1. Goals of this Session: Discuss all of those items related to Access to Information.. You – H/R completely control: –Access for the employee and to what they can see –Access for staff according to their current assignment and what employee information they can see/edit –** This is scary but extremely efficient ** Discuss EC Userid and Password process Discuss newfound ‘tight’ relationship with I/T – how can this happen, how can we manage this without adding to our workload? Why and to what degree should H/R be involved? Security & Access

2. Employee has access providing they are an active employee (main status = Y) –PAY.324 access to update their info (PAY.190) –EIS.122 access to appropriate folders –EIS.131 access particular certificates/expiry notices How to generate EC password? CIMS can do this automatically for you!!! Nightly job will look for new employee and auto-create a random password. THEN, Employee uses ‘Forget my password’.. No maintenance! Seriously CONSIDER Security & Access

3. Staff have AdminConnect access based on –A match between PRO.300 and PRO.100 which keys on position, location, sub-type. More than one person could be assigned to the same CIMS Userid –PAY.324 ability to provide forward access at times (beginning of school year) based on the cut-off date –Super important: RES.000 PAY.ACC SUB.000 Confirmation: What districts have NOT gone to generic User Profile names for iSeries?? Security & Access

4. Reminder: Our goal is to achieve our own version of single signon –Employee signs into EC (can align password with network password (or not) and that is IT – access to all other modules NO additional password! No need to know/see iSeries userid or password - ever! Take Two program changes –EIS.331 scrambled/encrypted password –EIS.331 manage password option to enforce (or not) users to change their password every X days –When SC or AC launched, AS/400 user profile sign in field updated so iSeries is aware that userid is being used. Security & Access

5. Relationship with I/T –SD23, BSD, RETSD, SDML, PLPSD: CIMS nightly job looks at PRO.300 history and provides a change report (or full file) that describes all user changes. Super complex process and hugely more accurate than any daily list you could be providing to them right now! I/T uses this report to do their work (setup in AD, email, VOIP, distribution lists) –New PRO.150 available for CIMS to automatically generate your distribution lists accurately each night based on CIMS PRO.300 … HUGE, HUGE POTENTIAL EVERY district using PRO.300 should be exploiting this with I/T … If not – a huge manual process must be occurring! Security & Access

6. Relationship with I/T –Does I/T have EIS.380 access to CIMS (or AC) and do they understand how to read PRO.300 history records?? Wouldn’t this help them immensely? –Some districts provide I/T with EIS.332 – maintain email addresses for employees.. Some districts – H/R adds this, some districts upload a file each night to CIMS … other districts ????? Security & Access