Sharing Team Members Login Accounts

At work, all code is stored on the development server. Every member of the dev team has sudo access to become root and access each others files. Theres also a work-wide shared document directory that we all have access to. Nothing of any importance should be stored on local machines.

Relying on a mechanism like sudo leaves a really nice audit trail. You never want to directly password share, because in addition to a huge privacy violation you also have the situation arise where you can not be sure who was actually logged in as the user at the time of any incident in the future.

The way we handle it (and I think it is the most secure) is that a Security Exception is filed and an administrator for whichever system the information is on retrieves the required information.

For the case you mentioned, the department manager would have to file a request to gain access. Depending on the situation, we may access the data for them, grant the manager access, or give another user access to the data.

Never do we have a policy where sharing usernames and passwords is acceptable.

You should think about setting up procedures for accessing files on your staff's personal folders (either shared or local) in situations of urgency. Every data on work property belongs to your work, but there needs to be a process of WHO has rights to see these data in situations that call for access when the person is not available.

Normally, things should be organized such that information required by the team is accessible to them.

That means putting information about bugs into a bug tracker, putting customer communication into a trouble ticket system or similar, putting documentation into a shared folder, intranet wiki or similar etc.

If that is done, there should be no need to access someone else's files. There may be a need in special cases, but at least in my (small) company it's never happened to me.