Likewise, we inhabit specific roles at work, like judge, clerk, or system administrator, to name a few. These roles are also baked into our Judiciary digital identities, such as your CM/ECF account. For example, a judge may set or change the members of a sealed access group, or their level of access, any time during a case. Assigning individuals to roles (and ensuring the permissions associated with a role are appropriate) is an ideal way to keep our information systems safe—and individuals productive!
There are some things you just don’t share.
Be protective of your digital identity! Why? Your computer and accesses are configured specifically for you, based on your role within the Judiciary. By design, you have access that others don’t, and vice versa. These differences in permissions aren’t arbitrarily set; rather, they’re there to support business processes and to ensure only authorized users perform authorized functions. Also, by keeping your identity secure, you reduce the likelihood that someone can impersonate you, either within the Judiciary or from the outside, and take actions that will be attributed to YOU.
So, instead of sharing your digital identity with others—even when it seems pragmatic (e.g., a colleague is pinch hitting for you while you’re on vacation)—treat your digital identity like a personal diary entry: For Your Eyes Only!
But, what if my IT folks need access to my computer? They can be “me,” right?
Wrong. When your computer isn’t working, it’s tempting to just step away from your desk and let the IT folks take over. That’s fine; however, before stepping aside, log out. IT professionals have the privileges they need to fix your computer using their own accounts. They can simply log in, fix the situation, and log out—it’s that easy. This way, it’s always clear who took what actions on your computer.
I love staying busy and helping my colleagues. Should I pro-actively request multiple roles, such as Clerk, Court Reporter, and IT Director, so that I can easily lean-in?
Very simply, no. Our systems are designed to provide unique permissions to different roles. If we were to change our roles, even with the best of intentions, we’d inadvertently bypass the protections provided by our systems. For example, a privilege may be assigned to a judge because, by statute, only a judge is able to perform the associated action. Or, one individual may not be able to hold two roles because doing so may violate a system’s separation of duties requirements. Because of these—and other—nuances, it’s best to only be assigned a role reflective of your official duties.
That said, if you absolutely must perform a task on behalf of someone else, check to see if the system provides delegated authority so that you can maintain your identity and role while also helping a colleague.
As you adopt the above steps, remember it’s also equally important to never ask others to circumvent them—no matter how tempting. If you have any additional questions about account management, contact your local IT staff, Circuit IT Security Officer, or ITSO for more information.
While many factors combine to create a person’s digital identity, we are focusing only on the unique combination of an end user’s account identifier (e.g., name) and associated authenticators (e.g., password, DUO token, etc.), which represent a named individual.
JNet: Sealing Cases and Documents
CSO Online: 5 steps to simple role-based access control (RBAC)
CSO Online: What is IAM? Identity and access management explained
Assigning responsibility (normally from a manager to a subordinate) to one person (subordinate) to carry out specific actions on behalf of another person (manager).