Founded in 1846, Beloit is Wisconsin’s oldest college


50 majors, 35 minors, and self-design options offered


Nationally recognized for its academic quality, affordability, service programs, and international focus


One of the “Colleges that Change Lives”


Learn More


User Account Policy

Policy Statement:
Access to computing facilities and associated resources is provided as a privilege to members of the Beloit College community. The college provides these resources to support its educational mission. It is expected that users will conform with all rules and regulations pertaining to the appropriate use of these facilities. This involves using the facilities in a manner that is consistent with all college policies, with policies of other networks (e.g., WISCNET, Internet), and with state and federal laws. Every user is responsible for helping to ensure that these resources are used appropriately; this includes prompt reporting of instances where it is believed the policy has been abused. If someone is in doubt as to whether a particular proposed use is appropriate, they should check with Information Technology (IT) before the proposed use is undertaken. Misuse of computing facilities (whether or not they are directly college-owned) will constitute just cause for disciplinary action by Beloit College in addition to any legal enforcement by local, state, or federal authorities.   Please refer to the Ethical Use policy for definitions of appropriate and inappropriate use.

Scope:This document addresses creation and termination policies and practices for primary accounts created by the Information Technology (IT) department. Each type of account has specific requirements not outlined in this document. Primary accounts include LDAP, Datatel, Moodle, Google Apps for Education (GAE), Windows and Reason. All accounts, including email, are college property; employees may not take accounts with them when they leave the institution. Accounts may be turned over to supervisors in the event of a departure if needed to ensure a smooth transition. All requests outlined below for creation or termination of accounts must be made in writing via email.

The following have been defined as categories of individuals who request accounts from IT:
    Students
    Faculty
    Staff
    Alumni
    Guests (long term and short term)
    Departmental/Club/Group representatives

Account Creation
Faculty and Staff: Permanent and temporary staff accounts will be confirmed by the Human Resources office and Faculty accounts will be confirmed by the Human Resources office or the Academic Dean's office.  A record will be initiated in Datatel by the Human Resources office.  Once the Datatel record has been created, the user will be created in LDAP, GAE, and Moodle.  Faculty and staff are given access to WebAdvisor immediately. If an employee or temporary staff member needs Datatel access, the employee's supervisor may request an account by completing the Datatel Account Request Form. Employees and temporary staff are required to complete FERPA training before Datatel access will be granted. The Human Resources department will assure that all new employees review the FERPA training materials on the web and successfully take the FERPA quiz.

Students: Student accounts will be confirmed by the Registrar.  The confirming department will initiate a user record in Datatel.  Once the Datatel record has been created, the user will be created in LDAP, GAE, and Moodle.  Students are given access to WebAdvisor immediately. The student status recorded in Datatel Colleague by the Registrar will be used to determine student account actions.

Alumni: When a student graduates from Beloit College, they automatically become an alumnus/a.  After this point, if the Alumnus/a chooses to obtain an alumni account, the alumnus/a will be set up in the Beloit College Google Apps for Education (GAE) alumni.beloit.edu domain.  All alumnus/a student accounts will be suspended starting on September 1st.  If a recent graduate requests an alumni account after September 1st, IT will restore their student account for a short period of time (less than 1 week) in order to allow for content to be converted over to their new alumni account. All suspended student accounts will be deleted one year after suspension. After being set up in the GAE alumni.beloit.edu domain, the alumnus will no longer have any student-level access but will be granted access to resources designated for alumni, which will include resources such as the wireless network, computer labs and Library resources while on campus. Alumni will not have access to Library resources from off campus due to vendor licensing restrictions. If the alumnus/a does not wish to obtain a Beloit College alumni email address, the student account termination process will be followed.

If the alumnus/a did not graduate recently, but would like a GAE account, one can be created for them via a request through the Alumni Office. The Alumni Office must verify that the request was received from a valid alumnus/a and forward the request and appropriate information to IT. If an alumnus/a needs access to Datatel or other services beyond email, wireless, and labs the Director of IT must approve the request.

Guests:  There are three types of guests defined for the purpose of account creation  -- long-term, short-term and special.
(Note: Beloit College students, faculty, staff and departments should never use a guest account to access college technology resources. They should always use the college account assigned to them.)

A long term guest is defined as someone who requests the general guest password more than twice, will be on campus for three weeks or longer (eg Trustee, contractor, etc.)  or someone who needs access to services other than the internet. Guest Access Representatives should not create temporary accounts for these guests; instead IT will create an LDAP/GAE/Moodle account for a long term guest only with approval from the Director of IT, Faculty Member, or authorized departmental proxy. A termination date should be set unless otherwise authorized (i.e. trustees). Wireless will need to be configured to connect to the Beloit College wireless network and computer registration for wired and wireless connections are required. If a long-term guest needs access to Datatel, the manager who is sponsoring the guest must complete the Datatel Account Request Form in order to request access consideration. 

