An LRZ account is used to use LRZ resources and services. It consists of an abbreviation and the associated password and has individually defined authorizations, for example, regarding the use of the VPN, e-mail, etc. services.
A description of the variants of LRZ accounts can be found in the FAQ What are the types of LRZ accounts?
Each LRZ account is assigned a person as its owner. This assignment is a very important action, as it decides who may use IT resources and to what extent. The LRZ does not make this assignment itself. As a rule, accounts are assigned via one of the two paths described below.
Exceptions to this rule are accounts for supercomputers (SuperMUC-NG) - see Access and Login to SuperMUC-NG. Accounts (and associated permissions) on supercomputers are assigned by the LRZ itself, not by the master user.
The two standard ways of assigning LRZ accounts:
- Direct assignment of accounts by the respective university or college:
- At the Technical University of Munich, all employees and students receive an LRZ Account (so-called TUM Account) upon employment or enrollment via TUMonline, which entitles them to use LRZ standard services (Internet access/VPN/eduroam, e-mail/exchange, ADS, cloud storage, LRZ Sync+Share, GitLab). This account can be equipped with further authorizations such as use of the network administrator or DNS portal.
At Ludwig-Maximilians-Universität München, all students receive an LRZ account (so-called LMU user account) upon enrollment, which entitles them to use LRZ standard services (Internet access/VPN/eduroam, e-mail, ADS, cloud storage, LRZ Sync+Share, GitLab). This account may be equipped with further authorizations such as access to local CIP pools.
LMU employees receive such an account upon hire or upon request to the LMU IT Service Desk, and the account usually comes with fewer permissions (mail forwarding instead of mailbox, no cloud storage). For employees who need additional permissions (e.g. mailbox at LRZ), the master user can "import" the LMU user account in the LRZ IDM portal his project and provide it with the additional rights needed.
- At the Munich University of Applied Sciences (HM), all employees and students receive a user account, from which the last name can usually be identified. Since 2014, these accounts have also been transferred to the LRZ and enable the use of e-mail (Exchange), LRZ Sync+Share, cloud storage and GitLab. To avoid naming conflicts, these accounts have the prefix "hm-" at LRZ. The account "meier" of a HM member would therefore be "hm-meier" for LRZ services.
- At the Weihenstephan-Triesdorf University of Applied Sciences (HSWT), all employees and students receive a user account that has been transferred to the LRZ with the prefix "hswt" since 2017. These accounts enable the use of VPN/eduroam, email (Exchange), LRZ Sync+Share and GitLab.
- At the Ansbach University of Applied Sciences (HSAN), all employees and students receive a user account that will be transferred to the LRZ with the prefix "hsan-" since 2019 and enable the use of e-mail (Exchange).
The administration of these accounts remains largely with these universities, but in close cooperation and coordination with the LRZ.
2. The LRZ delegates the assignment of accounts to you, the master user. This means that you assume a certain amount of responsibility for this account. You are the one
- who assigns an account to the user
- who gives the user an account and start password,
- who can set a new start password if the user forgets his one
- who can authorize the account for services,
- who can revoke authorizations,
- who can lock and delete the account altogether.
The initial assignment of person and account as well as the previously mentioned actions for the ongoing management of the account can be done in the IDM portal.
LRZ accounts must be assigned to persons, see also Why do I have to enter the user's personal data when creating or editing an account?
Each account must be assigned to a project, i.e. LRZ services generally cannot be used without a contractual framework. For each project, the total number of accounts that may be assigned is agreed via the so-called project quota. This number is based on the number of users in your institution who are to be able to use LRZ services within the scope of the project purpose. In addition to this total number of accounts, it is also specified exactly how many of these accounts can use the individual services; it may therefore be the case that all of the project's accounts are authorized for the VPN service, but only some of them are also authorized for the e-mail service. For security reasons, but also with regard to usage statistics and financial accounting, authorizations should be assigned as minimally as possible.