Administrator Access to Educational Technology Tools
UIS in general and Educational Technologies (EdTech) group in particular are legally bound by FERPA and other laws to be careful stewards of student and employee data. In granting administrator access to Canvas, Zoom, Panopto, ShareStream or other student-facing tools we are delegating some of the powers and responsibilities that are central to our mission.
Rules that govern appropriate use under FERPA:
- Use administrator access only for official university business.
- Only use access in a way consistent with your role and job responsibilities.
- Notify EdTech if your role or responsibilities change, so your access can be updated or terminated.
- Do not access data outside the scope of specific job responsibilities.
- Do not expose or share any non-public data to unauthorized people.
- Do not access data to satisfy personal curiosity about an individual, course, department, school, practice, or any other type of entity.
University policies that apply to all administrator access:
- Read and follow the University Computer Systems Acceptable Use Policy.
- Never circumvent user access controls or other formal University security controls.
- Never circumvent bandwidth limits or other University computer controls.
- Never circumvent account activation/suspension procedures.
- Never circumvent procedures for account access or account changes.
- Never circumvent other university procedures, especially security policies for installing or integrating software that has access to student and employee data.
UIS policies applicable to administrator access:
- UIS.401.1 Data Classification Guidelines In support of UIS 401 Data Protection and Security Policy
- Procedures for TSPs/SNAs
Administrator Access is defined as a level of access above that of a normal user. This definition is intentionally vague to allow the flexibility to accommodate varying systems and authentication mechanisms. In an application environment (e.g. Canvas, Panopto, Turnitin, Zoom, ShareStream, etc), users with ‘super-user,’ system administrator, content manager, program manager, sub-account administrator, or similar roles and responsibilities would be considered to have Administrator Access. This guidance applies to any user account or user role in which utilization of access rights is reserved solely for the intended business purpose.
Non-public Information is defined as any information that is classified as restricted information (both High Risk Data and Medium Risk Data) according to the University Guidelines for Data Classification. Access to restricted data must be approved by the designated Data Owner (Data Steward) as defined in the University Information Security Policy under Roles and Responsibilities.