• No results found

Business Intelligence & Reporting. Application Access Procedures

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Business Intelligence & Reporting. Application Access Procedures"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Business Intelligence & Reporting

Application Access Procedures

(2)

DOCUMENT CONTROL

DOCUMENT REFERENCE

File Name: UTD Business Intelligence & Reporting - Application Access Procedures

VERSION CONTROL

All revisions made to this document are listed below in chronological order.

Version Date Author(s) Notes

1.0 8/15/12 Michael Winship Original Draft

1.2 8/30/12 Charles Yorek Updated Draft

1.2 8/30/12 Steven Jestis Version 1.2 Approved

1.3 9/13/12 Charles Yorek Incorporated revisions provided by Dr. Sue Taylor

1.3 9/26/12 Dr. Sue Taylor Version 1.3 approved

1.3 10/2/12 Dr. Andrew

Blanchard Version 1.3 approved

1.4 1/03/13 Michael Winship Revised “DATA & SYSTEM OWNERS” & “PROCEDURES FOR MONITORING/REVIEWING EMPLOYEE FUNCTIONAL & TECHNICAL ACCESS:”

(3)

CONTENTS

Document Reference ... 1

Version Control ... 1

Introduction ... 3

Application Governed by Procedures ... 3

Access Granting Standards ... 3

Access Control ... 3

Separation of Duties ... 3

Access Review ... 3

Modifying Access ... 3

Data & System Approvers ... 4

Procedures ... 4

Procedure Listing ... 5

Procedures for New/Rehire Employee Access: ... 5

Procedures for Modifying Existing Employee Access: ... 5

Procedures for Terminating Employee Access: ... 6

Procedures for Monitoring/Reviewing Employee Functional & Technical Access: ... 6

Forms ... 7

Forms ... 7

OBIEE Access Request Form... 7

Functional & Technical Roles Descriptions ... 7

References ... 8

(4)

INTRODUCTION

This procedure provides information for how members of the University community can request and be authorized for access to the systems and data, needed to perform their jobs, as it pertains to business intelligence and

reporting.

When an employee's duties and responsibilities require access to UTD analytics and reporting, this access can be obtained by requesting access. The following procedures will be used to gain access to, or to change existing access to, the analytics and reporting environment. In addition, when an employee's duties and responsibilities change to no longer require access to these systems, the procedures below will be used to terminate access.

APPLICATION GOVERNED BY PROCEDURES

• Oracle Business Intelligence Enterprise Edition (OBIEE)

ACCESS GRANTING STANDARDS

ACCESS CONTROL

For enterprise applications that access or store protected data, authentication controls must be implemented, must be unique to each individual, and may not be shared.

SEPARATION OF DUTIES

When assigning job responsibilities, requiring restricted or essential resources, principles for separation of duties must be followed. UTD maintains a proper level of separation of duties when issuing credentials to individuals who have access to campus information containing protected data. UTD avoids issuing credentials that allow a user greater access, or more authority over institutional data, than is required by the employee’s job duties and responsibilities.

ACCESS REVIEW

The Business Intelligence & Reporting group has developed procedures to detect unauthorized access and privileges assigned to authorized users that exceed the required access rights needed to perform their job

functions using the OBIEE System & Reports. Appropriate campus managers and data owners must review, at least quarterly, a user’s access rights to enterprise systems containing protected data.

MODIFYING ACCESS

Modifications to user access privileges for OBIEE will be tracked and logged as stated in the Procedures for Modifying Existing Employee Access. In the event that a user’s employment status changes (e.g. a position change) their access rights shall be reviewed by their management, and if necessary, modified or revoked.

(5)

DATA & SYSTEM APPROVERS

Role Responsible Authority

Financial Management System Approver(s): • Accounting & Financial Reporting

Vice President for Budget and Finance Budget and Finance

972-883-4538

Office - AD 2.412 / Mailstop – AD31 Human Capital Management Approver(s):

• Human Resources Management

Assistant VP Human Resources Human Resources Management 972-883-2130

Office - AD 2.208 / Mailstop - AD10 Campus Solutions Data Approver(s):

• Campus Solutions

Vice Provost Enrollment Management Enrollment Management

972-883-4041

Office - SSB 1.310 / Mailstop - SSB12 EPM Portal Access Reports Approver:

• PeopleSoft Access

Manager PeopleSoft Access IR - EAS

972-883-6673

Office - ROC 2.200 / Mailstop - ROC20

PROCEDURES

The procedures listed below are specific for requesting, modifying, suspending, or terminating access to the OBIEE System & Reports.

