Information Technology Services

Brandeis University Proxy Access Protocol

Purpose

This document establishes a protocol for the safe use of proxy access to Brandeis systems by individuals authorized to assume roles of others for the purpose of system implementation, maintenance or testing.

Context

Individuals at Brandeis may require proxy access to a system to perform a specific function or set of responsibilities associated with their role. Proxy access enables them to log into the system acting as another system user, taking on the access and functions available to that user. This protocol ensures that this level of access is provided in a secure manner with authorization from the individual's manager as well as the data trustee(s) of the domains associated with the access. The protocol also establishes review mechanisms to ensure that the continued need for proxy access is regularly reviewed and approved by the appropriate parties. Note that proxy access is distinct from delegated access through which an individual may enable someone else to perform functions on their behalf.

This protocol is part of the Data Governance Program established by the Brandeis Data Governance Policy document.

Scope

This protocol applies to all Brandeis University employees and volunteers, whether full or part time, including administrative staff, contracted and temporary workers, consultants, interns and student employees working on a Brandeis system with the ability to proxy as another user.

Protocol Statements

• An individual requiring proxy access to a Brandeis system must obtain their manager's approval for this level of access.
• Proxy access should be specified for a domain or set of domains. Requests for proxy access must then be approved by all data trustees associated with these domains.
  • For example, an individual may require access to develop training materials for managers which would require approval by the data trustee of the HR Domain.
• Individuals receiving approved proxy access must sign the Brandeis University Nondisclosure Agreement.
• All system administrators of Brandeis systems must retain a log indicating, for each proxy access request:
  • Proxy access requestor
  • Manager of requestor
  • Date when manager approval was given
  • Data trustees associated with the request
  • Dates when data trustees' approvals were given
  • Level of access provided for the proxy
  • Date that the proxy access was provided
  • Length of time that the proxy access is required
• Twice annually, system administrators must receive renewed approval from managers indicating that the individuals with proxy access retain their need to do so. As indicated by managers, proxy access should be removed for those who no longer require it.
• When at all possible based on the business need for the request and given the security roles in place for a system, access to sensitive data should be removed from the proxy access. Currently this is not possible in some systems, such as Workday, but it remains as a guideline in the event a system does have more segmented proxy access functions.

Responsibilities

• Individuals requesting proxy access will receive their manager's approval before making the request.
• Managers and data trustees will seek to approve or deny proxy access requests in a timely manner.
• Manages and data trustees who deny proxy access requests will provide a reason associated with the denial decision.
• System administrators will retain records of proxy access requests as indicated in the protocol statements.
• Proxy access requests currently are submitted via email or via a ticketing system to system administrators who facilitate the approval processes (manager and trustee(s)), the record-keeping and the bi-annual validation of access. This protocol will be updated once an automated approval process (currently being designed) is in place.

Definitions

• Brandeis Systems: Systems of record for Brandeis administrative and academic functions which house university data, including Workday, Slate, Moodle, Salesforce, Explorance Blue and other systems which integrate with these systems.
• Data Trustee: An individual with decision-making authority regarding the data for a given business domain. Data trustees are given this authority by the senior-most leadership at the university, the offices of the Provost and Executive Vice President, identified in the Brandeis Data Governance Policy document as the Executive Council.
• Domain: A functional area containing one or more units that have primary responsibility for managing a core University mission or business function.
• Proxy Access: Proxy access allows certain users to access a system and act as another user without having to log into the system at that user. The level of access is valid only in non-production environments. When applicable, boundaries are defined which indicate which users can use the proxy access functionality and who they can/cannot log in as. For example, with very few exceptions, Workday users cannot have proxy access as the security administrator. Proxy access is distinct from delegation. Proxy access enables a user to access a system acting as another user. Delegated access enables a user to perform a function on behalf of another user due to the nature of their defined role.
• System Administrator: An individual responsible for the configuration and reliable operation of a Brandeis system who seeks to ensure that the performance and security of the system meets the needs of the users and adheres to all appropriate standards and regulations.

Relevant Policies and Protocols

• Brandeis Data Governance Policy
• Brandeis Data Classification Standard
• Brandeis University Nondisclosure Agreement

Protocol Owner

Information Technology Services

Version History

---

^[1] Questions about research data should be directed to the Library's Data Services team.