Creating Accounts

To use a user account, i.e.,the centrally managed computer systems at DESY, each user must first be registered in the Identitiy Access Management (IAM) by the group secretariat or V1. The registration of the user account in the Registry is done by the Namespace Supervisor of the group. After a user account has been created, the registration form is printed as PDF document in the Registry, signed by the user and the Namespace Supervisor of the respective user group and sent to UCO.  In exceptional cases, UCO can create a user account, form see below. A list of all administrators is available on the Web via List of Computer Administrators (only in the DESY Intranet). For further detailed information on accounts, please see also  the D4 - IT security webpage  -> RSR - Regeln und Empfehlungen - Account Regeln (only in German)

Account Lifetimes

Users accounts are limited to the duration of the contract or task at DESY. The maximum initial lifetime is 3 years for all users with unlimited contracts.The account lifetime can be extended in due time before the expiration date.

The limit date can be changed according to requirements, especially due to leaving, please see section "leaving DESY". Namespace supervisors can modify the expiration dates for the users of their group. The Computer Center - through the UCO - can modify expiration dates, if necessary. It will do small changes freely, in case of significant changes the supervisors decide on it.

Account Expiration

Users and the namespace supervisors receive automatically an email warning before accounts expire. Expired accounts cannot be used any more, and mails will not be delivered to expired accounts as well. Home directories are kept for a certain period after expiration, please see section "User Files of Expired Accounts".
If an account expired accidentally, or also if a user comes back to DESY after some years, it can be reactivated.
 

Leaving DESY

When a user leaves DESY or terminates his association with DESY activities, then his accounts in principle expire at this date.
If former DESY employees want to or shall keep accounts, respectively continue in their work for DESY or the experiments, then the corresponding accounts can be used furthermore. The desired expiration date has to be specified on the Signoff Form; a namespace supervisor can set it accordingly / confirms via signature.

Due to terminated contract duration or retirement DESY employees will get a Signoff Form together with the usual "Laufzettel". The UCO will sign the "Laufzettel", if they have received the Signoff Form. We ask all other people leaving DESY to use the Signoff Form as well, before they leave. The groups and especially the experiments should ask their members to cooperate on this task.
 

User Files of Expired Accounts

The data of expired accounts (home directories, mail boxes) are stored and can be recovered for 90 to 180 days after account expiry, depending on the platform.
Files outside user home directories, e.g. files on data disks and temporary files are not covered in this way.
For information concerning backup please see it.desy.de -> services -> backup/restore

Form

Only in very urgent cases, for example if none of the administrators is on site, UCO can create an account - if the IAM entry already exists. For this purpose, the completed Registration Form with the user's signature is required.