Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Termination / Retirement Policies
From: "Miguel A. Glez. de la Torre" <mglez () ITESM MX>
Date: Thu, 27 Mar 2014 11:56:07 -0600


We use one account for every role, i mean, if a person is an employee, a
master student and also has children in the highschool or university (in our
affiliations, a Father), he has 3 accounts, one for every rol.

We´re analyzing how to improve this because there are more roles in the way,
like consultants, clients (of other services out of school things),
suppliers, etc.. so we need to redesign our Identity Management and were
asked to have one account for all the systems.


Anyone with this approach? 

Ing. Miguel Angel González de la Torre, MCC

Director Seguridad de la Información
Dirección de Tecnologías de Información
Tel.: 52 (81) 8158 2000, ext. 2936. Fax: 81 81582287
Enlace intercampus: 80-689-2936.


From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Donna Volpe Strouse
Sent: jueves, 27 de marzo de 2014 11:40 a.m.
Subject: Re: [SECURITY] Termination / Retirement Policies


We also have one account per user.  However, we have had to make an
exception to that rule for alums who are also employees if there is a
non-amicable separation from their job. This is because all alums get to
keep their wellelsey.edu domain credentials.  So in order to let them keep
their Wellesley email, but still satisfy our requirement to terminate
accounts immediately when employees leave the college, we will create a
second account for the alum to use for personal email only. 

Kind regards,



Donna Volpe Strouse

Director of LTS Administration & Information Security Officer

Library & Technology Services

Wellesley College

Clapp Library 246


*** Many people want your password so they can steal your information. If an
email asks you to send your password or directs you to a page that is NOT in
the  <http://wellesley.edu/> wellesley.edu domain, DO NOT provide your
password. LTS will never ask for your passwords -- when in doubt, contact
the LTS Computing Help Desk.


On Thu, Mar 27, 2014 at 12:21 PM, Jones, Mark B <Mark.B.Jones () uth tmc edu>

Our users have one account no matter how complex their affiliation is.
Users who are both employees and students gain or lose attributes as their
affiliations change but their single account persists until they have no
lingering affiliation.  Applications and services are expected to handle
authorization appropriately.  In other words authentication should not equal


From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Peter Lundstedt
Sent: Thursday, March 27, 2014 10:15 AM

Subject: [SECURITY] Termination / Retirement Policies


Hi all,


We’re working developing some formal policy, standards, and procedures
around faculty, staff, and student account terms following status changes
and I’m curious on what others are doing.


The following scenarios are some that we are struggling with, but anything
around the term process would be helpful.


Do you allow faculty with proprietary research (Emeriti in particular) to
keep hardware following retirement?

How do you handle staff terms when that staff member is also a student?

How do you handle student terms when a student is also an adjunct


Peter Lundstedt






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]