PROCEDURES TO MANAGE USER PERMISSIONS TO UNIVERSITY EMAIL
This procedure explains
- how a user’s permissions are assigned to their own or others’ email
- how permissions are subsequently removed, and
- limitations and obligations associated with those permissions.
These procedures are designed to uphold user privacy as articulated in The University of Chicago Policy on Information Technology Use and Access and the expectation of integrity of University email communications, especially, that a message purporting to come from a user in fact does and that a message is opened only by the recipients addressed in the message.
Additional controls also contribute to this objective but are out of scope for this document.
User permissions to their own assigned University email
Eligible users are given complete access to a unique University email mailbox associated exclusively with their assigned CNetID. This is enabled by automated processes when eligibility criteria are met, as signaled by University business systems. Eligible groups of users are
- Other Academic Appointees
- University staff and student staff
- Post-doctoral students
- Graduate Students
- Contractors and others given temporary CNetIDs
Users in these groups are free to choose whether their University email is managed by the University operated xMail Exchange-based system, the UChicago Gmail service, or is forwarded to an external email service.
Undergraduate students and pre-matriculated students, i.e., admitted students up to three quarters in advance of matriculation, may choose to manage their University email in the UChicago Gmail service or have it forwarded to an external email service.
Alumni are entitled to forward their University email to an external email service.
Exceptions to these eligibility criteria are rare but possible with approval of the Provost’s Office and Office of Legal Counsel.
Access to each user’s assigned University email is removed in accord with IT Services Account Closure Procedures and CNet Closure Process for Faculty and Other Academic Appointees.
User permissions to another user’s assigned University email
Users are free to use Outlook or Outlook Web Access to delegate privileges to their xMail folders, and ability to send on behalf of themselves, to other users. Articles showing how to use these tools to do so can be found in the IT Services Documentation website.
Users making such delegations are also solely responsible for ensuring that delegated privileges they’ve granted are revoked in a timely fashion. In particular, as delegates change assignments at the University or even leave the University, their delegated privileges need to be specifically revoked by the user.
IT Services will provide a user with access to another user’s email only under direction of the Office of Legal Counsel, per the Policy on Information Technology Use and Access. Requests for such access received by IT Services are processed by IT Security, who may authorize the fulfilment of the request if it falls within a delegation given them by the Office of Legal Counsel, for example, to enable a department to continue handling departmental email that is sent to an employee that has left the University. IT Security will route the request to Office of Legal Counsel if it does not fall within an established delegation. In all cases the extended privilege, if any, is for a limited time.
IT Services will not honor requests to enable a user to “send as” another user because that undermines the integrity of University email. The user can instead be granted “send on behalf of” privilege by the other user, using Outlook or Outlook Web Access.
IT Services provides no means for delegating access to UChicago Gmail mailboxes; however, the Gmail User Interface allows users to delegate access to their own mailboxes. As with xMail, as delegates change assignments at the University or even leave the University, their delegated privileges need to be specifically revoked by the user. NB: Gmail allows users to grant “send on behalf of” but not “send as” privilege to delegates.
User permissions to shared xMail mailboxes
A shared xMail mailbox is a collaborative space that allows multiple users to read and send email messages. Shared mailboxes are distinct from those assigned to individual users’ CNetIDs. They are a good match for “Department of” and “Office of” email needs, giving the department a permanent email address and enabling the department to manage who is permitted to handle and send messages on behalf of the department.
Shared xMail mailboxes can be requested as described here:
Users entitled to use a shared mailbox can follow these instructions to add that function to their Outlook:
Expiration Date: November 8, 2017
Policy Owner: tbarton