It is the responsibility of the Department Head to create, approve, or request access to the OBIEE System & Reports. If the Department Head has delegated the approval responsibilities to a Trusted Requestor, then this list of Trusted Requestors must be kept up-to-date with the PeopleSoft Access Control group.

When requesting access to system data that is not associated to the requesting department, approvals are required from the appropriate parties as stated in the UTD Business Intelligence & Reporting – Application Access Guidelines. Any failure to meet these approvals will result in non-compliance, and the request for access to the system data will not be processed. Approvals can be submitted to the PeopleSoft Access Control group in multiple formats including, but not limited to: a comment in the associated JIRA, under the PeopleSoft Security (PSEC) project, created for the request (this is the preferred method), the OBIEE Access Request Form, or in an email to the PeopleSoft Access Control group.

All requests to the OBIEE System & Reports will be submitted using the OBIEE Access Request Form (OARF) with additional information submitted on the Computer Access Request (CAR) form1. The Functional/Technical Roles Description document can be used in reference for the descriptions of each Functional & Technical Roles listed in

1 Under the “Additional Information/Other” text box, specify the employee will need access to OBIEE with the other additional requests.

(6)

the OARF. (See links to the OARF and Functional & Technical Roles Descriptions under the “Forms/Instructions” section.)

• Functional Roles – Roles defining what data an employee can see within the UTD OBIEE System & Reports. • Technical Roles – Roles defining what an employee can do within the UTD OBIEE System & Reports. Note: The procedures below are outlined as if a Department Head has delegated the approval process to a Trusted Requestor. If a Trusted Requestor has not been assigned, then the following procedures are still applicable, but the Department Head is the approver.

PROCEDURE LISTING

• Procedures for New/Rehire Employee Access

• Procedures for Modifying Existing Employee Access

• Procedures for Suspending/Terminating Employee Access

• Procedures for Monitoring/Reviewing Employee Functional & Technical Access

PROCEDURES FOR NEW/REHIRE EMPLOYEE ACCESS:

• The user must request access using the following procedure:

o Complete the OBIEE Access Request Form (OARF) and specify New/Rehire Employee Access. (Check Box on the OARF).

o Submit the OARF to the PeopleSoft Access Team via on of the following methods:

 Open a JIRA Ticket under the PSEC project in the JIRA System and attach the OARF, or  Email [email protected] and attach the OARF.

• The PeopleSoft Access Team completes the request if:

o The necessary authorizations are given to complete the request.

o The Trusted Requestor provides the necessary authorizations to complete the request, and the authorization is attached to the PSEC request by one of the following methods:

 Email approval to PeopleSoft Access Team saved and attached to the PSEC request

 JIRA Update of PSEC request from the Trusted Requestor authorizing the access request, or  Signature on OARF form scanned and attached to the PSEC Request

• The PeopleSoft Access Team will set up the requested access, close the PSEC, and notify the user. o The OARF attached to the PSEC will remain on the specific PSEC for documentation purposes.

PROCEDURES FOR MODIFYING EXISTING EMPLOYEE ACCESS:

• The user must request access using the following procedure:

o Complete the OBIEE Access Request Form (OARF) and specify Modify Existing Employee Access. (Check Box on the OARF).

o Submit the OARF to the PeopleSoft Access Team via one of the following methods:  Open a JIRA Ticket under the PSEC project in the JIRA System and attach the OARF, or  Email [email protected] and attach the OARF.

