Educause Security Discussion mailing list archives
Re: User Privilege Levels.
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Tue, 24 Feb 2009 14:43:52 -0700
He he he. I think I heard that my first day on the job! :) Our general practice has been to create a default non-privileged user, and for the few faculty that need greater access, we give them what they need. Some of our newer campuses refuse to provide faculty administrative rights -- which is at least in the realm of possibility since you aren't taking something away from well established faculty. My general thought is that if you have a standard and provide people a way to justify an individual deviation from the standard, you de facto create a sense of ownership in them. It isn't a perfect system, but it has worked well for us to date. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Karen Stopford Sent: Tuesday, February 24, 2009 2:32 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] User Privilege Levels. Have any of you run into resistance when trying to reduce privileges, where faculty claims "academic freedom?" Not a technical question but a political one. I am just wondering how you might have handled it. You can email me offline if you would like. Thanks, Karen C. Karen Stopford, CISSP Associate Executive Officer for I.T. Security CT State University System 39 Woodland Street Hartford, CT 06105 (860) 493-0116 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jim Pollard Sent: Tuesday, February 24, 2009 12:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] User Privilege Levels. I can only speak from the department level but what we do is give everyone general user access and temporarily grant administrator access if necessary using group policy. If administrator access is absolutely insisted upon we may permit it with the caveat that the user is responsible for ensuring security and receives limited support. ~Jim Jim Pollard Computer Systems Development Specialist Department of Biomedical Engineering University of Texas at Austin it () bme utexas edu 512.789.4345 "The intelligent man is capable of overcoming problems and difficulties the wise man would have avoided in the first place." Rabbi Yusef Becher -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Gracie Sent: Monday, February 23, 2009 9:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] User Privilege Levels. We're in the midst of planning a rollout to Active Directory for our end user authentication, and so we'll be joining all college-owned end user computers to the domain. I'm curious about privilege levels. What sort of access are other institutions giving their users to their computers? * Are your users granted Administrative power over their own machines? * Do you have a uniform level for all employees, or does it vary by position? * Can an employee move between schemes, applying for greater access after passing a security training test or some similar mechanism? Thanks for any replies. Feel free to respond off-list, if you like. --Matt -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- User Privilege Levels. Matthew Gracie (Feb 23)
- <Possible follow-ups>
- Re: User Privilege Levels. Karen Stopford (Feb 23)
- Re: User Privilege Levels. Tupker, Mike (Feb 23)
- Re: User Privilege Levels. Stanclift, Michael (Feb 23)
- Re: User Privilege Levels. Karen Stopford (Feb 23)
- Re: User Privilege Levels. Themba Flowers (Feb 23)
- Re: User Privilege Levels. Daly, Douglas (Feb 24)
- Re: User Privilege Levels. Jim Pollard (Feb 24)
- Re: User Privilege Levels. Karen Stopford (Feb 24)
- Re: User Privilege Levels. Basgen, Brian (Feb 24)
- Re: User Privilege Levels. Gary Flynn (Feb 24)
- Re: User Privilege Levels. Spransy, Derek (Feb 24)
- Re: User Privilege Levels. Karen Stopford (Feb 24)
- Re: User Privilege Levels. Stanclift, Michael (Feb 24)
- Re: User Privilege Levels. Harold Winshel (Feb 24)
- Re: User Privilege Levels. Gary Flynn (Feb 25)
- Re: User Privilege Levels. Spransy, Derek (Feb 25)
- Re: User Privilege Levels. John Hoffoss (Mar 18)