User guidelines for information processing systems at Bayreuth University
(Benutzungsrichtlinien für Informationsverarbeitungssysteme der Universität Bayreuth)
Signed off by the Senate of the University of Bayreuth on July 18th of 1997
Introduction
The University of Bayreuth and it’s institutions ("Operator" or "Systems Operator") operate an
information processing infrastructure (IV-Infrastructure), comprising data processing systems
(computers), communication systems (networks) and further auxiliary devices for information
processing. The IV-Infrastructure is integrated into the German academic network and therefore into
the global Internet.
These guidelines regulate the conditions under which the spectrum of services can be used.
The guidelines:

are orientated to the legally defined responsibilities of universities as well as to their mandate to
guarantee academic freedom,

represent basic rules for the correct operation of a IV-Infrastructure,

advise of the rights of third parties which must be observed (e.g. software licences, conditions of
the network operator, data protection aspects),

obligate the user to correct behaviour and to economic use of the resources on offer,

regulate the legal consequences should rules be breached

All designators apply to men and women equally. A differentiation in the wording of the individual
rules will not be made.
§1 Scope
These user guidelines apply to the IV-infrastructure, comprising data processing systems
(computers), communication systems (networks) and further auxiliary devices for information
processing supplied by the University of Bayreuth and its institutions.
§2 User group and responsibilities
(1) The IV resources named in §1 are available to members of the University of Bayreuth to fulfill their
duties relating to research, teaching, study, further training and public relations for the university and
others duties described in article 2 of the Bavarian University Law. The use of these resources is
also permitted for cooperation partners for teaching and research of professors of the University.
(2) Other people and institutions may be permitted the use of these resources according to KMK
guidelines.
(3) Members of the University of Bayreuth should contact either the computer centre or the organisation
responsible for them (see §3 (1)).
1
User guideline for the information processing systems at the University of Bayreuth
§3 Formal usage authority
(1) Those wishing to use IV-resources according to §1, require a formal usage authority from the
responsible system operator. An exception to this are services which have been created for
anonymous access (e.g. information services, library services, short-term guest identification at
conferences
(2) System operators are for

central systems of the computer centre,

decentralised systems of the responsible organisational units such as faculties, institutes,
operating units, chairs and other units of the University of Bayreuth.
(3) The formal application for user authority should be made to the computer centre and should include
the following details:

Operator/institute or organisational unit at which the usage authority application is being made.

Systems for which the usage authority is required.

Applicant (individual): name, address, telephone number (for students also the matriculation
number) and membership of an organisational unit of the University; if the application is being
made by an organisational unit, a person (name, address, telephone number) should be named
who acts on behalf of the organisation.

Approximate information regarding the purpose of the use, for example, research,
training/teaching, administration.

Entries for information services of the University (z.B. X.500).

The confirmation that the user acknowledges the user guidelines.
If the scope of the decentralised resources doesn’t justify the effort for a separate user
administration, recognition of these guidelines is necessary due to the network usage associated
with the use of decentralised computers (automatically given with proof of user authority for
centralized systems). The system operator may only request further information if it is necessary for
the decision relating to the application.
(4) The system operator responsible makes the decision about the application. He can make the issuing
of the usage authority dependent on proof of particular skills relating to the use of the system. The
application will be refused when the applicant does not acknowledge the user guidelines.
(5) Usage authority may be denied if:
2

It does not appear to be guaranteed that the applicant will comply with his duties as a user;

The capacity of the system for which usage is being applied, does not suffice for the planned
work due to the existing workload;

The intended work is not compatible with the scope according to §2;

The system is evidently not suitable for the intended use or is reserved for special purposes;

The system intended for use is attached to a network that has to comply with particular data
protection requirements and no objective reason for this desired access is evident;
User guideline for the information processing systems at the University of Bayreuth

If it is to be expected that other authorised uses are disturbed inappropriately by the submitted
use;
(6) The usage authorisation only applies to work in connection with the submitted application;
(7) If the user is no longer a member of the University of Bayreuth and no explicit cooperation has been
agreed (see §2 (1)).
§4 Responsibilities of the users
(1) The IV resources according to §1 may only be used for the purposes named in §2. Usage for other,
in particular commercial purposes, can only be allowed if an application is made to the University
and payment is made.
(2) The user is obligated to use the available equipment (workstation, CPU capacity, disc space,
interconnect capacity, peripherals and other supplies) are used in a responsible and economical
manner. The user is obligated to refrain from damaging the service and to his best knowledge, avoid
anything which could cause damage to the IV infrastructure or to other users.
Contraventions may lead to claims for damages, also in the case of negligence (§7).
(3) The user must refrain from all types of misusage of the IV infrastructure.
He is particularly bound to,

only to work with user identification, the use of which has been permitted to him; it is not
permitted to pass on identification and passwords to others;

protect access to the IV resources with a password which is to be kept secret or a similar
process;

take precautions so that unauthorised third parties do not have access tot he IV resources, to
which includes not using obvious passwords, changing the password often and to end interactive
sessions correctly by logging out.
The user has full responsibility for all actions which are undertaken using his user identification, even
when these actions have been undertaken by third parties whose access he has at least made possible
due to negligence.
In addition, the user is bound to,

comply with legal rulings (copyright protection) in the use of software (sources, objects),
documentation and other data;

inform himself of the conditions under which the software, documentation or data, which has
partly been acquired within the framework of licence contracts, can be used, and to comply with
these conditions,

not copy or pass on software, documentation or data to others, at least as far as not expressly
permitted, to others without permission, nor to use it for commercial purposes.
Contraventions may lead to claims for damages, also in the case of negligence (§7).
3
User guideline for the information processing systems at the University of Bayreuth
(4) The IV infrastructure may only be used in a legally correct manner. It is expressly pointed out that in
particular the following behaviour is liable to prosecution according to criminal code:

spying of data (§202 a StGB).

unauthorized changing, deleting or disabling of data, or making it unusable (§303 a StGB).

