IT Services

print friendly version

How to...

Using Role-based Accounts or other shared accounts

Introduction

This Guide primarily discusses role-based accounts, how to get one set up, how to use one, and gives other general guidance on the use of these accounts.

This Guide can also be used to set up access to a personal account for which access authorisation has been obtained: the method is the same. 

The Guide focusses on the use of Outlook for role-based accounts, but information on their use with Mulberry or Thunderbird is also provided - see the relevant entries in the Contents list.

For the sake of simplicity, we'll refer to role-based accounts simply as "role accounts" in the remainder of this Guide.

Contents

  1. What is a role account?
  2. Who can use a role account
  3. How to apply for a role account
  4. Changing the keeper of a role account
  5. Getting ready to use a role account

    Using role or shared accounts with Outlook or OWA
  6. Accessing a role account or other shared account with Outlook
    How to delegate access to a role or shared account
    Adding a shared account to Outlook
    Removing a shared account from Outlook
    Configuring Outlook Web App (OWA)
    What to do if it doesn't work
    IMPORTANT THINGS TO REMEMBER
     How to remove delegated access from a role or shared account

    Using role or shared accounts with other email applications
  7. Setting up Mulberry to use a role account
  8. Setting up Thunderbird to use a role account

    Other useful information
  9. Making use of mail folders in a role account
  10. Password guidelines

1. What is a role account?

A role account is an account that acts as a contact point or as shared working space for use by a group of staff, whether this be for administration, research or any other group purpose. It differs from a personal account because it is associated with a role and is not tied to or associated with any particular person. However, the account must have a current member of staff as its registered "keeper" who holds responsibility for the account and its use. A role account is essentially future-proof in that it remains as it is, even if the people using it change as they leave the university or change roles.

Functionally, a role account is no different from a personal email account. The only real difference is that it is provided by IT Services for use to support a role rather than as a personal account, and - unlike personal email accounts - may be shared by authorised members of staff.

2. Who can use a role account

Role accounts are normally available only to staff. They are not available to student groups, and students may only use them if they are doing paid work for the University or as part of a project being run by a member of staff. All role accounts must have a member of staff as their registered keeper, and that person must also take full responsibility for the use of the account and any issues arising from this. Any member of staff authorised by the registered keeper of the account may access the role account on behalf of their staff group. How this is actually organised is the responsibility of each group.

[back to top]

3. How to apply for a role account

We recommend that you first discuss your requirements with IT Services, to determine whether or not a role account is the most appropriate solution for you. The best way to do this is to contact us at Online Support. Once this has been decided, make sure you have discussed and agreed all the necessary details of the new role account with your colleagues. Then visit the IT Services website and click the red Help button, then either (depending on the web browser you're using):

  • Enter your username and password where shown and click login, then select the icon for requesting a role-based account, then complete the online form.

    OR

  • Under How can we help?, in the Please choose... list, select Set up a role-based account.   Then enter your username and password where shown and click login, then complete the online form.

It is vital that you complete and submit the online form, because this not only records your request formally but also gives you the means to provide us with all the information we need to set up the new account.

When a role account is created, it is normally given a username (login name) beginning with grp- and ending with a number, for example grp-123 (the grp- prefix stands for 'group', as these used to be called group accounts, though their remit has now widened).  The number is allocated sequentially but has no other significance. The account will normally also be given a friendly email address, as requested by you, though some role accounts are not used for email and are not given friendly addresses. If the requested email address is already in use, we will notify you and ask you to provide an alternative. This address would normally be used for all communication with that role account, and its username would only be used by staff for logging in (signing in) to the account.

When we have created the role account, we will contact you by email to let you know the account details are ready for collection. We do not normally send account details by email, so you would normally need to call in at our Service Desk in the Shawcross Building to collect them.

[back to top]

4. Changing the keeper of a role account

A role account always has a registered keeper; that is, the person who is formally responsible for it. If you are leaving the University or changing role so that you will no longer have responsibility for a particular role account, it is vital that you arrange with IT Services for the account to have a new 'keeper', or refer us to someone who can arrange this. If you do not do this, we will not know who is responsible for the account, and if any mishap or misuse occurs then you may be held responsible. If you leave the University without arranging for a new keeper for the account, it will close automatically along with your personal account after you have left, and this could cause serious disruption for your former colleagues. ITS does not monitor staff changes and cannot automatically reassign ownership of role accounts when staff leave or change role.

If the registered keeper of a role account is not known, please contact IT Services to find out.

