Skip to main content
Indiana Wesleyan University Support Knowledge Base

Access Control Permissions

  1. Last updated
  2. Save as PDF

Overview

Compliance with security procedures is required to ensure access to data is adequately safeguarded..

Purpose

This policy explains the authentication/authorization of identified critical systems.

Policy

Physical Security:

Key security is maintained for all areas affected.   Key requests are to be supplied to Facilities by the immediate supervisor and must include a signature from the Chief Information Officer.   Keys for areas other than Maxwell are maintained in a lock box in Maxwell 148.

 Authentication/Authorization of Identified Critical Systems

 Active Directory:

Role Based Access Control is used.  Member logins and degree of access are created at the request of specified representatives from the following areas:  HR, Records, Admissions, and CAPS Student Services.  Identified supervisors from CAPS are allowed to create specific limited profiles for AGS Faculty.   Any additional permissions requests are to be supplied by the user's immediate supervisor using a form supplied by HR.

Individual requests from ITS Help Desk for entry in Active Directory must be verified by a complete DRUS record in Datatel created by Student Services, Registrar 's office or Human Resources before creation of entry can be completed by a member of the Systems Administration team.

Colleague:

Requests for Colleague access are included in the login request for new employees loginrequest@indwes.edu, usually in the name of someone whose security can be cloned.  The list of security classes is evaluated and presented to the security officers of the areas represented.  For example, if the request states that the employee needs to see Financial Aid information, the security officer from Financial Aid is consulted. Security officers have the right to approve or deny access to their information. Once approvals are given, the final recommendation is sent to the person who assigns security.

Requests for employees who are transferring to new positions usually come to IT through email. The same process is followed: evaluate the request; consult with security officers; make a final decision; assign security.

The person making the initial request is notified when the process is complete.  All efforts are made to have the login and security in place before the employee’s start date.

Document Imaging:

Users are initially added to ImageNow when a department goes ‘live’.  This list is provided during the planning phase as a part of the details spreadsheet.  Once a department has completed their implementation, a Power User (member of the planning team) uses the Login Request form to indicate if a new user should be added, if an existing user’s permissions should be modified, or to remove a user altogether.  The form is available through the IT Portal Site.  A details spreadsheet is kept current for each department that utilizes ImageNow/WebNow with an updated copy posted to the department’s share folder.  – (source A. Hufford)

Source 4:    

Source 4 changes can only be made on one desktop unit in the IS department.  Access to this PC is covered by password.  Once compiled the file is placed on a folder using the c$ of a specific server.  This server has restricted access to this folder.

SQL Server Farms:

SQL Server Management access is given by the Database team only.  Permissions are granted by Jack Alexander (Systems Administration team) at the request of the DBA administrator.  There are only three active users at the current time.  Explicit permissions will be applied to any new user.   Various ports have been opened on individual servers to allow SQL Server Management access which is controlled by the Database team.

Voicemail:

        Access to individual voicemail recording is controlled by password created by users.

Web:

Portal page (Employee Intranet):

The login page is publicly accessible.  All other Web “pages” require authentication.  Users authorized to login include IWU Faculty and Staff with permission in Active Directory and individual authorized directly by their respective VP.

 

Scope

This policy will affect the Marion Campus.

History

16-Oct-2017 - Updated - ISO

06-May-2014 - Updated

04-Nov-2013 - Updated

09-Mar-2012 - Information entered into Mind Touch

13-Mar-2009 - Policy created

Policy Information

 General Policy     400.01.01   

Owner

University Information Technology

Approved By

Chief Information Officer

Chief Financial Officer

Additional Remarks

There are no known exceptions to this policy at this time.

Note:  This policy created by suggestions listed in NIST SP 800-122 (ES3 Using Access Enforcement)

 

UndefinedNameError: reference to undefined name 'isPrivateBadge' (click for details)
Callstack:
    at (IT_Forms_and_Policies/Policies/General_Policies/Access_Control_Permissions), /content/body/div[13]/div/div/div/pre, line 2, column 1



 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
    Stage
    Review
  2. Tags
    This page has no tags.