New Procedures for the Management of Computer Accounts

Bulletin Issue: 15/2006 & 16/2006, Mon 10 Apr 2006	BUL-GI-2006-068

Also in this Issue:

Accommodating science

New arrivals

Capping off installation

ALICE honours industries

The redesigned Bulletin is on its way

Crowd gathers for phantom particles

CMS tracker observes muons

Academic Training - Studying Anti-Matter

2006-2007 Academic Training Programme Questionnaire

Language Training

New Procedures for the Management of Computer Accounts

In today's computing environment where there is a permanent threat of computer security incidents, it is vitally important to control who has access to CERN's computing infrastructure. To obtain a computer account it is already required that people be registered at CERN but up till now closing of accounts has relied on an annual review carried out by the group administrators. This process is now being automated and linked into the CERN registration database. The account review will run permanently and trigger action both when an account is unused and when a person's contract is soon to end. Advance warning of actions to be taken will be sent to both users and their supervisors:

when an account has been unused for 6 months the account will be blocked. A year later, after a second warning, the account will be deleted;
when a person's association with CERN comes to an end (based on the 'end date' in the official registration database) their computer accounts will be blocked. For most members of the personnel there will be a 'grace period' of 2 months before the account is blocked to allow for the orderly transfer of data. This grace period will not apply to contractors. A year later, after a second warning, blocked accounts will be deleted. More information can be found at http://cern.ch/ComputingRules/procedures/accountmanagement.html.

The introduction of the new procedures also requires a major clean-up of accounts that don't comply with the new rules. This will be done progressively over the coming months, starting with the IT Department. Warnings will be sent by email to the people concerned, with a copy to their supervisor. The most common action will be the blocking of unused accounts. However, the main actions that we expect users will need to take are:

re-registration with CERN for USERS and other collaborators who are not very often physically present at CERN and have let their registration lapse;
transfer of ownership of 'service accounts' which are still in the name of someone who has left.

Initially, these procedures will be applied only to computer accounts, but it is planned to extend the principle to other computing related items such as web sites, mailing lists and devices connected to the network which require a named responsible person.

Back to search

Record created 2006-04-06, last modified 2012-09-14

Similar records

Add to personal basket
Export as BibTeX, MARC, MARCXML, DC, EndNote, NLM, RefWorks

CERN Document Server

Access articles, reports and multimedia content in HEP

Main menu

Also in this Issue:

New Procedures for the Management of Computer Accounts

CERN Accelerating science

Also in this Issue:

New Procedures for the Management of Computer Accounts