BP.03.002 - Business Practice for Administrative Access to Workstations

Printable Version in PDF Format (Get Adobe Acrobat)

Table of Contents

History [top]

  • Business Practice Number: BP.03.002
  • Version: 1
  • Drafted By: Neal Fisch
  • Approved By: Michael Berman
  • Approval Date: 09/13/2010
  • Latest Revision Date: 08/12/2013

Purpose [top]

To assure the confidentiality, integrity, quality and availability of CSU Channel Islands information assets by limiting administrative access to workstations to those with a legitimate academic or business need for the access.

Background [top]

Channel Islands T&C strives to provide a high-quality and feature rich computing environment. T&C depends upon standardization of the computing environment to deliver quality service and support to students, staff and faculty. Internal policies, such as the Interim Policy on Responsible Use (IT.03.001), require T&C to implement processes to ensure the appropriate use of information systems. Additionally, the University is required by CSU system-wide policy to protect its information assets.

As computers and their associated operating systems grow in complexity, they also become more complicated to manage. Most operating systems and software developers have a two-tiered approach to computer access rights, with regular users and administrative users. For most operations, regular user privileges are sufficient to complete work-related tasks and to provide limited customization of the computing environment. By contrast, administrative users are granted full control over the system or service to which the administrative access applies, and can make any and all modifications to the machine.

Business Practice [top]

Accountability [top]

Manager, User Services

Applicability [top]

All CI users assigned a workstation.

Definition(s) [top]

  1. Administrative Access:   Access levels above and beyond that of a regular, non-administrative user.
  2. Administrative User:  A user with administrative access to a system or service.
  3. Regular User:  A user without administrative access to a system or service.
  4. Workstation:  A University-issues or -owned computer.  "Workstation" encompasses any computer issues to an individual and includes desktops, laptops, notebooks, and netbooks.

Text [top]

In order to ensure the confidentiality, integrity, quality and availability of the University’s information assets, T&C will implement the following procedures. 

Administrative access to workstations — General

Channel Islands T&C bases its support and service operations on the assumption that all faculty and staff are granted regular user access to their workstation(s), and strives to deliver a feature-rich and high quality computing environment that allows regular users to perform their duties. Limitation of administrative access permits T&C to maintain the integrity of the campus computing environment and simplifies troubleshooting, centralized management, and upgrades to workstations. T&C strongly discourages faculty and staff from having administrative access to their machines.

Users granted administrative access to their workstations are subject to the Administrative Access Rights Service Level Agreement and bear full responsibility for the administration of their workstation. Users who fail to demonstrate sufficient system administration skill are subject to having administrative access privileges suspended or revoked, at the discretion of the VP for Technology & Communication.

Administrative access to workstations — Staff (including student employees)

Channel Islands T&C restricts administrative access to staff member workstations to those who have a demonstrated business need for access to those workstations.

For a staff member to gain administrative access to their workstation, that staff member must—

  1. Have a demonstrated business need for administrative access to their workstation(s),
  2. Obtain the verification of a demonstrable business need from their program or department manager,
  3. Obtain the written approval of the request from their Division executive (see Exhibit 2),
  4. Obtain the written approval of the VP for Technology & Communication, and
  5. Complete and agree to the Administrative Access Rights Service Level Agreement (see Exhibit 1).

Administrative access to workstations — Faculty

Channel Islands T&C may provide faculty members with administrative access to faculty workstations with the approval of the Dean of the Faculty or designee. This access is provided to faculty to support the academic mission of the institution.

For a faculty member to gain administrative access to their workstation, that faculty member must—

  1. Complete and agree to the Administrative Access Rights Service Level Agreement (see Exhibit 1).

Administrative access to workstations — Students

Student employees must comply with the processes for staff members above.

The provisioning of administrative access to workstations to non-employee students is prohibited unless those workstations are physically isolated from the campus production network.

Exhibit(s) [top]

Exhibit 1 - Administrative Access Rights Workstations - Service Level Agreement - (MS Word, 218KB)

Exhibit 2 - Administrative Access to Workstations - Business Justification and Approval - (MS Word, 219KB)

To view Microsoft Word documents, please download and install Microsoft Office.

Assessment History [top]

Description Frequency Role Assigned
Annual review of this business practice.   Annual - July    Manager, User Services 
©