Local Administrative Rights Super User (SU) Access
Purpose
The Administrative Rights Access Policy has been established to define the criteria for which Local Administrative rights for a supported desktop, laptop or other end-user device may be granted, and the terms and conditions upon which rights will be granted.
The granting of Administrative Rights Access to an employee/contractor to a desktop, laptop, or other end-user device is a privilege only provided to individuals who require this level of access and control in order to do their jobs effectively.
The goal of this policy is to describe the circumstances under which Administrative Rights Access shall be granted as these rights allow users the ability to change standard desktop configuration settings, install unlicensed software and disable other security measures, potentially creating security weaknesses in the desktop environment.
Definitions
- Local Administrative Rights via a Super User (SU) Account – Access level that allows an individual unrestricted access to change the configuration of operating system level settings on a specific desktop, laptop, other end-user device, or server.
- Least Privilege – The minimum resources required for a user to perform his or her official job functions.
Policy
IT@VetMed will grant Local Administrative rights, as appropriate, to those personnel who require such rights to perform their duties. IT@VetMed will strictly adhere to the principle of "least privilege" when granting rights to computers. Rights will only be granted under the condition that they are essential for the performance of the grantee's job. Lack of adherence to all IT policies may cause revocation of these rights.
IT@VetMed will manage and track all users who require Desktop Support or Local Administrative rights. All users, other than Faculty, requesting rights must agree to the responsibility and requirements for Local Administrative Rights. The user and their department head must agree by reading and acknowledging the policy.
Responsibilities & Requirements
Users who are granted any level of Administrative rights shall adhere to the following:
- Users will use their NetID account for all routine work on their system and only use their local administrative Super User (SU) account when needed to install or update software.
- Do not install any unauthorized, unlicensed or non-standard software.
- Take all reasonable steps to ensure that the device with administrative rights is secured from malware or intrusion and assume the risk of data loss should the computer be compromised.
- In the event of failure of the device with administrative rights, the grantee will be responsible for restoring any applications, configurations and associated data beyond what has been approved as a standard base image.
- Ensure that the desktop is properly connected to the university network so that it receives schedule software patches and upgrades.
- Administrative rights can be terminated at any time.
Requesting User & Department Sign-off
Once the requesting user and department head acknowledge that they have read and agree to the policy the creation of their local administrative Super User (SU) account will be processed.