[back to top]

5. Getting ready to use a role account

It's normally necessary to make some configuration changes in your preferred email application (Outlook etc) to allow you to access a role account alongside your own.  It is however possible to login to a role account on its own, directly using Webmail (normally Outlook Web App), and no special configuration changes are needed.   The sections below (for Outlook, Mulberry and Thunderbird) describe how to prepare your preferred email application to access a given role account.

6. Accessing a role account or other shared account with Outlook

There are two methods of accessing a role account's email with Outlook or Outlook Web App (OWA):

  • Direct access using the account's password, or
  • Delegated access (recommended)

If you wish to access another person's account, whether it be with their permission or for another operational reason, you must first obtain formal authorisation from the Director of IT Services.  This is required by the University's Institutional Access Policy (see Appendix 1).

Direct access with a password

You will need to create a profile for Outlook to allow you to login to the role account directly, using the account's own username and password.  See the Email for Staff and PhD Students guide to Outlook, for details.   You do not need to create a profile to access the account with OWA.  Direct access to the account like this will allow you to use the account in exactly the same way as if using your own personal account.   However, this method only allows access to one account at any one time.

Delegated access

Delegation is a means of providing named people with access to specified email accounts from their own personal email accounts.  The advantage of this method is that passwords do not need to be disclosed,  so delegation makes the accounts more secure against unauthorised use and is why IT Services recommends this method of access.  Delegation is possible only for accounts hosted on the Exchange email and calendaring system.   You may only freely set up delegated access to a role-based account.   You must not set up delegated access to a personal account without first obtaining authorisation from the Director of IT Services.

How to delegate access to a role or shared account

For someone to be able to read and send emails in a role-based account or other shared account, they need to be given delegated access to the account.  That means the account's registered keeper (normally the only person who knows the account's password) must first provide the delegated access.  If you are the registered keeper of a role account, you may still need to run through the delegation procedure described below before you can send emails on behalf of the account (although it's possible that you will already be able to view its folders and items in Outlook):

  1. Go to the IT Services delegation page.
  2. Under the Delegating account heading, enter the username (for example grp-123) and password for the role account or other shared account in the boxes provided.
  3. Under the Permissions heading, enter the email address of the delegate (the member of staff needing access to the shared account), for example A.N.Other@sussex.ac.uk).
  4. In the Calendar, Inbox, Contacts and Tasks boxes, choose the appropriate permission levels as required.  We recommend that you accept the Editor permissions offered as standard.
  5. Under the Folders heading, ensure the Enable permissions on all folders box is ticked, so that all the shared account's folders will be available to the delegate.
  6. Click the Add delegate button and wait for the delegating process to complete.

After delegation has completed, if you are not already able to see the role account's mailbox in your Outlook account  (in some cases this will happen automatically for account keepers), then you need to add it as described below (the instructions apply to Outlook 2010 or Outlook 2007).  We recommend closing Outlook and then restarting it before making these changes.

Adding a shared account to Outlook

First, login to your own account in Outlook.

Start with step 1 or step 2, according to whether you're using Outlook 2010 or Outlook 2007.

  1. If you're using Outlook 2010, do the following:
    - click on the File menu, click on the Info section on the left.
    - click on the Account Settings button in the Account Information column.
    - click on Account Settings... in the pop-up menu.

    Outlook 2010 Account Settings

    - now go to step 3.

  2. If you're using Outlook 2007, do the following:
    - open the Tools menu and click on Account Settings...

    Outlook 2007 Account Settings

  3. Click the E-mail tab if not already selected.
  4. Click on your account name under the Name heading, then click Change... in the row of tools above that window:

    Outlook 2010 Change account settings

  5. Click the More Settings button, then click the Advanced tab.
  6. Click the Add button, and in the Add Mailbox pop-up, enter the username for the other email account you wish to use (for example, grp-123). Then click OK.
    If more than one account is shown, select the correct one and click OK.
    The other account should now be listed under Open these additional mailboxes.  You can add more accounts if necessary, by repeating step 6.
  7. Click OK to return to the Exchange server settings window.
  8. Click Next and then click Finish, to return to the Outlook window.
    Your list of mail folders should now include a new entry: Mailbox - account (where account is the name of the extra account), ready to be opened to display the account's mailbox with its folders.
  9. It's best at this point to close Outlook and restart it, as we have found that Outlook sometimes fails to access the new account at first, and a restart usually resolves that problem.

Please read the Important things to remember section for information about sending email from a role account using delegated access.

