Accounts - Permissions
Accounts/accounts within the KIT network can take on different characteristics and authorizations (for example, when the contract status of an employee or guest changes), and accounts are also created and maintained from various sources.
Employee accounts and similar accounts, for example, are managed through the interface to the leading personnel management system (SAP),
Guest and partner accounts are maintained by the employees defined in the OUs in Guest and Partner Management,
student accounts are administered by the student administration using their administration software, and
special types of accounts, which are partly technically conditioned and / or provided with special functions (admin-accounts, service-accounts ...) are administered by SCC.
Accounts supplied by Personnel Services (PSE):
PSE delivers different varieties of accounts through the interface available to Identity Management (IDM) using SAP. So here SAP is the leading authoritative system and responsible for the updates or changes of HR data. For this reason , in case of problems with such accounts - such as leaving, renewal of a contract, etc. - please always contact the responsible HR manager first. - please always ask the responsible personnel manager first:
| Mail addressformat | KIT account | Authorization ASK-Shop |
Authorization Libraryservices |
Shibboleth User class(es) |
Usage bwSync&Share |
|
|---|---|---|---|---|---|---|
| Staff | @kit.edu | yes | yes | yes | employee;member | yes |
| trainee | @kit.edu | yes | yes | yes | employee;member | yes |
| PhD student | @kit.edu | yes | yes | yes | employee;member | yes |
| ATZ active | @kit.edu | yes | yes | yes | employee;member | yes |
| ATZ-passive | @kit.edu | yes | yes | yes | employee;member | yes |
| pensioner | ---------- | ---------- | ---------- | ---------- | ---------------- | |
| Emeritus | @kit.edu | yes | yes | yes | employee;member | yes |
| DHBW student | @kit.edu | yes | yes | yes | employee;member | yes |
| Visiting Scientist | @kit.edu | yes | yes | yes | employee;member | yes |
| Lecturer | @kit.edu | yes | yes | yes | employee;member | yes |
Notes:
- All accounts with @kit.edu mail address get their own mailbox.
- Accounts managed by IDM and delivered by SAP are created in ActiveDirectory under kit.edu\KIT\Staff\OE abbreviation\IDM.
- Use of bwSync&Share with membership in the AD group SCC-Entitlement-bwsyncnshare (GID 83922) or SCC-Entitlement-bwsyncnshare-IDM (GID 83923). Automatically, the active MAs with the SAP roles:
"Trainee, DHBW student, doctoral student, visiting scientist, lecturer, employee CN, employee CS scient. Employees, Employees CS Civil Servants, Employees CS Scient. Beamte, Mitarbeiter CS Sonstige, Mitarbeiter CS Beschäftigte, Praktikant, Professor, Professor im Ruhestand, Ruhend" (Retired)
included (per table above), manually the ITB can have an account added to the SCC Entitlement-bwsyncnshare-Exceptions group via ticket to SCC in Group Management. - Former employees were able to request a maximum extension of their account for 2 years via request until the deprovisioning regulations went into effect. However, accounts with this "alumni" status no longer have permissions for bwSync&Share.
Accounts supplied by the GuP (Guests and Partners) administration:
By means of the GuP administration, KIT organizational units can create accounts themselves according to the roles that can be assigned in the GuP.
The login name and the initially assigned mail address have the form ab1234 ∂does-not-exist.partner kit edu.
Depending on the selected role, or other selected options, the additional kit.edu mail address can be assigned, this is set up as an additional alias address.
| Mail addressformat | KIT account | Authorization ASK-Shop |
Authorization Libraryservices |
Shibboleth User class(es) |
Usage bwSync&Share |
|
|---|---|---|---|---|---|---|
| External Student | @partner.kit.edu | yes | no | no | affiliate | --- |
| Scholar | @partner.kit.edu, @kit.edu | yes | no | no | affiliate | yes |
| scholarship holder(partner) | @partner.kit.edu | yes | no | no | affiliate | yes |
| employee of an external company | @partner.kit.edu | yes | no | no | affiliate | --- |
| Friend and supporter of KIT (role no longer current) |
@partner.kit.edu | yes | no | no | affiliate | --- |
| Habilitand | @partner.kit.edu | yes | no | no | affiliate | yes |
| PhD student | @partner.kit.edu, @kit.edu | yes | yes | yes | employee;member | yes |
| doctoral student(partner) | @partner.kit.edu | yes | no | no | affiliate | yes |
| stud. Auxiliary | @partner.kit.edu, 9 ∂does-not-exist.kit edu | yes | no | no | affiliate | yes |
| research assistant | @partner.kit.edu, 9 ∂does-not-exist.kit edu | yes | no | no | affiliate | yes |
| people from collaborations | @partner.kit.edu | yes | no | no | affiliate | --- |
| Former employee | @partner.kit.edu | yes | no | no | affiliate | --- |
| guest student / gifted student | @partner.kit.edu | yes | no | no | affiliate | --- |
| Visiting Scholar | @partner.kit.edu | yes | no | no | affiliate | yes |
| Other scient. Personal | @partner.kit.edu | yes | no | no | affiliate | yes |
| intern | @partner.kit.edu | yes | no | no | affiliate | --- |
| Former Professor | @partner.kit.edu | yes | no | no | affiliate | yes |
| Scientific day guest | @partner.kit.edu | yes | no | no | affiliate | --- |
| Privatdozent | @partner.kit.edu, @kit.edu | yes | no | no | affiliate | yes |
Notes:
- All accounts get their own mailbox (but is very often only used as a forwarding).
- GuP accounts managed by IDM are created in the ActiveDirectory under kit.edu\KIT\MISC\OE abbreviation\IDM.
- Once a role has been assigned in the GuP administration that entitles to a @kit.edu mail address, only roles that also entitle to @kit-edu addresses can be assigned to the guest when changes are made (doctoral student, scholarship holder, scientific / student assistant, private lecturer).
- Use of bwSync&Share with membership in the AD group SCC-Entitlement-bwsyncnshare (GID 83922) or SCC-Entitlement-bwsyncnshare-IDM (GID 83923).
Automatically the active guest and partners with the above mentioned roles (see table) are added to these groups, manually the ITB can have an account added to the SCC-Entitlement-bwsyncnshare-Exceptions group via ticket to SCC in the group management.
Special account types managed by SCC / IDM:
- personal admin account -> KIT adminaccount
- service account -> KIT serviceaccount
- Course account for the use of the SCC pool rooms
- Wlan guest accounts
These accounts may have limited functions for specific purposes only
Accounts for students ("U-Accounts")
These are supplied to us exclusively by the student administration, for this reason SCC cannot have any influence on these accounts.
In case of administrative problems (expiration of the account due to late re-registration, problems with enrollment ... ) please contact the student administration / the student office first!
Note: Use of bwSync&Share: Students with an active U-account are members of the corresponding groups and can therefore use bwSync&Share.