4,321: System Security Approval Process

Last Revised: February 2014

Employees with a need to access student, financial, and human resources information via PeopleSoft, CAIS, NOLIJ, Advantage and/or HRMS--or any other third party application containing student, financial or human resources information--must complete a security application. The application must be signed by the applicant; approved by the applicant's department chair, director, dean or VP, depending on the access being requested; and then submitted to the security coordinator for sending out to the respective application coordinators.  PeopleSoft requests only allow for a dean or VP approval; reasons for the need for accessing student information and how it will be used must be indicated on the application in the dropdowns after selecting a role on the PeopleSoft page. Human Resources access follows the role-based assignments listed below.  Since roles are defined via job descriptions, supervisory approval is not required.   In addition, the applicant must certify compliance with all university, federal and state privacy and computing regulations.  The application will be reviewed and approved by the appropriate application coordinator and then returned to and processed by the security coordinator.

HRMS Security Access

HRMS security access uses a role-based security model with three types of roles defined:: Department, College/VP and Functional Area.  Each of these areas is defined below along with the default security assignment for each.  Security is assigned for all four access points for each user.  Security for HRMS is established for both green screen and web access at the same time.  Security for QA is also established for all users.  Additionally the same profile is used to establish CAIS security at setup.   The span of access is defined by the organizational hierarchy and where the employee's duties fit within the organizational hierarchy.  In the event a job description does not list duties requiring HR data, the supervisor will be consulted.

Departmental Users:   If the employee is in a department they will, by default, receive department-level access by completing a security application as long as their job duties warrant such access.  Access will be granted to all employee types including volunteers in the department in which the staff member is employed.  This role is typically assigned to administrative assistants, department chairs and directors. The level of access allows a user to view employee and pay information and update that information in suspense.

College/VP:  If the employee is in a college or VP budget office they will, by default, receive access to the college or appropriate vice president by completing a security application as long as their job duties warrant such access.   Access will be granted to all employee types including volunteers in the college, dean or vice president level in which the staff member is employed.  This role is typically assigned to personnel and budget officers, deans and assistant/associate deans, vice presidents and assistant vice presidents. The level of access allows a user to view employee and pay information and update that information in suspense.

Functional Area:   Administrative units have defined access privileges based on their job function.  Employees in these administrative units will receive the security profile associated with their required job duties.  In the event this assignment is unclear, the Director of the administrative unit will be consulted.  Profiles for budget, payroll and controller's office are defined on an individual basis based on job duties.  The level of access allows a user to view employee and pay information for most functional areas.   Human Resources and Payroll staff have permissions to release information into the production environment, where such access is being requested the employee's supervisor must authorize.

A small number of employees have access to more than one area.  In most cases these employees are assigned two access ID's to reflect the distinctive access profiles.     If an employee requires access to additional departments outside the above protocol, they will be asked to provide a justification/ explanation of business need.  The designated security administrator within Human Resources will determine the appropriate level of access based on the job function and justification listed on the security application.