Authorization is a process by which a system determines if the client has permission to use a resource or access a file.  It is usually coupled with authentication so that the server has the assurance of who the client is that is requesting access.  The type of authentication required for authorization may vary; only passwords may be required in some cases, but passwords and 2-Step Login will be required for tasks that require a higher level of user assurance.

Principle of Least Privilege

Individuals should be granted the least access sufficient to complete their University responsibilities. Individuals that are granted privileged access accounts should use the least privileged account for day-to-day activities; privileged accounts should only be used when the elevated privilege is required by the system or application.  For more information please see the Privileged Access Standard.

Updating User Access 

Authorization Methods

The University requires that the proposed solution meet the University identity access management Account Authentication Standard.  The following approved  methods of authorization are listed in preference. If a service does not apply good authorization practices then it is possible that all users in our directory servers (200,000+) will have access to the application.

Granting Access:

Removing Access:

Appropriate procedures should be put into place to ensure the access is revoked when no longer needed.

Access Review

User, privileged, and shared accounts should be periodically reviewed, at least annually.

Glossary of Terms

For more information please see: