Lynn McRae Stanford University Lynn McRae Stanford University Stanford Authority Manager Privilege management use.

Slides:



Advertisements
Similar presentations
WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.
Advertisements

Enlighten: integrating a repository with University systems and processes Morag Greig Advocacy Manager- Enlighten University of Glasgow UKCoRR meeting.
The Documentum Team Lance Callaway, Brooke Durbin, Perry Koob, Lorie McMillin, Jennifer Song Missouri University of Science and Technology Rolla, Missouri.
HR Forum Update October 25, What is HopkinsOne? The name of an initiative designed to replace many of the business and administrative systems.
1 State of Connecticut Core-CT Project HRMS Training Registration July, 2003.
Privilege Management with Signet: Steps to an Application Keith Hazelton University of Wisconsin-Madison Internet2 MACE Broomfield, Colorado 1-July-04.
© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Hyperion EPM Overview & Case Study.
Manager Desktop & Supervisor ID UL Meeting December 15, 2006.
SE 464: Industrial Information systems Systems Engineering Department Industrial Information System LAB 02: Introduction to SAP.
Integration of Applications MIS3502: Application Integration and Evaluation Paul Weinberg Adapted from material by Arnold Kurtz, David.
Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.
Oracle Finance Overview for IT Advisory Group September 2004.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
Signet and Grouper for Distributed Attribute Administration
ENTERPRISE DATA INTEGRATION APPLICATION ARCHITECTURE COMMITTEE OCTOBER 8, Year Strategic Initiatives.
Oracle iLearning/Tutor Integration Jan  Oracle iLearning Overview  Oracle Tutor Overview  Benefits of integration  Manual integration process.
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
DYNAMICS CRM AS AN xRM DEVELOPMENT PLATFORM Jim Novak Solution Architect Celedon Partners, LLC
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
Corporate Support Richard Brown, Business Director.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
New Products for ©  2009 ANGEL Learning, Inc. Proprietary and Confidential, 2 Update Summary Enrich teaching and learning Meet accountability needs.
ADOPTING OPEN SOURCE INTEGRATED LIBRARY SYSTEMS Best Practices Presented by Vandana Singh, PhD Assistant Professor, School of Information Sciences University.
- 1 - Roadmap to Re-aligning the Customer Master with Oracle's TCA Northern California OAUG March 7, 2005.
Uniting Cultures, Technology & Applications A Case Study University of New Hampshire.
What is Oracle Hyperion Planning  Centralized, web- based Budgeting and Planning application  Combines Operational and Financial measures to improve.
Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.
Elsevier |MC Strategies 2009 Administrator Roundtable Administrative Permissions & Update on Design Work March 19, 2009.
Signet and Grouper A Use Case Study for Central Authorization at Cornell University March 2006.
Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee.
Delivering business value through Context Driven Content Management Karsten Fogh Ho-Lanng, CTO.
December 2001 Internet2 Virtual Briefing - 1 -Stanford University Authority Registry December 12, 2001 Stanford University Lynn McRae.
1 SMART Training Update – May 2011 Michaela Butterworth.
Using Signet and Grouper for Access Management Using Signet and Grouper for Access Management Tom Barton, University of Chicago Lynn McRae, Stanford University.
ERA OneView Gateway to eRA. 2 Agenda Business Case Business Case Functional Case Functional Case Prototype Prototype Technical Case Technical Case Timeline.
Setting up Privilege Management with Signet Metadata.
Authority Process & Policy   Advanced CAMP July 9, 2003 Copyright Sandra Senti This work is the intellectual property of the author. Permission.
Windows Role-Based Access Control Longhorn Update
Stanford University -- Using Hyperion for Budget Formulation & Analysis Presented by Dr. Andrew Harker Director of Budget Management Stanford University.
Authority Implementation Stanford University Lynn McRae CSG Presentation September 18, 2002.
Advanced CAMP: BoF Summaries. 2 Role-based Access Control (RBAC)
1 © Xchanging 2010 no part of this document may be circulated, quoted or reproduced without prior written approval of Xchanging. MOSS Training – UI customization.
1 Pinnacle Telephone Billing System Upgrade Open Forum I February 27, 2009.
Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions.
Bruce Vincent Technical Support Services Strategy & Architecture ITSS Introductory Presentation 9/12/2003 Bruce Vincent, Technology Strategist 25/1/2005.
Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.
Chris Louloudakis Solution Specialist Identity & Access Management Microsoft Corporation SVR302.
1 Acquisition Automation – Challenges and Pitfalls Breakout Session # E11 Name: Jim Hargrove and Allen Edgar Date: Tuesday, July 31, 2012 Time: 2:30 pm-3:45.
Enterprise Resource Planning - PeopleSoft. An ERP system is a business support system that maintains in a single database the data needed for a variety.
Buy Back Time with Better, Faster, Easier Budgeting for Microsoft Dynamics GP Zubin Gidwani Founder
Software sales at U Waterloo Successfully moved software sales online Handle purchases from university accounts Integrated with our Active Directory and.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Content Management: What Is It and Why Should You Care?
PlatinumPay Pro The Next Generation of PlatinumPay and PlatinumHR.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Workflow: Update and program proposal The Workflow Steering Committee November 1 st, 2006 Steve Lutter, Assistant Director CIT/IS.
Contract Lifecycle Management In the Disruptive Age
I2/NMI Update: Signet, Grouper, & GridShib
Privilege Management: the Big Picture
Health Ingenuity Exchange - HingX
Signet Privilege Management
Technical Topics in Privilege Management
Signet & Privilege Management
Authority Implementation Stanford University
Signet Privilege Management
Contract Management Software 100% Cloud-Based ContraxAware provides you with a deep set of easy to use contract management features.
WORKSHOP Establish a Communication and Training Plan
Presentation transcript:

