Computer Protection Program Berkeley Lab
Computer Protection Program at Berkeley Lab Security
Ernest Orlando Lawrence Berkeley National Laboratory
Emergencies | Site Index | Contact Us
CPP Home
Contacts
Policy Guidelines 
Minimum Security Requirements
Employee Guidelines
Computer Protection Agreement
RPM
DOE Notice to Users
Scan Information
System Procedures
Tools & Services
ALERTS
Recent CPP Actions
News & Articles
CPP Intranet
 
  POLICY GUIDELINES  
Access Control  

Summary
LBNL supports both distributed and centralized access control, identity, and authentication procedures. Typically, interactive access should be appropriately limited to the set of individuals, groups, or audiences intended by the project.

Centralized Authentication
The authoritative database of participating individuals at LBNL is the HR database (HRIS). Participating Guests and Employees, as defined by the RPM, are entered into HRIS following procedures set by HR. Once there, they populate other databases such as LDAP. An LDAP account provides access to very limited services by default. Most services must be independently authorized.

No one except for HR cannot create your original people record. Likewise, service providers cannot enter you into LDAP. Contact your HR Center if you need assistance.

Helpful Links:

Service Account Creation.

Guest Processing

 

Distributed Authentication
Distributed authentication, whether for an enclave or for a particular service, is governed by RPM Section 9.01 G.