Overview This session is aimed at both PeopleSoft Financials users and Security Administrators. We will discuss plans for the 9.2 upgrade including streamlined security roles, the use of new tools like dynamic security, and things you can do to prepare for the upgrade.
Users can add themselves Gives basic access - May include Expenses depending on institution Adding New Users
Core users can still Self Register, however, the local Security Administrator at the institution will be required to add additional roles. Local Security Administrators can still manually add user accounts under Distributed User Profiles. Core Users
Security Roles in 9.2 Security roles are mapped to functional Business Processes. During Fit Gap, a thorough review of 8.9 roles was completed. Around 32 roles were eliminated and 17 roles were renamed. Dynamic Role Assignment will be introduced as part of the upgrade for certain roles.
Dynamic Role Example Sally is an Expenses Department Approver. Setup for Approver Assignments is located here:
Dynamic Role Assignment Cont’d Since Sally is defined on the Approver Assignments page as an Approver, she should get the BOR_EX_APPROVAL role. Instead of the local Security Administrator going to Sally’s User Profile and adding the role manually, it can be automatically added/deleted via a query process.
Dynamic Role Assignment Cont’d The role query will run in the background and search for user IDs that are defined as approvers. It will automatically assign the role. Upon Termination, when the approver is removed from the Approver Assignment Page, the role query will run and remove the BOR_EX_APPROVAL role from the user ID without manual intervention. ITS is looking into other areas where Dynamic Role Assignment can be used to help automate security. If the local Security Admin manually assigns the BOR_EX_APPROVAL role, then the role query/dynamic assignment will not remove the role automatically. It becomes a static role at that point.
Manual Role Assignments The hardest part of Role Assignments is knowing which role provides what access. In 9.2, ITS is updating the roles with long descriptions that will contain the business processes to which that the role has access.
Role Definitions In addition to the long description, there will be a cheat sheet released for all ITS delivered roles and business process assignments.
Other Roles Also, in 9.2 there is an expanded use of workflow in various modules. (Attend the Workflow is Overflowing Session today at 5:10 pm!) – This means more roles (for workflow approvals!) – Also means more cleanup of role assignments upon termination. Workflow will be delivered in ePro, Purchasing, Accounts Payable, Expenses, General Ledger and Commitment Control.
How to Prepare for the Upgrade There are several things that can be done at each institution now and ongoing in current production, that will ensure a smooth transition. – Stay on top of your terminated users – Current User access review – User Access Report – User Preferences Report – Commitment Control Security Report
How to Prepare for the Upgrade Each institution will NEED to run the User Access Report in version 8.9 that is under BOR Menus > BOR Utilities > BOR Security > User Access Report. This report will need to be run prior to UAT and right before upgrade cutover. Local Security Administrators should review the role assignments and note where changes are needed for things such as: – Role name changes in 9.2 – 8.9 role deletions – Roles that have been combined with other functionality (Different than in 8.9).
How to Prepare for the Upgrade Prior to UAT, each local security administrator will be responsible for attending a training session as well as configuring their users within the UAT environment. It is the plan to extract users and their security from this UAT environment to use in Production after cutover. It is very important that a thorough review of access/user preferences, commitment control security, documentations, and approvals is completed (especially for AUDIT Purposes)!
After the Upgrade Audit 2015 will be right around the corner. – Current User Access will be KEY this year. – Terminated user cleanup is still critical. – Review all unlocked accounts to ensure they migrated over correctly from UAT. – Remember segregation of duties during the review. – Local Security Admin accounts will be forced to reset their password every 90 days instead of 180. – Commitment Control security needs to be reviewed as part of the controls. Any access issue can be addressed via a helpdesk ticket to ITS.
Security Modifications There are several modifications that are being dropped for security in 9.2 The first two relate to updating a cross reference table dealing with multi- campus users. What does this mean to you? When Security Administrators are terminating a user, it is very important to populate the User ID Alias field with OPRID-EMPLID.
Security Modifications Cont’d Then on the ID tab, in the ID Type field, select None. Save. This will eliminate MOST of the multi campus user issues you encounter!
Security Modifications Cont’d This Save Approver ID page will no longer be available in 9.2
Security Modifications Cont’d The Role User Access Report and the User Access Report will no longer be delivered in 9.2 as there are other queries that can be run to replace the reports. PT_SEC_USER_PAGE PT_SEC_ROLE_PAGES
Training & Documentation Online Security Training http://www.usg.edu/gafirst-fin/training/archives Security Guides & Documentation http://www.usg.edu/gafirst- fin/documentation/category/security