Translated with DeepL.com

Accounts - Permissions

Accounts/accounts within the KIT network can take on different characteristics and authorizations (for example, when the contract status of an employee or guest changes), and accounts are also created and maintained from various sources.

Employee accounts and similar accounts, for example, are managed through the interface to the leading personnel management system (SAP),
Guest and partner accounts are maintained by the employees defined in the OUs in Guest and Partner Management,
student accounts are administered by the student administration using their administration software, and
special types of accounts, which are partly technically conditioned and / or provided with special functions (admin-accounts, service-accounts ...) are administered by SCC.

 

Accounts supplied by Personnel Services (PSE):

PSE delivers different varieties of accounts through the interface available to Identity Management (IDM) using SAP. So here SAP is the leading authoritative system and responsible for the updates or changes of HR data. For this reason , in case of problems with such accounts - such as leaving, renewal of a contract, etc. - please always contact the responsible HR manager first. - please always ask the responsible personnel manager first:

  Mail addressformat KIT account Authorization
ASK-Shop
Authorization
Libraryservices
Shibboleth
User class(es)
Usage
bwSync&Share
Staff @kit.edu yes yes yes employee;member yes
trainee @kit.edu yes yes yes employee;member yes
PhD student @kit.edu yes yes yes employee;member yes
ATZ active @kit.edu yes yes yes employee;member yes
ATZ-passive @kit.edu yes yes yes employee;member yes
pensioner ---------- ---------- ---------- ---------- ----------------  
Emeritus @kit.edu yes yes yes employee;member yes
DHBW student @kit.edu yes yes yes employee;member yes
Visiting Scientist @kit.edu yes yes yes employee;member yes
Lecturer @kit.edu yes yes yes employee;member yes

 

Notes:

  • All accounts with @kit.edu mail address get their own mailbox.
  • Accounts managed by IDM and delivered by SAP are created in ActiveDirectory under kit.edu\KIT\Staff\OE abbreviation\IDM.
  • Use of bwSync&Share with membership in the AD group SCC-Entitlement-bwsyncnshare (GID 83922) or SCC-Entitlement-bwsyncnshare-IDM (GID 83923). Automatically, the active MAs with the SAP roles:
    "Trainee, DHBW student, doctoral student, visiting scientist, lecturer, employee CN, employee CS scient. Employees, Employees CS Civil Servants, Employees CS Scient. Beamte, Mitarbeiter CS Sonstige, Mitarbeiter CS Beschäftigte, Praktikant, Professor, Professor im Ruhestand, Ruhend" (Retired)
    included (per table above), manually the ITB can have an account added to the SCC Entitlement-bwsyncnshare-Exceptions group via ticket to SCC in Group Management.
  • Former employees were able to request a maximum extension of their account for 2 years via request until the deprovisioning regulations went into effect. However, accounts with this "alumni" status no longer have permissions for bwSync&Share.

 

Accounts supplied by the GuP (Guests and Partners) administration:

By means of the GuP administration, KIT organizational units can create accounts themselves according to the roles that can be assigned in the GuP.

The login name and the initially assigned mail address have the form ab1234 does-not-exist.partner kit edu.

Depending on the selected role, or other selected options, the additional kit.edu mail address can be assigned, this is set up as an additional alias address.

  Mail addressformat KIT account Authorization
ASK-Shop
Authorization
Libraryservices
Shibboleth
User class(es)
Usage
bwSync&Share
External Student @partner.kit.edu yes no no affiliate ---
Scholar @partner.kit.edu, @kit.edu yes no no affiliate yes
scholarship holder(partner) @partner.kit.edu yes no no affiliate yes
employee of an external company @partner.kit.edu yes no no affiliate ---
Friend and supporter of KIT
(role no longer current)
@partner.kit.edu yes no no affiliate ---
Habilitand @partner.kit.edu yes no no affiliate yes
PhD student @partner.kit.edu, @kit.edu yes yes yes employee;member yes
doctoral student(partner) @partner.kit.edu yes no no affiliate yes
stud. Auxiliary @partner.kit.edu, 9 does-not-exist.kit edu yes no no affiliate yes
research assistant @partner.kit.edu, 9 does-not-exist.kit edu yes no no affiliate yes
people from collaborations @partner.kit.edu yes no no affiliate ---
Former employee @partner.kit.edu yes no no affiliate ---
guest student / gifted student @partner.kit.edu yes no no affiliate ---
Visiting Scholar @partner.kit.edu yes no no affiliate yes
Other scient. Personal @partner.kit.edu yes no no affiliate yes
intern @partner.kit.edu yes no no affiliate ---
Former Professor @partner.kit.edu yes no no affiliate yes
Scientific day guest @partner.kit.edu yes no no affiliate ---
Privatdozent @partner.kit.edu, @kit.edu yes no no affiliate yes

Notes:

  • All accounts get their own mailbox (but is very often only used as a forwarding).
  • GuP accounts managed by IDM are created in the ActiveDirectory under kit.edu\KIT\MISC\OE abbreviation\IDM.
  • Once a role has been assigned in the GuP administration that entitles to a @kit.edu mail address, only roles that also entitle to @kit-edu addresses can be assigned to the guest when changes are made (doctoral student, scholarship holder, scientific / student assistant, private lecturer).
  • Use of bwSync&Share with membership in the AD group SCC-Entitlement-bwsyncnshare (GID 83922) or SCC-Entitlement-bwsyncnshare-IDM (GID 83923).
    Automatically the active guest and partners with the above mentioned roles (see table) are added to these groups, manually the ITB can have an account added to the SCC-Entitlement-bwsyncnshare-Exceptions group via ticket to SCC in the group management.

 

Special account types managed by SCC / IDM:

  • personal admin account -> KIT adminaccount
  • service account -> KIT serviceaccount
  • Course account for the use of the SCC pool rooms
  • Wlan guest accounts

These accounts may have limited functions for specific purposes only

 

Accounts for students ("U-Accounts")

These are supplied to us exclusively by the student administration, for this reason SCC cannot have any influence on these accounts.
In case of administrative problems (expiration of the account due to late re-registration, problems with enrollment ... ) please contact the student administration / the student office first!

Note: Use of bwSync&Share: Students with an active U-account are members of the corresponding groups and can therefore use bwSync&Share.