Computer sabotage (§303 b StGB) and computer fraud (§263 a StGB).

spreading propoganda from unconstitutional organisations (§86 StGB) or racial thought (§131
StGB).

spreading pornography in the network (§184 Abs. 3 StGB).

retrieving or ownership of documents with child pornography (§184 Abs. 5 StGB).

defamation of character, namely libel, slander (§§185 ff StGB).
The University of Bayreuth reserves the right to take steps to prosecute, either criminally or civilly (§7).
(5) The user is not allowed, without permission from the responsible system operator, to:

undertake changes in the hardware installation,

change the configuration of the operating system, or the network.
The authorization for the installation of software must be cleared by the systems operator in individual
cases.
(6) The user is required to check any intentions to change individual-related data with the system
operator before starting. Thereby not affected is the duty which arises from the clauses of the data
protection act.
The user is forbidden to acknowledge or exploit messages meant for other users.
(7) The user is bound to,

take note of the guidelines for use provided by the system operator;

abide by user and access guidelines of other operators when using their computers and
networks.
§5 Duties, rights and responsibilities of the system operator
(1) Each system operator should have documentation about the issued user authorisation. The
documentation should be kept at least two years after the expiry of the authorization.
(2) The system operator contributes to an adequate extent, in the form of regular spot tests, in the
avoidance or detection of misuse. For this purpose he is permitted to:

4
document and evaluate the activities of users, insofar as these serve for accounting, resource
planning, monitoring of the service or the tracing of faults and breaches of the user guidelines as
well as legal clauses;
User guideline for the information processing systems at the University of Bayreuth

look in user directories and mailboxes or to protocol the network usage of the user using a
network analyzer with a witness and with the legal duty to record it, if there is a suspicion of
breaching user guidelines or legal clauses;

use measures to collect evidence such as keystroke logging or network analyzer with a
hardening of the suspicion of a punishable offence.
(3) The system operator is bound to confidentiality.
(4) The system operator makes available the contact person for the supervision of his users.
(5) The system operator is bound to comply with the usage and access guidelines, when working with
the computers and networks of other operators.
§6 Liability of the system operator / Non liability
(1) The system operator accepts no guarantee that the system functions meet the special requirements
of the user or that the system operates without errors and without disruption. The system operator
cannot guarantee the integrity (re. deletion, manipulation) and confidentiality of the data saved with
him.
(2) The system operator is not liable for damage of any kind which the user suffers from usage of the IV
resources according to §1; with the exception of deliberate behaviour of the system operator or the
person fulfilling his tasks.
§7 Implications of misuse or illegal use
(1) If there is infringement of legal clauses or of the clauses of these user guidelines, in particular of §4
(user liability), the system operator can partly or completely withdraw the user authorization. It is
irrelevant if the infringement results in material damage, or not.
(2) For serious or repeated infringements, the user can be barred from using IV resources according to
§1 in the long run.
(3) Infringements of legal clauses or of the clauses of these guidelines will be checked for their criminal
liability as well as for claims according to civil law. Circumstances which appear significant will be
passed on to the legal department who will check whether legal proceedings will be begun. The
University retains the right to pursue claims according to criminal or civil law.
§8 Other rules
(1) For the use of IV resources, fees can be applied in special arrangements.
(2) For particular systems, additional or differing user rules can be determined.
(3) Rules for using the World Wide Web (WWW) are found in the attachment.
(4) Jurisdiction for all legal claims relating to the usage is Bayreuth.
5
Rules for using the World Wide Web (WWW)
RULES FOR USING THE WORLD WIDE WEB (WWW)
(1) The web pages of the University of Bayreuth fulfill the following functions:

Presenting the University in the Internet.

Easy access to information from the University (teaching, research, institutions, courses of
study and conditions.

Coordination of research and teaching at the University and exchange with other universities
and research institutions.

Training in the area of communication media.

Testing and extension of the new communication media.
(2) The organisations of the University which are defined in the basic order and the organisational notice
of the University carry the University emblem on their pages (official Web pages).
(3) Members of the university with user authorization may provide unofficial Web pages on the IV
infrastructure to a limited extent. Also groups connected to the University (cf. organisations included
in the lecture directory) may, with permission from the director, make unofficial web pages available.
The application must be made in writing according to § 3 of the user guidelines. The director can
delegate the response to the application. These Web pages may not carry the University logo
(unofficial Web pages).
(4) On all pages, the clauses from § 4 para. 4 as well as the copyright, patent law, licencing law and
data protection act application must be found. In addition they are subject to being politically neutral
and forbidden from carrying commercial advertising.
(5) On each home page of an institution, group or person, the person responsible must be named.
(6) The University of Bayreuth reserves the right to make spot test controls of web sites. Censorship
does not take place. In the case of infringement of legal clauses or the clauses of these user
guidelines, then §7 applies. In this case, the University of Bayreuth retains the right to bar the
affected Web pages from public access. A breach of rules must be notified to the director of the
University in writing.
6