What is the process for fulfilling department requests for access to employee box data?
Placeholder to document the process for "Fulfilling department requests for access to employee box data"
When the security team approves a department request for access to employee box data we will be very specific about what we are approving.
The approval will start off with "Security has reviewed and approved this request." then depending on each of the following use cases:
a) When a collaborator just needs access to a box file of a recently expired account, security will ask:
Please temporarily reactivate the Box account of $netid.
Please transfer ownership of the following Box files/folders owned by $netid1 to $netid2:
- "Research Folder"
- Grant application.docx
c) When (and in very rare cases) a unit will need access to ALL of on employees Box data, security will ask:
Please transfer ownership of all Box files owned by $netid1 to $netid2.
To avoid mistakes, it's extremely important for security to be very specific, and if it's equally important for the Box admin completing the request to ensure that the scope of the request is maintained. Sometimes there are circumstances that the Box admin will notice that might justify that a request needs to be re-evaluated, please share that information back to the security team for review.