Accred is an access control system that answers the two questions “Who is connected Where and When” and “Who is entitled to What and When?” in a logic of the principle of the slightest privilege where everyone has enough rights to do their work but no more than necessary.
Whether you study, research or work at EPFL, everyone needs access rights. For example, connect to the school’s computer network, open the doors of buildings, consult a salary slip, install school software on your computer, etc. All this is only possible if someone has one day decided to give the necessary authorizations in Accred.
In summary, Accred regulates the life cycle of all authorizations, from the arrival of a person to their departure from EPFL by maintaining two records:
- The accreditation register that allows acohers to attach people to units or laboratories
- The authorization register that allows responsible persons to give access authorizations where necessary
These two registers make it possible to determine at all times who is entitled to what and where.
Where Can I Train?
Accred training courses are regularly organized at EPFL and available on the staff training portal.
The accreditation of a person in a unit makes it possible to administratively determine whether the person is part of that unit. People’s accreditations are only done in level 4 units that are laboratories and administrative units.
Staff members as well as the student body automatically receive accreditation from Human Resources or the Academic Service. The doctoral corps therefore receives two, one in the laboratory and another in the Doctoral School. Other members of the community manually receive their accreditation in the unit where they collaborate.
In order for a person to obtain access rights, it is imperative that they have at least a valid accreditation. On the other hand, a person does not need to be accredited in a unit to obtain access rights.
The concept of authorization is one of the most fundamental in Accred. To hold a right, a person had to receive authorization from another person who assumes responsibility for it
A right allows a person to obtain access to a service provided by EPFL, to carry out operations authorized by this right. The person holding a right cannot give it to another person. A default allocation policy is defined for each right.
The role is a very practical tool in Accred for rights management because it allows you to group several rights together. When a person has a role, he can:
- exercise all the rights held by the role,
- as a rights manager, authorize another person to exercise one of the rights held by their role,
- when they are absent, designate a substitute for their role.
Some rights are automatically associated with accreditation, for example when a person is accredited in a unit, he has storage space there. The property allows you to modify the authorization granted. Thus, the accreditor can change its value to:
- Yes: authorization is granted, while the default behavior was not to grant it
- No: authorization is not granted, while the default behavior was to grant it
- Default: authorization is given according to the status or class of the person
The status of a person at EPFL is classified into 4 categories:
- Student: person registered with the Academic Service to study at EPFL
- Staff: person benefiting from an EPFL HR contract
- Host: person at EPFL who participates in administrative, research and/or teaching activities within an EPFL unit, but without being a staff member
- Outside EPFL: person accredited to EPFL who does not correspond to one of the three previous categories
Each status defines a list of default properties, used to calculate the permissions given during accreditation.
Classes allow a subclassification of student and personal status. They also allow the creation of distribution lists (mailing lists) generated automatically every night.
Classes also allow you to define a list of default properties that overloads that given by the statuses, it is used to calculate the permissions given during accreditation.
Some processes take place in Accred to ensure data quality.