Introduction This knowledge base article is about Privileged Access Management (PAM), which is a security approach that controls and monitors elevated access to critical systems and information, ensuring privileges are granted only when required. At the University of Alberta, PAM helps us uphold the principle of least privilege – granting users only the access necessary to perform their work, research, and academic activities. This protects sensitive information and reduces cybersecurity risks — while still supporting the diverse needs of our community. Different roles, projects, and responsibilities require different levels of access. Whether you are installing specialized research software, or managing departmental applications, our goal is to ensure you have the appropriate access to support your work securely and effectively. To assist in implementing privileged access management (also known as PAM), the university has selected the BeyondTrust Endpoint Privilege Management (EPM). For up to date information on timelines and scope, please see the PAM Initiative page. Applicability This article is applicable to University of Alberta Staff wishing to request elevated privileges. Contents Privileged Accounts Standard Access on New Computers Requesting Additional Access Frequently asked Questions Need help Privileged Accounts A privileged account is a user account with more permissions than a standard user account. Privileged accounts can access sensitive data and make significant changes to systems. Because privileged accounts have these additional permissions, they are especially attractive to attackers, as these accounts allow quick, broad access to data assets in the enterprise, often resulting in rapid and significant impacts. Standard Access on New Computers Newly provisioned computers are typically provisioned with a user account designed to support everyday work needs. This will allow most users to complete their daily work while maintaining system security and reducing risk. These accounts can: Install and update low-risk and commonly used software with university relevance. Some examples include Adobe Reader and Google Drive Modify selected system settings Install some hardware, like a home printer Continue to access required university services and systems Not all software will be permitted – you may need to request software installation by submitting a request through the U of A Service Portal. Requesting Additional Access For users performing dynamic tasks — such as academic and research-driven activities, software development, IT administration, or other specialized work — a higher degree of flexibility over your workstation can be provided. This approach allows you to work independently and efficiently while protecting underlying system integrity and the university’s broader IT environment. With elevated access, you may be able to: Install and update most software without needing to request assistance. Make changes to many system settings that are important for your work, such as networking configurations and device management. However, to maintain system stability and security, some advanced system settings will remain restricted. You may not have permission to modify certain core operating system files or registry settings. You may be prevented from disabling security features like antivirus protection. To request additional access, please submit a request through the U of A Service Portal and describe your needs: What applications or tools will you be using that require administrator rights? How frequently are you performing these tasks? How long will you require additional access? Can the access be granted for a limited period of time, or is this an ongoing need? Frequently Asked Questions How do I get software added to the low-risk list? We continuously review university software needs and will add commonly used applications as they are identified. Can I request administrator access permanently? Permanent administrator access is rare and assigned only where absolutely necessary. Most elevated access is provided temporarily to limit risk. If the EPM tool doesn’t work for your needs, the Information Security team will review exception requests and grant them as required with appropriate compensating controls. Exception requests can be made by submitting a General IT Inquiry ticket through the U of A Service Portal. Why am I seeing prompts from BeyondTrust? BeyondTrust Endpoint Privilege Management helps us control and monitor elevated actions. Depending on your privilege level, you may be able to approve the action yourself or you might be prompted to submit a request for support. Need Help? If you have questions about your access, or want to request additional privileges submit a General IT Inquiry ticket through the U of A Service Portal.