Printed on: 03/22/2018. Please go to for the most current version of the Policy or related document.


User Administrative Privilege Standard


To manage access to and to protect University data from inadvertent or malicious loss or damage, users of IT resources should follow the practice of least-privilege. The administrative privilege account should only be used to install software or for other operations that require this level of privilege.

Security Controls

Single-user systems (e.g., desktop, laptop, mobile phones)

The following table identifies where user administrative privilege is allowed and the baseline security controls for administrative privilege.

Control Security Level
ID Description High Medium Low
UAP.A.01 User Administrative Privileges Not Allowed Allowed 1 Allowed 1
UAP.A.02 Document use of administrative privileges Required Recommended Optional
UAP.A.03 Prompt user when administrative level privileges are needed (e.g., UAC 2 ) Required Required Recommended
UAP.A.04 Educate user of administrative responsibilities Required Required Recommended

1 Users should perform routine operations using user-level privileges, but may have administrative privileges.

2 Microsoft Windows operating system use the UAC default setting. In other operating systems use the equivalent or similar setting.

Resources Covered

This applies to IT resources owned or contracted by the University. This also applies to personally owned devices accessing, or authorized to store, University data designated as private-highly restricted or private-restricted .

Individuals Covered

This applies to University community members who use or manage University IT resources.

Related Information

More information on User Administrative Privilege

Published Date

  • November 2014

Document Feedback