Re: Multiple of Single User Accounts

[Mark Borrie <mark.borrie () OTAGO AC NZ>]

We keep separate accounts for staff, students and external users. One of
the prime reasons is the difficulty in mapping identities when the
source information is quite different. Keeping the account different has
allowed us to maintain separation of roles (duties) in a much more
devolved way.

Another issue that is rarely mentioned in this debate is the need to
protect some credentials more than others. A situation has recently come
to light here where a privileged user here exposed their credentials to
key infrastructure while accessing student systems. The exposure was
obscure (and certainly unintentional) but exists none the less. Keeping
accounts separate helps mitigate that accidental exposure of credentials.

Mark

Daniel Bennett wrote:
> What do you do when you have students who are also employees or vice
> versa?  Do you create two unique network and e-mail accounts for them
> or do they use a single account?
>
>
>
> *Daniel Bennett*
>
> /IT Security Analyst/
>
> Pennsylvania College of Technology
>
> One College Ave
>
> Williamsport PA, 17701
>
> 570.329.4989

--
Mark Borrie
Information Security Manager,
Information Technology Services, University of Otago,
Dunedin, N.Z.
Ph +64 3 479-8395, Fax +64 3 479-5080