/Institutions/Keuka-College/json/2024-2025/Information-Technology-Policies-local.json

/Institutions/Keuka-College/json/2024-2025/Information-Technology-Policies.json

Admin Rights to a Device

This policy is in support of the Acceptable Use Policy.

Administrative access or rights is defined as a privileged level of access above that of a normal user. Power Users, Domain Administrators, and Enterprise Administrators groups would all be considered to have administrative access as appropriate to their duties. In an application environment, users with ‘super-user’ or system administrator roles and responsibilities would be considered to have administrative access. Administrative rights to a college-issued device is reserved for members of the Information Technology staff, only. Under extreme circumstances, administrative rights to a college-issued device may be approved by the Vice President overseeing the Information Technology department or their designee.

Administrative access to college computing resources should only be used for official college business. Use of administrative access or rights should be consistent with an individual’s role or job responsibilities as determined by management. When an individual’s role or job responsibilities change, administrative access should be appropriately updated or removed. In situations where it is unclear whether a particular action is appropriate, and within the scope of current job responsibilities, the situation should be discussed with management and the Information Technology Department. 

Inappropriate use of administrative access includes but is not limited to:

• Accessing non-public, restricted, or confidential information that is outside the scope of specific job responsibilities.
• Exposing or otherwise disclosing non-public, restricted, or confidential information to unauthorized persons.
• Using access to satisfy personal curiosity about an individual, system, practice, or other type of entity.
• Circumventing user access controls or any other formal college security controls.
• Using administrative access for personal use or gain.
• Granting administrative access to unauthorized parties.

If at any point an individual with administrative access or rights is found to be utilizing them inappropriately, those rights will be revoked and disciplinary action may be taken. The final authority in determining administrative rights and access is the Vice President overseeing the Information Technology Department, or their designee.