Directory Access Pages

• Access Overview
• Access policy guidelines
• WebAuth General Access Permissions
• WebAuth Privileged Access Permissions
• Request Access

Related pages

• Directory Service page

Directory Access Pages

• Access Overview
• Access policy guidelines
• WebAuth General Access Permissions
• WebAuth Privileged Access Permissions
• Request Access

Related pages

• Directory Service page

• QUICK LINKS
  • answers.stanford.edu
  • apple.stanford.edu
  • computing.stanford.edu
  • courses.stanford.edu
  • datarates.stanford.edu
  • dell.stanford.edu
  • departmentphone.stanford.edu
  • email.stanford.edu
  • ess.stanford.edu
  • helpsu.stanford.edu
  • myitserviceshelp.stanford.edu
  • orderithelp.stanford.edu
  • software.stanford.edu
  • studentphone.stanford.edu
  • techtraining.stanford.edu
  • tools.stanford.edu
  • unixcomputing.stanford.edu
  • vpn.stanford.edu
  • web.stanford.edu
  • windows.stanford.edu
• SERVICES
  • IT Services Only
  • All Campus Providers
    → computing.stanford.edu
• GETTING HELP
  • Stanford Answers
  • HelpSU: IT Help Desk
  • Training
• PROJECTS
• ABOUT US
  • What We Do
  • Organization Chart
  • Strategic Plan
  • Jobs
  • Contact info
  • Service & System Metrics
• INTERNAL
• SEARCH

  • Search IT Services:
     

Directory

Usage policy

If you need access to attributes not visible through anonymous binds, permission from the appropriate data owners, listed at the site below, must be attained in written or electronic form:

Business Owners of Directory Data

Permission must be attained from the data owners via email and a copy sent to the Security office security@stanford.edu. Additionally, the permission letter or email must be attached with the HelpSU request sent to the Directory Team. Visit the request page for more information.

Data owners for additional attributes (discussed below) are determined on a project by project basis. Please complete a HelpSU ticket and complete the following information in order to help identify all appropriate data owners prior to granting access to the directory.

* Privilege group information is divided into two categories: public and private. With both, clients are only being allowed compare access in the new directory unless there is a business case with a greater need. The use of this attribute will eventually be phased out. We are currently experimenting with allowing clients to have read access to the public portions.

If you are Faculty/Staff or in the Adminstrative Group (have an UnivID) with Stanford you may request additional access to private privilege group list which contains additional search/group data which is classified sensitive/private

Access is given via Kerberos principals on a per-application/per-usage basis. An application is considered any tool or service with a very specific scope. Tools or services running under one Apache instance or a single server are NOT considered a single application: each tool might require separate authorization if the function of each tool is different. Furthermore, if the scope of an application changes, request from the data owner to use to the data in a new manner might also be required. Using a principal to give access to other applications without data owner concent is a violation of the Usage policy, and can result in an immediate termination of the principal and its access capabilities.