Wednesday, 20 February 2013

Tightening Up Shared Role Based Accounts

There are a number of special computer accounts at the University intended to be used for a specific function rather than to allow an individual to access services. Sometimes these are used for departmental websites on cPanel, sometimes they are used for shared mailboxes and there are a range of other applications too. The accounts are often referred to as shared accounts, generic accounts or role based accounts.

Due to the shared nature of these accounts they tend to be passed from colleague to colleague over time and when staff leave it can be difficult for CiCS to know for sure whether the account is still needed.

To address this we are building new safeguards into these shared accounts to ensure we know whether each account is still needed and who its registered keeper is. In future this will be a simple process causing negligible disruption. However, the initial startup will need to clear a backlog and this will mean several hundred staff receive emails asking whether a shared account is still needed and whether they are happy to be its registered keeper. This is all well and good if the account is still being used but may cause confusion if the account has long been forgotten about.

If you are lucky enough to receive one of our email notifications please let us know whether the account it refers to is needed and who the registered keeper should be. If you don’t know anything about the account please let us know that too.

One final thing, emails asking for account details are used for online fraud (phishing) attempts. Our email does not ask for your username, password or email address and it does not require you to type these into a web form. It can be answered with simple yes or no replies. If you ever receive an email asking you to provide account details you should delete it.

If you require confirmation that the email in genuine please contact the CiCS helpdesk on 21111.