Search
School of Informatics and Computing Menu

Privileged Access Policy

The following policies govern privileged (root, superuser, or administrator) access to School of Informatics and Computing workstations and servers. They are designed to protect the integrity of these systems, while allowing appropriate access as needed to perform required duties. Failure to follow these policies will result in having access revoked. A digitally signed copy of this policy must be on file with the SOIC IT office as part of the access granting process. These policies serve to augment Information and IT Policies published by the university.

Desktop Workstations

When faculty, staff, or a graduate student is assigned a workstation in one of the SOIC department offices or research labs, he/she may be provided with privileged access to that workstation at the request of his/her faculty mentor. Privileged access granted to students will be for a specific research purpose and will expire when no longer needed for that purpose.  The user requiring elevated access will be required to create a “Group Account”.  As with other IU computing accounts, the new account is considered private.  The user should not share the passphrase or allow others to use the account.

Privileged Access Restrictions

  • Users will comply with all restrictions listed in IU’s security policy IT-12  – Security of Information Technology Resources.
  • Users may not change the passphrase for the Local Computer Administrator Account (usually “infoadmin” or “root”).  Users may not change any permissions for the Local Computer Administrator Account.
  • Users do not have permission to modify any files except in designated user directories without specific authorization from the SOIC IT Staff. Specifically, no system configuration files may be modified unless specifically authorized.
  • Users may not use their privileged access to examine or modify the files of any other users of the system.
  • Users may not give other people access to the privileged access account or grant privileged access to existing accounts.
  • Users may not add or remove users from the system.
  • Users may not add or remove software and operating system components other than what is required for their research project.
  • Users may not in any way compromise the security of the system.

Privileged Access to Special Purpose Research Computers/Servers

Privileged access to computers designated for special-purpose research may be granted to users of those computers.  Such special-purpose computers will not have any users’ home accounts or contain critical, restricted, or university-internal information. Mechanisms and policies governing privileged access will be agreed to by the faculty member(s) responsible for the computer system and the IT staff.  If necessary, the IT staff may impose other restrictions on such computers in order to protect the security of the computing facility.

If privileged access is granted to Special Purpose Research Computers/Servers:

  • Users will comply with all restrictions listed in IU’s security policy IT-28 – Cyber Risk Mitigation Responsibilities.
  • Users may not change the passphrase for the Local Computer Administrator Account (usually “infoadmin” or “root”).  Users may not change any permissions for the Local Computer Administrator Account.
  • Users do not have permission to modify any files except in designated user directories without specific authorization from the SOIC IT staff.  Specifically, no system configuration files may be modified unless specifically authorized.
  • Users may not use their privileged access to examine or modify the files of any other users of the system.
  • Users may not add or remove users from the system.
  • Users may not give other people access to the privileged access account or grant privileged access to existing accounts.
  • Users may not add or remove software and operating system components other than what is required for their research project
  • Users may not in any way compromise the security of the system.