Lynn McRae Stanford University Lynn McRae Stanford University Stanford Authority Manager Privilege management use case Integration CAMP Denver, June 27, 2005

2 Stanford Authority Manager Initial production, November 2001 Created in conjunction with ERP migration from mainframe Student Administration (PeopleSoft/SA) Sept 2001 Human Resources (PeopleSoft/HR) Sept 2002 Oracle Financials Sept 2004

3 Stanford Authority Goals Simplify authority policy, management and interpretation. Manage and summarize the privileges of an individual in one place. Support consistent application of authority across systems via the infrastructure. Provide automatic revocation of authority based on affiliation changes. Evolve role-based authority -- managing privileges based on job function.

4 Stanford Authority Architecture Central Authority Management Common user interface. based on business functions and language, not system-specific or in technical terms Rich privileges -- e.g., scope, direct qualifiers, indirect qualifiers Supports a model of distributed Authority management. Integrated with Organizational Registry Records “chain of delegation”

5 Stanford Authority Architecture Central Authority Management A repository of authority assignments and resulting privilege information. Does not replace the security systems in each local system. Requires integration/synchronization of data between Authority system and local systems. Features to facilitate mapping of user assignments to target systems.

6 Authority Manager Assignments 45,000+ active assignments (70k to date) 32,000+ financial 5,500+ hr 3,500+ student 4,000+ Enterprise Reporting 58 Research Administration (conflict-of-interest) 4 Space Management (new) 144 are “authority authority” assignments For “granting proxy” within Authority Manager Statistics gathered week of June 20-25, 2005

7 Authority Manager Assignments 381 current grantors (2.6% of ~14,000 faculty/staff) 329 financial 45 hr 116 student 5,106 current grantees (36% of faculty/staff) 2,899 financial 795 hr 1,183 student 897 grantees (18%) can delegate to others

8 Prerequisites Prerequisites control auto-activation 2,950 assignments are “pending” Most: nightly feed from LMS ( STARS - Stanford Training and Registration System) Some: direct workgroup maintenance Manage HR Records Training Alcohol Approver Sign Confidentiality Statement Cost Policy Training DPA iBudget Training Labor Distribution Training Labor Distribution Adjustments Training GFS Policy and Entry Training GFS Read Only Access Training Student Records Dept Course Setup Student Admin Basics Training FERPA GLB, Student Financial Acct Training

9 Conditions Conditions control auto-revocation 462 assignments have expiration date 1.1% of 42,000 active assignments All others have “While at Stanford” Based on “stanford administrative” -- faculty, staff (including casual/temps) and sponsored affiliates Mostly great, but not precise enough -- need “while in department”

10 Security Granting authority governed by two principles You can only give what you have, or less Permission use or to give to others is separate and explicit Stanford Authority Manager is open to the “Stanford administrative” community Any user can see all privileges for any other user

11 Authority Manager - Home page

12 Authority Manager - Home page

13 Authority Manager - Home page

14 Designated drivers Granting proxy Acting in Authority Manager for someone else who has Authority Can “grant only”; does not actually have privileges Cultural necessity Acting approver Assumes privileges temporarily

15 Authority Manager - Home page

16 Help and Training Core system owned by Stanford IT (ITSS) General use/availability/problem reports through central Help Desk Tier 1 help, else direct user to central office or IT staff. Web based training IT developed module for basic system commands and concepts Subsystem owners responsible for training module in their own realm Online Tutorial available through the UI

17 Authority Manager - Person View Janet King

18 Authority Manager - Person View

19 PeopleSoft and Oracle do not have security APIs Custom development to process “privileges” XML document into local system Inadequate resource planning for the scope of integration work Skill set issues Has led to more centralized support for integration Integration Challenges No user serviceable parts Warranty void if opened

20 Integration Challenges PeopleSoft still uses manual integration Nightly /printed report Staff job to transfer data into PeopleSoft security panels Being automated this summer Audits Required to establish trust in Authority Manager assertions Non-trivial independent effort Effort is ongoing

21 Integration Challenges Authority/business system functional gaps Oracle Financials, more than 1 active approver Oracle Financials, workflow referrals up PeopleSoft: cross associations (false positives) Bootstrap grantor issues “real” authorization chain schools vs central office model bulk loading at initial conversion, no recorded chain of authorization

22 Reporting Online views Good for person details Weak for organization level details Lack of independent reporting Priority for new development Controls for reporting down a hierarchy Upcoming work to integrate with ReportMart

23 UI Challenges Style of business language Nouns/verbs, roles/action, non-system-specific Perceived complexity of wizard interactions for repetitive tasks Ameliorated by some wrap-around controls Performance/scalability problems in Web app, esp. for users with a lot of authority

24 Functional needs Granting to Groups or Roles Transfer of authority from old to new person Revoke all Bulk grantor updates Lack of administrative interface Supported centrally by IT staff Changes in metadata complex and confusing Option to limit granting to only one level

25 Successes Distributed delegation model Auto-activation and revocation Near realtime integration Stanford events service Consistency of UI across domains Re-use across systems (report mart) Stanford model adopted for I2/NMI Signet Privilege Management software

26 Fini Questions… Contact: Lynn McRae,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.