Transcript PowerPoint Slides - University System of Georgia

Overview
This session is aimed at both PeopleSoft Financials
users and Security Administrators. We will discuss
plans for the 9.2 upgrade including streamlined
security roles, the use of new tools like dynamic
security, and things you can do to prepare for the
upgrade.
Setting Up Users
Ever Feel Like This?
Adding New Users
• Users can add themselves
• Gives basic access - May include Expenses depending on
institution
Core Users
• Core users can still Self Register, however, the local Security Administrator
at the institution will be required to add additional roles.
• Local Security Administrators can still manually add user accounts under
Distributed User Profiles.
New Security Request Form Sample
Sample Job Aid by Job Function
Sample Job Aid by Job Function
Security Roles in 9.2
•
•
•
•
Security roles are mapped to functional Business Processes.
During Fit Gap, a thorough review of 8.9 roles was completed.
Around 32 roles were eliminated and 17 roles were renamed.
Dynamic Role Assignment will be introduced as part of the upgrade
for certain roles.
Dynamic Role Example
• Sally is an Expenses Department Approver.
• Setup for Approver Assignments is located here:
Dynamic Role Assignment Cont’d
• Since Sally is defined on the Approver Assignments page as an
Approver, she should get the BOR_EX_APPROVAL role.
• Instead of the local Security Administrator going to Sally’s User
Profile and adding the role manually, it can be automatically
added/deleted via a query process.
Dynamic Role Assignment Cont’d
• The role query will run in the background and search for user IDs
that are defined as approvers. It will automatically assign the role.
• Upon Termination, when the approver is removed from the
Approver Assignment Page, the role query will run and remove the
BOR_EX_APPROVAL role from the user ID without manual
intervention.
• ITS is looking into other areas where Dynamic Role Assignment can
be used to help automate security.
• If the local Security Admin manually assigns the BOR_EX_APPROVAL
role, then the role query/dynamic assignment will not remove the
role automatically. It becomes a static role at that point.
Manual Role Assignments
• The hardest part of Role Assignments is knowing which role
provides what access.
• In 9.2, ITS is updating the roles with long descriptions that
will contain the business processes to which that the role has
access.
Role Definitions
• In addition to the long description, there will be a cheat
sheet released for all ITS delivered roles and business
process assignments.
Other Roles
• Also, in 9.2 there is an expanded use of workflow in various
modules. (Attend the Workflow is Overflowing Session
today at 5:10 pm!)
– This means more roles (for workflow approvals!)
– Also means more cleanup of role assignments upon termination.
• Workflow will be delivered in ePro, Purchasing, Accounts
Payable, Expenses, General Ledger and Commitment
Control.
How to Prepare for the Upgrade
• There are several things that can be done at each institution
now and ongoing in current production, that will ensure a
smooth transition.
–
–
–
–
–
Stay on top of your terminated users
Current User access review
User Access Report
User Preferences Report
Commitment Control Security Report
How to Prepare for the Upgrade
• Each institution will NEED to run the User Access Report in
version 8.9 that is under BOR Menus > BOR Utilities > BOR
Security > User Access Report.
• This report will need to be run prior to UAT and right before
upgrade cutover.
• Local Security Administrators should review the role
assignments and note where changes are needed for things
such as:
– Role name changes in 9.2
– 8.9 role deletions
– Roles that have been combined with other functionality (Different than in 8.9).
How to Prepare for the Upgrade
• Prior to UAT, each local security administrator will be
responsible for attending a training session as well as
configuring their users within the UAT environment.
• It is the plan to extract users and their security from this
UAT environment to use in Production after cutover.
• It is very important that a thorough review of access/user
preferences, commitment control security, documentations,
and approvals is completed (especially for AUDIT Purposes)!
After the Upgrade
• Audit 2015 will be right around the corner.
– Current User Access will be KEY this year.
– Terminated user cleanup is still critical.
– Review all unlocked accounts to ensure they migrated over correctly
from UAT.
– Remember segregation of duties during the review.
– Local Security Admin accounts will be forced to reset their password
every 90 days instead of 180.
– Commitment Control security needs to be reviewed as part of the
controls.
• Any access issue can be addressed via a helpdesk ticket to
ITS.
Security Modifications
• There are several modifications that are being dropped for security in 9.2
• The first two relate to updating a cross reference table dealing with multicampus users.
• What does this mean to you?
• When Security Administrators are terminating a user, it is very important to
populate the User ID Alias field with OPRID-EMPLID.
Security Modifications Cont’d
• Then on the ID tab, in the ID Type field, select None. Save.
This will eliminate MOST of the multi campus user issues you
encounter!
Security Modifications Cont’d
• This Save Approver ID page will no longer be available in 9.2
Security Modifications Cont’d
• The Role User Access Report and the User Access Report will no
longer be delivered in 9.2 as there are other queries that can be run
to replace the reports.
• PT_SEC_USER_PAGE
• PT_SEC_ROLE_PAGES
Training & Documentation
• Online Security Training
http://www.usg.edu/gafirst-fin/training/archives
• Security Guides & Documentation
http://www.usg.edu/gafirstfin/documentation/category/security
Questions?
Thank you for attending!
University System of Georgia
Information Technology Services