(7)

o The necessary authorizations are given to complete the request.

o The Trusted Requestor provides the necessary authorizations to complete the request, and the authorization is attached to the PSEC request by one of the following methods:

 Email approval to PeopleSoft Access Team, saved and attached to the PSEC request  JIRA Update of PSEC request from the Trusted Requestor authorizing the access request, or  Signature on OARF form scanned and attached to the PSEC Request

• The PeopleSoft Access Team will set up the requested access, close the PSEC, and notify the user. o The OARF attached to the PSEC will remain on the specific PSEC for documentation purposes.

PROCEDURES FOR TERMINATING EMPLOYEE ACCESS:

• Terminating access is handled by completing the standard University Check Out Form. Additional information can be found at: http://www.utdallas.edu/infosecurity/CAR_UAAF_CheckOut.html

PROCEDURES FOR MONITORING/REVIEWING EMPLOYEE FUNCTIONAL & TECHNICAL

ACCESS:

• Periodically (quarterly), the Trusted Requestor and/or PeopleSoft Access Team MUST review user access based upon business need and proper segregation of duties.

• Reviewing or monitoring will be completed by one of the following methods:

o The Trusted Requestor will review the Functional & Technical Access quarterly report that will be sent out automatically by the PeopleSoft Access team.

o The Trusted Requestor can use the EPM Portal Access Reports.

 When requesting access to the EPM Portal reports the Trusted Requestor is responsible for adhering to the procedures under “New/Rehire Employee Access”, “Modifying Existing Employee Access”, or “Terminating Employee Access” section(s).

 The Trusted Requestor must complete the OARF and specify EPM Portal Reports Access. (Check Box on the OARF)

 Module Owner approval is mandatory for access requests and the Trusted Requestor will have to get approval from the PeopleSoft Access Manager.

• When discrepancies are identified and changes are needed, the Trusted Requestor is responsible for adhering to the procedures under the “Modifying Existing Employee Access” section, for requesting changes to an employee’s Functional & Technical Roles.

(8)

FORMS

The form(s) listed below are only specific for obtaining access to the OBIEE System & Reports

FORMS

All forms listed below are subject to change. Please check the University’s Forms web page for the newest versions of the forms and description document.

OBIEE ACCESS REQUEST FORM

The OBIEE Access Request Form (OARF) is used to request or modify access to the OBIEE System & Reports. The OARF is for all reports generated from enterprise and auxiliary applications which OBIEE can access. This includes, but is not limited to, the EPM environment (which contains Financial Management System (FMS), Human Capital Management (HCM), Campus Solutions System (CS), and Portal data).

If you have any questions about filling out this form please contact the PeopleSoft Access Team by opening a JIRA under the PSEC project, or email [email protected].

• OBIEE Access Request Form

FUNCTIONAL & TECHNICAL ROLES DESCRIPTIONS

The Functional & Technical Roles descriptions can be found at the bottom of the OBIEE Access Request Form under the section “Functional Role & Technical Role Matrix”. The “Functional Role & Technical Role Matrix” is a list of all current Functional & Technical Roles granted access to the OBIEE System & Reports and provides descriptions for each role.

(9)

REFERENCES

• UTD Business Intelligence & Reporting – Application Access Guidelines

• Visit the Information Security Office (ISO) data security web site. You'll find current versions of policies, the "Information Resources Acceptable Use Policy", form instructions, other supportive documentation, and contact information.

• Computer Access Request (CAR Form)

o Information about the use of CAR forms can be found on the ISO Data Security Web site.

• University Access Authorization Form (UAAF)

o Information about the use of UAAF forms can be found on the ISO Data Security Web site.

• UTD Forms Page

• JIRA System

o Once logged into the JIRA system select “Create Issue” in top right-hand corner and select “PeopleSoft Security” for the project.

(10)

PROCEDURES APPROVAL

The purpose of this document is to validate procedures and obtain approval. Validation of procedures is essential to the subsequent steps and overall success of the effort. The approval signatures indicate validation and authorization of procedures.

EAS APPROVALS

BA&R OBIEE Security Procedures Approval

Steven Jestis, Manager Business Intelligence & Reporting Date

OBIEE Application Access Approval.png

Dr. Sue Taylor, AVP/Director Enterprise Application Services Date

OBIEE Application Access Approval.png

References

Download now ( PDF - 10 Page - 256.36 KB )

Related documents