A so-called functional account is required to host a website within the LRZ serviced web hosting service. Continue reading to learn more about functional accounts and how to obtain one for your new website.
In a nutshell
- A functional account plays a vital role both on the technical level as well as the organisational level if you intend to host a website with our web hosting service.
- The functional account's password may be given to other people involved with creating and maintaining the website, e.g. student assistants, web design companies etc.
- In order to obtain a functional account, please contact the master user responsible. You should be able to find your master user on the IDM portal site when looking up your personal account's details. In case you require further assistance (e.g. to create a new LRZ SIM project), please contact LRZ Servicedesk.
Functional accounts, their properties and purpose
When it comes to a service like LRZ web hosting service, there are several technical and administrative aspects that need to be taken of:
- Website maintainers need access to their website's contents (filesystem and database).
- Website maintainers need full administrative control over their website.
- At least one person has to be responsible and available for contact at all times during a website's lifecycle.
All of these requirements can be met by using a dedicated account for use with the website, the functional account. Like personal accounts and SIM projects, functional accounts are offered by the MWN's identity management service (MWN: "Münchner Wissenschaftsnetz", Munich Scientific Network).
Benefits of functional accounts
In the context of a service like LRZ web hosting, using a functional account offers several advantages over using a personal account:
- A functional account is associated with the service it is used for, making it possible to share responsibility while preventing orphaned services (i.e. services that nobody is formally responsible for anymore).
- Sharing the functional account's password with other people is allowed.
In more detail:
Unlike a personal account, a functional account does not belong to a single individual. Rather, it is associated with the service it is used for (in the case of the LRZ web hosting service, the website to be hosted). The functional account can be managed by several people, namely the functional account's responsible owner and, optionally, more owners (and, if all else fails, the master users). This arrangement ensures that there is always at least one person responsible for an active service even if owners change (e.g. when leaving the institution). See the next section for more information on functional account owners.
In addition, the password of a functional account may be shared with other people, which is not permissible for personal accounts. The password may even be given to someone who does not have a personal account and who may not be eligible to obtain one. For example, this makes it possible for a web design company to manage the website's content while at the same time excluding them from administration privileges that are reserved for individuals with the functional account owner role.
Functional account owners
There is always one so-called responsible owner per functional account (in German, "der Kennungsverantwortliche"). Optionally, there may be several addtional owners (in German, "Kennungsbesitzer"). The number of additional owners is not limited.
The following table describes the roles in more detail.
This is the person who is primarily responsible for the website associated with the functional account and serves as the website's main contact.
The responsible owner has full administrative control over their website, meaning they can request changes like changing the website's name(s), adding a database etc. Only the responsible owner is authorised to have the website (and its database, if applicable) removed.
Like the responsible owner, additional owners serve as contact persons and have administrative rights over the website , albeit limited in that they are not authorised to have the website and/or its database removed.