Stan, the new HR manager, wants everyone in his department to have access to create and delete accounts to streamline the process for getting new hires setup in the system. Why is this not a good idea?
This could enable tailgating
HR employees are not usually on the Access Control List (ACL)
This does not keep with the principle of least privilege
This could allow HR employees to by-pass privacy filters, though it isn't that big of a threat since they are HR
This is a clear violation of the principle of least privilege, and it would likely drive the IT department mad. ACLs do not have anything to do with account creation/deletion. Privacy filters are a physical security mechanism that prevent folks from watching your screen, this it does not apply to this situation. Tailgating is when someone follows an authorized individual into a controlled area, also not applicable here.
In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege or the principle of least authority, requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.