Deutsches Elektronen-Synchrotron DESY
A Research Centre of the Helmholtz Association

IT

Account Types

Accounts (often also called user accounts) are used in the IT world to control access to IT systems. To access the internal DESY network and other IT services, you need an IT account. With the user name and password to this account, you can log on to these IT services.

At DESY, there are four account types that are used for different purposes:

Primary Accounts

The main account for one person.

Exactly one primary account is created for all persons. Additional accounts can only be used by persons who have already received a primary account. Only the account holder is authorized to use this account. The associated password may therefore not be shared with other people! This account is used most of the time.

Properties

  • Account expires and needs to be prolonged regularly
  • Passwords will expire
  • Account may be disabled

Usage Examples

  • Persönlicher Mailaccount (Zimbra)
  • Login to Windows
  • Login to Linux

 

Personal Accounts

Additional account for a single person

This type of account is created for a person when an additional account is needed for specific purposes and the primary account is not to be used for this purpose. As with the primary account, only the account holder is authorized to use this account and the associated password may not be shared with other people!

Properties

  • Account expires and needs to be prolonged regularly
  • Passwords will expire
  • Account may be disabled

Usage Examples

  • Windows Administration
  • Personal Test Accounts

 

Functional Accounts

Additional account for one or more persons

Functional accounts are intended to perform a function that does not have to be tied to a single person. These accounts may also be shared with other employees and can be used by several people. The password for this type of account may also be shared with authorized persons.

Properties

  • Account may be set to never expire
  • Passwords will expire
  • Account may be disabled

Usage Examples

  • Shared Mailboxes for team tasks

Service Accounts

Additional account for a single service

These are usually used in important infrastructure when accounts are necessary and have special options such as permanently valid passwords.

Properties

  • Account may be set to never expire
  • Passwords will not expire
  • Account may be configured that it cannot be disabled

Usage Examples

  • Automatically running computer programs (scripts) that must be executed regularly.

The current regulations differ from the Registry 1, therefore all accounts are grandfathered in. This means that settings made to the password or account expiry in the Registry 1 are currently being kept.

In the long term the above rules will be applied to all accounts so you should e.g. convert functional accounts to service accounts if the password is not allowed to expire.

We will inform you in time if any accounts will be affected by these changes.

Logo der Helmholtz Gemeinschaft

© 2020, Deutsches Elektronen-Synchrotron DESY