The purpose of this document is to support compliance with the UB Minimum Security Standards for Desktops, Laptops, Mobile, and Other Endpoint Devices, section 2.7 Limit Administrative Account Privileges.
Each request for administrative privileges reflects a unique set of circumstances including, but not limited to:
- Classification of data available to the individual and/or classification of data on the device or machine
- Compensating controls
- Research, business, or operational purpose
- Device or machine specifications
Therefore, this document should be used as a guideline. It does not constitute official university policy.
People can sometimes update add-ons to software through creative use of file and directory ownership and group permissions. Examples include:
- Installing LaTeX stylesheets by giving write access to the stylesheet directory to the people who need to use it
- Installing add-on modules for languages such as Python or Perl by either granting write privileges to the directories where they are installed, or by educating them in how to install them in their personal spaces if these modules do not need to be shared by multiple people who use the system