Re: User Privilege Levels.

["Basgen, Brian" <bbasgen () PIMA EDU>]

 He he he. I think I heard that my first day on the job! :)

 Our general practice has been to create a default non-privileged user, and for the few faculty that need greater 
access, we give them what they need. Some of our newer campuses refuse to provide faculty administrative rights -- 
which is at least in the realm of possibility since you aren't taking something away from well established faculty.

 My general thought is that if you have a standard and provide people a way to justify an individual deviation from the 
standard, you de facto create a sense of ownership in them. It isn't a perfect system, but it has worked well for us to 
date.

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Karen Stopford
> Sent: Tuesday, February 24, 2009 2:32 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] User Privilege Levels.
>
> Have any of you run into resistance when trying to reduce privileges,
> where faculty claims "academic freedom?"  Not a technical question but
> a political one.  I am just wondering how you might have handled it.
> You can email me offline if you would like.
> Thanks,
> Karen
>
> C. Karen Stopford, CISSP
> Associate Executive Officer for I.T. Security
> CT State University System
> 39 Woodland Street
> Hartford, CT  06105
> (860) 493-0116
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jim Pollard
> Sent: Tuesday, February 24, 2009 12:12 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] User Privilege Levels.
>
> I can only speak from the department level but what we do is give
> everyone
> general user access and temporarily grant administrator access if
> necessary
> using group policy.  If administrator access is absolutely insisted
> upon we
> may permit it with the caveat that the user is responsible for ensuring
> security and receives limited support.
>
> ~Jim
>
> Jim Pollard
> Computer Systems Development Specialist
> Department of Biomedical Engineering
> University of Texas at Austin
> it () bme utexas edu
> 512.789.4345
>
> "The intelligent man is capable of overcoming problems and difficulties
> the
> wise man would have avoided in the first place."
>
> Rabbi Yusef Becher
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Gracie
> Sent: Monday, February 23, 2009 9:46 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] User Privilege Levels.
>
> We're in the midst of planning a rollout to Active Directory for our
> end
> user authentication, and so we'll be joining all college-owned end user
> computers to the domain. I'm curious about privilege levels. What sort
> of access are other institutions giving their users to their computers?
>
> * Are your users granted Administrative power over their own machines?
>
> * Do you have a uniform level for all employees, or does it vary by
> position?
>
> * Can an employee move between schemes, applying for greater access
> after passing a security training test or some similar mechanism?
>
> Thanks for any replies. Feel free to respond off-list, if you like.
>
> --Matt
>
> --
> Matt Gracie                         (716) 888-8378
> Information Security Administrator  graciem () canisius edu
> Canisius College ITS                Buffalo, NY
> http://www2.canisius.edu/~graciem/graciem_public_key.gpg