Removing a shared account from Outlook

If you no longer require access to a shared account (for example if you change role and no longer need to use the account), you should remove the account from Outlook as follows:

  1. Follow steps 1 through 5 in the Adding a shared account section shown above.
  2. In the list of accounts shown, click on the account you no longer need to access, then click the Remove button.
  3. Click OK, then click Next, then click Finish.
  4. You should now restart Outlook, after which you should find the previously shared account is no longer listed in Outlook.

Configuring Outlook Web App (OWA)

Outlook Web App is limited in its ability to handle additional accounts. You can view the Inbox for a role account and send email on its behalf, but you can't view any other folders.  You may find it easier to login directly to the role account in OWA, then the steps below will not be necessary.

To view the Inbox, first delegate the appropriate permissions (see above) and then:

  1. Login to Outlook Web App and right-click (Ctrl+click on a Mac) on your account name (usually your own name) near the top in the left-hand navigation panel.
  2. Choose Open Other User's Inbox.
  3. Click on Name and lookup the role account.
  4. Double-click on it so it shows in the Select Field and click OK.
  5. Click OK again to close the window.

A reference to the other account, and its Inbox, should now appear below the list of your own folders.  Click the Inbox to open it, just as with your own folders.

What to do if it doesn't work

If the account access permissions are not correctly set then you may see a message saying that "An object could not be found".  If you believe that you have the correct access permissions but cannot open the folders, try closing and then restarting Outlook. Try also closing down your computer and restarting it. Contact IT Services for assistance if you are still unable to view or send messages.

IMPORTANT THINGS TO REMEMBER when sending email from a role account using delegated access

  • To send a New email from the role account, click Options in the New Message window, then click From Field to display a box in which to enter the email address of the role-account.  If you don't do this, the message will appear to come from your own personal account.
  • If you Reply to a message in the role account's Inbox, the reply will be sent using the role account's email address.
  • If you want to force a reply to be from your own personal email address, remove the role account's name from the From box at the top.
  • Messages sent from the role-account are copied to your own Sent Items folder, not that of the role account.  Unfortunately there is no way around this except to physically move the copied message from your own Sent Items folder to that of the role account.
  • If you want to vary the signature being used in outgoing messages, this will depend on the Mail Format you have selected.  With the recommended format it is best to select none in the Signatures section, and use the Insert menu to select the signature you want to use.   If the Insert menu does not offer Signatures, try right-clicking in the message text area to see if Signature is available there.

How to remove delegated access from a role or shared account

You can remove individuals from an account's list of delegates in Outlook 2010 or Outlook 2007 as follows:

  1. If you're using Outlook 2010, do the following:
    - click on the File menu, then click on the Info section on the left.
    - click on the Account Settings button in the Account Information column.
    - click on Delegate access in the pop-up menu.
    - now go to step 3. 
  2. If you're using Outlook 2007, do the following:
    - open the Tools menu and click on Options...
    - click on the Delegate tab.
  3. In the list of delegates provided, click on the name of the person you want to remove from the list.
  4. Click the Remove button.
  5. If you're using Outlook 2010, click on the Home menu, or
  6. If you're using Outlook 2007, click OK.

7. Setting up Mulberry to use a role account

Information on setting up Mulberry for use with a role account can be found in FAQ 2470.

8. Setting up Thunderbird to use a role account

Instructions for adding an extra account to Thunderbird can be found in the Guide to Thunderbird - see the section on installing extra Thunderbird accounts.

[back to top]

9. Making use of mail folders in a role account

Mail folders should be used to store related email in its own dedicated space, rather than all mixed together in the Inbox, and will make it much easier to handle the various types of business associated with a role account.

Name the folders according to particular tasks, activities or business in the group, so that email related to those tasks can be stored appropriately and be easier to find later.

[back to top]

10. Password guidelines

The nature of a role account, and the way it is used, emphasises the need for extra security for the account's password.

  • Keep the password secure: with the use of delegation to control access to an account using Outlook, it should not be necessary for anyone except the account's registered keeper to know its password.  If sharing the password is unavoidable, only the members of staff authorised to use the account must be given its password.
  • Only the account's registered keeper should change the account password.
  • In the absence of the registered keeper, other members of the group may change the password if it is considered necessary, but they should inform the account's keeper of this as soon as is practical.   If it's not known who the account's keeper is, contact IT Services for help.
  • If the password is forgotten the registered owner should call in at the IT Services Enquiries Desk to request a new one. They must provide proof of their identity and staff group affiliation.  In the absence of the registered keeper, another member of the group can make the request, but they must provide ITS with evidence that they are a member of the group, and the account's keeper will be notified.

[back to top]

created on 2010-01-01 by Andy Clews
last updated on 2013-07-25 by Chris Limb