ERP, I doubt that they allow modification by or unfettered access to an AI agent ... my 2cents
aaiceman@reddit
That’s assuming the company that made the ERP is still around. Could be a super old one that has gone out of business.
SillyPuttyGizmo@reddit
Fair enough
thortgot@reddit
No doubt this is the wrong way to go.
Saying no isnt the solution either. Identify the need and fill it.
Its almost certainly reporting related. You can stand up a reporting server and MCP connection without a ton of work.
ethanjscott@reddit
Ahh to be an as400 programmer in these trying times
MagicWishMonkey@reddit
You can easily build a db mcp that Claude can use to do the thing. Just saying…
lastcallhall@reddit
Had a similar thing happen to me - And run around my dept to get the CEO to see how "amazing" Claude is, and now im somehow heading up AI integration into our ERP system.
All I can say is that, its coming; you might be able to find a place that isnt buying in yet, but they eventually will. Once I figured that out, I reasoned that the best thing I could do was maintain control over the environment I know. So I leaned into the project and at the very least have oversight on what gets implemented and on my timeline.
Its not ideal, but at least my dept has a modicum of control over the process at this point. Id rather that than being in the dark until its too late.
Good luck.
SaintEyegor@reddit
Yup… our senior “leadership” wanted to do something similar, so I gathered a bunch of AI hallucinations and kicked it up the chain of command. Thankfully, they recognized the risk and backed off on their plans.
We have a couple of in-house models now and everyone’s been warned not to blindly trust the results and all external AI’s have been blocked.
ishboo3002@reddit
This is the right answer, it's going to happen one way or another almost everywhere. Build the controls, understand and document the risks.
Obvious_Word873@reddit
There are some pretty funny comments so far, but kudos to you for giving him some anecdotal advice. Goodluck on your integration!
Ahnteis@reddit
Sounds like an easy response then. :)
ImCaffeinated_Chris@reddit
To the Dev ERP, right? Dev?
itfosho@reddit
🤣🤣🤣🤣
fuzzyfrank@reddit
I wouldn't jump ship over this, heck I'd barely lose sleep, as long as I had a process.
I suppose it depends a bit on what your exact role is, but more than likely, you're not solely responsible for risk acceptance for your org. In this case, the VP needs to be informed of the risk, follow any procedures like change control etc (which would likely loop in compliance/security), and have this change documented.
just my 2 cents :)
tr3kilroy@reddit
Exactly, let the CAB laugh at him
learn-by-flying@reddit
Loop the CISO in.
tpwils@reddit
No reason to jump ship, this type of request is going to become a normal occurrence everywhere.
I had a new Director of finance ask for elevated access to something because he wants to vibe code something for his team.
Not on our production systems you are not.
Random_Effecks@reddit
VP of what?
JaySuds@reddit
Presumable there’s a non-production instance of the ERP he can be given access to, or stand up a dedicated dev environment for him.
Happy_Kale888@reddit
Write 3 letters...
bjc1960@reddit
GFO?
levir@reddit
Anyone who connects their real money to an LLM deserves it when they get swindled. That's my two cents.
Mrhiddenlotus@reddit
Give scoped access, say its full.
andrewsmd87@reddit
Need to know more detail on the structure of your organization. How big are you, who do you report to, who do they report to, etc.
greendookie69@reddit (OP)
\~300 employees, a small-ish business that grew really fast over the past few years and is feeling the growing pains from it. Had two mergers recently that aren't going great. This guy is from one of those mergers.
I report direct to CTO. He's great but is tired from 20 years fighting with ownership. A lot of that fight has been pushed to me in the past 3 years being the ERP guy and I'm already pretty defeated, which is why I want to jump ship.
Eulerious@reddit
Why fight? Let it go through the chain of command (if you do not have a process in place already), state the risks posed by full access and let them have their fun. You do not even have to mention Claude here, full access to a critical database is a bad idea in almost all cases, no matter who asks for it. Of course, it shows an extra dimension of stupidity, but what they do with the access once they have it is not your concern.
greendookie69@reddit (OP)
Well I don't think I'm going to fight very hard in this specific instance. I meant just generally, there's always a fight. Owners screaming about shit they want or shit they believe isn't working, etc. I just anticipate a fight about this one. You know?
andrewsmd87@reddit
So you just email that vp back with your cto on it and express all of your concerns. Here's the thing, you need to word these coming from a positive light. Things like, I understand you are wanting to be more productive which is great and I want to encourage that, but I am worried about x.
Add ironic as this sounds, dump your thoughts into claude/chatgpt along with the context you have in your head, and have it draft the email for you. Tweak that and use it.
I am not trying to knock anyone in here for the advice they've given but they are only looking at it from a sysadmin side and not an office politics side, and that is a real thing.
But you make sure you are getting your CTOs sign off first, your concerns are 100% valid and you are a good employee for having them.
I would shut this request down in a heartbeat if someone under me came to ne with it.
Let me know if you have any questions and how it goes. Wish you the best
jqpubic4u@reddit
Bet him $100 times that it causes major beaches for everyone. Let him put his money where his mouth is.
Miserable_Potato283@reddit
Ask him if he wants just read full crud access
f0gax@reddit
De-fucking-nied.
UserProv_Minotaur@reddit
Oh hell no
teriaavibes@reddit
Ah legacy technology, the only thing keeping AI at bay.
southsun@reddit
This generates a HR/Compliance/Legal report. Let them deal with it.
SASardonic@reddit
gonna start hiding the fact that our ERP has APIs like the ark of the covenant
stacksmasher@reddit
Get the request in writing.
surreal3561@reddit
This is no different than any other stupid request. Follow established approval procedures, then if approvals are done do as you’re told or quit.
ReptilianLaserbeam@reddit
So not even an MCP server no, straight away FULL API access? Hahahahahaha
Joy2b@reddit
Time to review the backup strategy closely, figure out what isn’t being covered and what isn’t being tested. See if the CISO can schedule a test run of recovering from an internal threat.
How sure are you that the copy of the nightly backups is really stored offline, and it’s actually are read only?
How many people on this VPs team have shadow IT data stored on random laptops?
evolutionxtinct@reddit
Sometimes I wonder how stories happen…
macktastic90@reddit
Honestly man, tell your boss and grab the popcorn. If everyone signs off on it, prepare to watch it crash and burn 😂
CantaloupeCamper@reddit
Send up the warning flag to people above you and possibly get ready to enjoy a hell of a good dumpster fire!!!
🌭🌭🌭🍺🍺🍺
🔥🔥🔥🔥🔥🔥
OkBaconBurger@reddit
Always trying to chip away the IT cost centers. Think of all the people they could fire by using Claude!