Report an accessibility problem

Ira A. Fulton Schools of Engineering | Engineering Technical Services

Select Page

Privilege Use Policy


The ASU Information Security Policy establishes guidelines and standards for the preservation of the confidentiality, integrity and availability of University information resources. For additional information: http://links.asu.edu/informationsecuritypolicy

All operating systems and databases have privileged accounts, frequently called an “administrator,” “service,” or “root” accounts. These accounts may be used to run specific services or processes on a given system. These types of accounts normally have elevated privileges whereby it can modify the system’s operation, authentication methods, access controls, logs and the privileges of other accounts.

Users on ASU owned systems should be logged into their regular accounts and not their privileged accounts on a day to day basis.

If you are a user who is needing an exception from the policy for a specific system, contact your IT Manager.

Account Usage for Privileged Use include:

  • Installing, upgrading, or troubleshooting system or application software.
  • Relocating individual’s files from critically overloaded locations.
  • Performing repairs required to return a system to normal operating parameters.
  • Running security checking programs and maintaining system backups.
  • Monitoring and tuning the system to ensure capability, continuity, reliability, and security.

Account Usage NOT for Privilege Use Include:

  • Surfing the web
  • Accessing email
  • Opening attachments
  • Conducting any other activities beyond their specific intended purpose.

Privilege Use Best Practices (Windows):

This is for all Windows machines, an equivalent process is being developed for Linux and Mac machines.

Due to the Privilege Use policy, elevated access needs to be temporary and documented. To satisfy this requirement, on Windows systems users who are approved can utilize the ‘Elevate Admin’ application through Software Center. Users with specialized needs
can request an exemption from this policy.

 

IT employees should use their privileged accounts only when they need the elevated permissions for a specific task; they should use their regular accounts otherwise.

Elevate Admin Access Process:

This is for all Windows machines, an equivalent process is being developed for Linux and Mac machines.

https://ets.engineering.asu.edu/elevate-admin

Privileged Account Standard Policy:

http://links.asu.edu/privilegedaccountsstandard

This policy was created in reference to the Information Security Policy above.