30.03 - Information Technology Services (ITS) Security Access

September 13, 2011

A. General. All computer system access is tied to training and proper authorization. Contact the Administrative Hot Line for the module in question, or talk to the ITS security analyst at (208) 885-2522. [ed. 1-10]

B. Workstation Security Policy. All university computers that access Oracle resources on the UI network that have the ability to lock their machine by use of a password protected screen saver shall make use of this option. The following table outlines the time limit of inactivity before the option comes on to restrict access to the machine.

Access Privileges Maximum Time
Developers Access: Including access to directories that contain administrative programs, access to production database data through tools such as SQL Plus, users that have the capability to make production data and/or production programs, users with direct access to the command prompt on production machines. 5 min
Maintenance Access: Those users that have privileges to update production data in any of the administrative applications. 10 min
All Other Access: Including those that have privileges to view and query from any of the administrative applications, users that have access to run applications from any of the administrative servers and users that store data files and documents on network space. 15 min

C. Automatic Logoff Policy. In order to better manage limited resources and enhance the security of our administrative systems, any Oracle session attached to the production, pre-production or training databases will be automatically logged out after 120 minutes of inactivity. [rev. 9-11]

C-1. UNIX Sessions. In addition, any UNIX session on one of the production computers remaining inactive for 120 minutes will be automatically logged out. [Exemptions to this policy may be granted to individuals with a valid need to perform job duties outside this constraint via extraordinary application and approval of the functional leaders. Questions should be posted to the Banner director’s group. Contact names can be provided by the MIS manager.] [ed. 1-10, rev. 9-11]