A short term guest is defined as someone who requests the general guest password less than twice and will be on campus less than three weeks.  Short term guests must be a legitimate visitor of a Beloit College faculty member, staff person, or student and will need to contact the appropriate Guest Access representative to receive the appropriate guest ID and password.  The guest password will connect the short term guest to the Beloit College network for internet access only.  If the short term guest needs access to services other than the internet (Datatel, Moodle, GAE), they fall into the long term guest category.  Guest password representatives must follow these procedures when granting guests access to the Beloit College network.

Special guests are defined as individuals who need access to critical systems (vendors, consultants, technical support). IT will give mission critical systems access on a case by case basis.  These cases will be evaluated by the system administrator(s) for the system(s) in question.  

Additional information about guest access to network resources can be found on the IT Guest Access web page.

Departmental/Group/Club (Email/List specific):  These accounts are for access only to Email, Lists, and file services. Individuals should access wireless and other services on campus using their user name and password.

If a club or student organization is officially recognized by Student Affairs, then IT can create an email account, list, or file services account for the club by request.  If the club is not officially recognized by Student Affairs, a request for an email account, Listserv, or Bagel account must be approved by Student Affairs.  Any staff or faculty member can request a specific department or project related email or list as long as it is college business related.  Non college related email accounts or lists are generally not allowed; exceptions must be requested by Senior Staff.

Procedure for Multiple Group Users
Following is the Order of Precedence for account existence in GAE domains and LDAP:

Faculty
Staff
Student
Alumni

If a user can be classified in more than one of the above groups, their primary account is put into the one that is of highest order and follow the creation and removal procedures for that group. No Guest group classification can exist for anyone that exists in one of the aforementioned groups. Exceptions must be approved through the Chief Information Officer.

Account Format
All email addresses are to be set up as @beloit.edu except in the case of accounts for Alumni the format is @alumni.beloit.edu. 

The standard email/user name format will be:  LastNameFirstInitial@beloit.edu. If this account already exists, LastNameFirstInitialMiddleInitial@beloit.edu would be created. If that exists, numbers will start to be added after the MiddleInitial. The minimum user name length will be 3 characters and the maximum will be 20.  Though all may follow this format, there is a general rule for those with more than one last name. If it is actually hyphenated, the first last name should be used. However, if there are simply two names, not hyphenated, the last name should be used. Here is an example:

       Gabriel Garcia-Marquez  ---> Garcia-Marquez, Gabriel
       David Foster Wallace --->  Wallace, David Foster

All new student, faculty, staff and alumni accounts will follow this format.  Existing faculty and staff have the option of requesting that their account be changed to meet the format if they desire this change.

Accounts created by Guest Password Representatives must include the individual guest's last name or a group's name in the username.  

Aliases and Deviations from Standard Account Format
All special requests for an email address/user name that deviates from the standard format  should be directed to the Director of IT. IT will set up aliases for internal purposes only, i.e. if an employee leaves, an alias can be set up to forward that employee's email to their supervisor.  Expiration dates are always set on these types of aliases.  Aliases that have been previously created will not be removed, but no new aliases will be created, other than for internal purposes. Aliases for internal purposes  must be approved by a Director or Departmental Proxy for staff, must be approved by a Dean for faculty, and must be approved by a departmental proxy for Departmental aliases.

Rationale: Aliases add to the complexity of filter systems, log tracing, account creation, management, removal, and verification processes.  When aliases exist, they have to be checked along with actual user names to avoid naming duplicates. Aliases break Beloit College's email account naming standards.  This affects the ability of the college community to identify names and appropriate email addresses.  Aliases can also adversely affect the image of Beloit College if they are inappropriate.  Extraneous email addresses on our systems also increase the potential for spam.

Termination of Accounts
Faculty and Staff:  Termination of faculty and staff accounts must be approved by Human Resources, the President or the appropriate Vice President or supervisor. IT will suspend the GAE account for one calendar year after notification is received and all other accounts will be closed. GAE accounts will be permanently removed after one year. 

Supervisors may be granted access to an account if an individual is involuntarily removed from a position to ensure continuity of communication for business or academic purposes. Also upon special request, a supervisor will be granted access to the GAE account after an employee voluntarily leaves the college. Instructions for access will be shared with IT via the Employee Separation Notice sent by Human Resources. IT will change the password on the GAE account and share with the manager who will be allowed access to the account for 90 days.  If an alternate length of time is necessary, this will also be noted by Human Resources on the Employee Separation Notice. The GAE account will be suspended at the end of this period of time and will be removed permanently after a year. 

Faculty and staff with emeriti status will be allowed to keep their GAE and WebAdvisor accounts for as long as they wish to keep them.

Requests to reopen an account can be made by a departmental Director or a senior staff member.  An acknowledgment will be sent to HR by IT staff for any reopened account.

