Educause Security Discussion mailing list archives
Re: Multiple of Single User Accounts
From: "Gregg, Christopher S." <csgregg () STTHOMAS EDU>
Date: Wed, 21 Oct 2009 16:26:18 -0500
We use Sun's Identity Manager to manage the roles and it keeps AD in sync. However, changes within roles (particularly the staff role) are still a challenge and requires additional (manual) auditing at this point. Chris Chris Gregg Director of Information Technology Information Resources and Technologies University of St. Thomas St. Paul, Minnesota csgregg () stthomas edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barrera, Connie Sent: Wednesday, October 21, 2009 4:07 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Multiple of Single User Accounts Greetings to all: For the different folks who have responded to this thread. How are you keeping the "roles" identified in AD updated and hence the associated access/permissions current? At least at our school there is a lot of fluctuation between roles and departmental/position assignment. There are often times individuals with dual assignments and it's difficult to keep access updated due to numerous processes- how do you reconcile this? While we currently have many automated processes in place to deal with terminations and transfers, we continue to search for improvements. Is anyone leveraging a commercial IDM solution? Any insight into your respective solutions is greatly appreciated. Best regards, Connie Barrera, MCSE, CISSP University of Miami Security Manager, Information Technology 5915 Ponce de Leon, #41 Coral Gables, FL 33146-2500 O&F: 305-284-2773 connie () miami edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger Safian Sent: Wednesday, October 21, 2009 4:52 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Multiple of Single User Accounts Typically we have a one user, on account policy. There are some very limited exceptions to that rule, but, none of them are for students who are also employees. At 03:17 PM 10/21/2009, Daniel Bennett put fingers to keyboard and wrote:
What do you do when you have students who are also employees or vice versa? Do you create two unique network and e-mail accounts for them or do they use a single account? Daniel Bennett IT Security Analyst Pennsylvania College of Technology One College Ave Williamsport PA, 17701 570.329.4989
-- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 467-6437 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Re: Multiple of Single User Accounts, (continued)
- Re: Multiple of Single User Accounts Basgen, Brian (Oct 21)
- Re: Multiple of Single User Accounts Daniel Bennett (Oct 21)
- Re: Multiple of Single User Accounts Eric Case (Oct 21)
- Re: Multiple of Single User Accounts Flynn, Gerald (Oct 21)
- Re: Multiple of Single User Accounts Gregg, Christopher S. (Oct 21)
- Re: Multiple of Single User Accounts Roger Safian (Oct 21)
- Re: Multiple of Single User Accounts Barrera, Connie (Oct 21)
- Re: Multiple of Single User Accounts Morrow Long (Oct 21)
- Re: Multiple of Single User Accounts Stanclift, Michael (Oct 21)
- Re: Multiple of Single User Accounts Mark Borrie (Oct 21)
- Re: Multiple of Single User Accounts Gregg, Christopher S. (Oct 21)
- Re: Multiple of Single User Accounts Michael Fertig (Oct 21)
- Re: Multiple of Single User Accounts Eric Case (Oct 21)
- Re: Multiple of Single User Accounts Flynn, Gerald (Oct 22)
- Re: Multiple of Single User Accounts Flynn, Gerald (Oct 22)
- Re: Multiple of Single User Accounts Flynn, Gerald (Oct 22)
- Re: Multiple of Single User Accounts Stanclift, Michael (Oct 22)
- Re: Multiple of Single User Accounts Basgen, Brian (Oct 22)
- Re: Multiple of Single User Accounts Jesse Thompson (Oct 22)