Administrator Access Guideline

Guideline:

System administrators and other University personnel with Administrator Access to computing and information resources are entrusted to use such access in an appropriate manner.  The following provides high-level guidance on what constitutes appropriate and inappropriate use of Administrator Access.

APPROPRIATE USE OF ADMINISTRATOR ACCESS

Administrator Access to computing resources should only be used for official College business.  Use of Administrator Access should be consistent with an individual's role or job responsibilities as prescribed by management.  When an individual's role or job responsibilities change, Administrator Access should be appropriately updated or removed.  In situations where it is unclear whether a particular action is appropriate, and within the scope of current job responsibilities, the situation should be discussed with management. 

INAPPROPRIATE USE OF ADMINISTRATOR ACCESS

In addition to those activities deemed inappropriate in the Acceptable Use Policy, the following constitute inappropriate use of Administrator Access to College computing resources unless documented and approved by management:

o    Circumventing user access controls or any other formal University security controls

o    Circumventing any other formal University computing controls

o    Circumventing formal account activation/suspension procedures

o    Circumventing formal account access change request procedures

o    Circumventing any other established College procedures that are approved by some level of management

The following constitutes inappropriate use of Administrator Access to College computing resources under any circumstances, regardless of whether there is management approval:

o    Accessing Non-public Information that is outside the scope of specific job responsibilities

o    Exposing or otherwise disclosing Non-public Information to unauthorized persons

o    Using access to satisfy personal curiosity about an individual, system, practice, or other type of entity.

Administrator Access

A level of access above that of a normal user.  This definition is intentionally vague to allow the flexibility to accommodate varying systems and authentication mechanisms.  In a traditional Microsoft Windows environment, members of the Power Users, Local Administrators, Domain Administrators and Enterprise Administrators groups would all be considered to have Administrator Access.  In a traditional UNIX or Linux environment, users with root level access or the ability to sudo would be considered to have Administrator Access.  In an application environment, users with 'super-user' or system administrator roles and responsibilities would be considered to have Administrator Access.  In theory, this guidance applies to any user account in that utilization of access rights is reserved solely for the intended business purpose.

Information system

Any electronic system that stores, processes, or transmits information.

Institutional Data

Any data that is owned or licensed by the College. See the Data Classification Standard for more information.

Non-Public Information

Any information classified as Private or Restricted according to the College's Data Classification Standard. 

• Acceptable Use Policy
• Data Classification Standard
• Information Security Roles and Responsibilities Guideline
• Information Security Policy
• Change Management Policy