UBIT Guidance: Requesting Administrative Access

Category: Information Technology

Responsible Office: Information Security Office

Responsible Executive: Vice President and Chief Information Officer (VPCIO)

Date Established: July 27, 2023

On this page:

Summary

The University at Buffalo (UB, university) is committed to providing individuals with reliable, secure. and customer-friendly technology in stable operating condition. To address the needs of the faculty and staff, departmental/node IT may provide administrative privileges for individuals on a case-by-case basis while still adhering to the IT principal of least amount of privilege. 

Policy

Each request for administrative privileges is evaluated based on a demonstrated need and a proven in-depth understanding of the responsibilities associated with this special access and obtained approval.

In most instances when administrative access is needed on a university-owned device, employees can contact UBIT for assistance.

Those who have a business need for repeated administrative access on their university issued device for ongoing needs must contact their departmental/node IT support to complete the UBIT Exception Request form.

There are multiple ways to provide administrative access. Individuals will work with their IT Node to determine which ISO approved administrative method should be utilized.

If administrative access is granted the employee will be sent the User Agreement for Administrative Access which must be signed and returned to the departmental/node IT support before administrative access will be enabled for their device. Failure to sign and return the User Agreement will result in the denial of administrative access. If an employee is unwilling to sign the User Agreement their request for administrative access will be denied.

Removal of Administrative access

Administrative access will be removed after one year. If the use of administrative access is required for ongoing needs a new Exception Request Form must be completed through the UBIT Node requesting an extension of use. The University at Buffalo retains the right to remove administrative access at any time. Reasons for removal may include, but are not limited to:

  • Changes to job role and responsibilities in such a way that administrative privileges are no longer required.
  • Non-compliance with terms and conditions.
  • Committing abuse, which includes but is not limited to: 
    • Downloading software that is malicious to the network. 
    • Downloading unlicensed/illegal software. 
    • Downloading copyrighted material without permission. 
    • Downloading malware to your machine that are specifically attributed to the use of administrative rights.  
    • Causing a breach of Category 1 or Category 2 data.
    • Interfering with patches, upgrades, or malware scans.
  • Violation of UB policies: If an individual violates the university's policies related to computer usage, such as sharing passwords, accessing unauthorized resources, or engaging in illegal activities, administrative privileges will be revoked.
  • Security risks: If an individual’s actions or behavior pose a security risk to the university's computer systems or network, administrative privileges will be revoked to prevent further harm.
  • End of employment: If an individual’s employment at the university comes to an end, the university will revoke administrative privileges to ensure that they no longer have access to sensitive information or resources.
  • Non-compliance with UBIT standards: If an individual does not comply with the university’s, IT standards, such as installing unauthorized software or hardware, the university will revoke administrative privileges to prevent potential damage to the computer systems or network.
  • Requested by the customer: In some cases, an individual may request to have their administrative privileges revoked, for example, if they no longer need the access or if they are taking a leave of absence.

Background

This guidance is designed for UB employees when submitting a request for administrative privileges.

Applicability

This guidance applies to all UB employees who are requesting administrative privileges on UB owned device.

Responsibility

UB Employees Requesting Administrative Access:

• Contact your departmental/node IT support to complete and submit an Exception Request Form.

• Sign and submit User Agreement for Administrative Access.

Contact Information

Information Security Officer
201 Computing Center
Buffalo, NY 14260
Phone: 716-645-6997
Email: sec-office@buffalo.edu        
Website: http://security.buffalo.edu

Vice President and Chief Information Officer
517 Capen Hall          
Buffalo, NY 14260
Phone: 716-645-7979
Email: vpcio@buffalo.edu
Website: http://www.buffalo.edu/ubit.html

Related Information

Exception Request Form: Minimum Security Standards for Desktops, Laptops, Mobile, and Other Endpoint Devices
Still need help?

Contact the UBIT Help Center.