Students: Termination of student accounts must be approved by the Registrar, the President or the Vice President for Student Affairs. If a student graduates, their student GAE account will be kept open for a grace period of approximately 3 months (September 1st for Spring graduates).  During that time the student will be given the option to obtain an alumni GAE account into the Alumni domain or be suspended after the grace period for one year. The suspended GAE account will be permanently removed after one year. All other accounts will be closed at the time IT is notified. The student status recorded in Datatel Colleague by the Registrar will be used to determine student account actions.

Alumni: Termination of an Alumni account may be requested personally by the Alumnus/a, Alumni office, the President or a Vice President.  The Alumni office will send a mailing to alumni annually to confirm which accounts are still valid. Accounts for alumni who do not respond to this annual mass mailing will be suspended for one calendar year.   These accounts will be permanently removed after one year.

Guests: Termination of guest accounts may be requested personally by the guest, the affiliated sponsor/liaison, the President, a Vice President, the Chief Information Officer, or the Director of IT. Guest accounts are set with expiration dates as appropriate. These accounts will be suspended for one calendar year after the set expiration date, notice is received, or upon unsuccessful attempts with the guest or sponsor to verify that it is active.  These accounts will be permanently removed after one year.  

Departmental/Club/Group:  These accounts will be suspended per request and removed one year later.  These accounts will also be subject to suspension if owners can not be contacted during review periods to verify their activity.

All suspended accounts will be subject to permanent removal after one year.

Verification Process
This ongoing process is for reviewing accounts to verify that they should remain active in their current state and to assure that all accounts maintain the proper securities.

Faculty and Staff: Once every year, a complete LDAP list will be given to HR for verification. Additional checks will be in place in Datatel to look for accounts that might raise red flags.

Students: After the removal of senior class accounts, all remaining student accounts will be sent to Registrar for verification of their continued existence.

Alumni: Alumni verification is stated above in Termination of Accounts through mass mailing verification.

Guests: Periodically, accounts without set expiration dates will need to be checked individually with the liaison department or staff member for their continued validity.

Departmental/Club/Group accounts and lists: Every three years, owners or department heads will be contacted on an individual basis to see if the account or list should remain active. If IT can not identify or contact an owner for continued activity, the account or list will be suspended. Suspended accounts will be removed completely from archives one year later.

Permissions
Guest network access: Authorized guests of the college will be given the bcguest username and password for access to the Beloit College network for browsing the internet only. If the guest needs to do more than just browse the internet, they will fall into the long term guest category.

Long term guest access: IT will give access in LDAP, GAE, and/or Moodle to a guest with a legitimate need if requested by a faculty member, departmental proxy, or director.

Datatel Access:
Once the employee's supervisor or manager sponsoring a long-term guest completes the Datatel account request form, the Database Administrator or Application Support Specialist works with the following to determine the proper security settings: 

Student Data Access: Registrar
Employee Data Access: Director of Human Resources
Accounting/Budget Access: Controller or Director of Accounting
Alumni/Development Access: Manager of Development Information Systems

LDAP service attributes: Faculty, staff, and students are given default privileges of network, radius(wireless), lab, and proxy permissions. Alumni and guests are given default attributes of network, radius, and lab. Any additional attributes for any member must be approved by the Director of IT or higher.

Listservs: If a club or student organization is officially recognized by Student Affairs, then IT can create a list for the club by request. If the club is not officially recognized by Student Affairs, a request for a list must be approved by Student Affairs. Any staff or faculty member can request a specific department or project related list as long as it is college business related.  Non college related lists must be approved by a member of Senior Staff.

Special Guests (Vendors, Consultants, Technical Support): IT will give mission critical systems access on a case by case basis. These cases will be evaluated by the system administrator(s) for the system(s) in question.

Shell accounts and direct access to servers can be authorized directly by the system administrator for faculty, staff, and students.  Shell accounts or direct access to servers given to alumni or guests must be approved by the Director of IT or higher unless the server is specifically designated as providing a service for alumni or guests.  An annual review of all shell or direct access accounts should be done for these servers to find and remove accounts that are inactive or no longer here.  Examples include Datatel and associated servers, Windows servers, File services, etc.  System administrators of these systems are responsible for the review. 

System Administrators must assign expiration dates for Guest accounts created to access any server including Datatel, Windows, LDAP, etc. In some cases, the expiration date can be entered in LDAP.  If they do not have an LDAP account or LDAP is not set to expire, then the expiration date must be put in the calendar of the system administrator to remind them for disabling or removing the account permissions.  Other conventions may be acceptable. Guests that need periodic access must have their accounts suspended or passwords changed when they are in a period of not needing access.  If an expiration date cannot be set, the server manager must periodically review accounts to determine whether existing guest accounts still need shell or direct access.

Reason For Policy:
This policy is being created/modified to define the processes for creating and terminating accounts, who can have an account, who needs to approve different access types, and the process for regularly reviewing existing accounts and access.

Who Should Know This Policy:
This policy will affect all members of and visitors to Beloit College.

Previous Policy:
Some parts of this policy were previously defined here: http://www.beloit.edu/isr/it/emailservice/ethics/

Contacts:
Questions about this policy should be directed to the Director of Information Technology (IT).