Makerere University

Enter a keyword or two into the search box above and click search..

ICT Best Practises - Follow adequate procedures for user accounts and access

You are here

Access to University systems and data should only be provided to those who legitimately require it. In providing this access, adequate procedures should be followed to ensure that university policy and guidelines are adhered to. Managers and technicians should:

  • Provide access to only those persons who are otherwise eligible to use university technology resources.
  • Require all users to be identified and authenticated before access is allowed (i.e., no guest access, no shared accounts, unless absolutely necessary).
  • Limit access to needed services to only authorized persons.
  • Assign accounts only to individuals (i.e., don't use group accounts).
  • Use different passwords for privileged accounts (e.g., root, administrator) on various systems being maintained by the same technicians.
  • Perform day-to-day work as a non-privileged user and only use privileged accounts for tasks that require additional capabilities.