Standards Group:
YALE-MSS-9: Authentication and Authorization
YALE-MSS-9.10: Use administrative and service accounts for their assigned function only
Details
Administrative accounts hold elevated privileges and service accounts often perform functions not accessible to standard users.
An administrative or service account must not be used when a standard user account can perform the assigned function in question.
Adjustment of privileged account permissions must be performed by the provisioner of the account and never the user of the account or a third-party.