Re: "at a company i used to work at"
"or maybe a company that has an obligation to keep information confidential, and thus limits access on work systems to resources that help rather than hinder"
So allowing senior management, who are likely to have more sensitive information and be at great risk of a targeted attack (and, the cynic in me says, more likely to fall for phishing) to access these resources is a good idea?