Enterprise Application Systems Access Privileges

advertisement
ADMINISTRATIVE PROCEDURE MANUAL
SECTION TITLE
NUMBER
ENTERPRISE APPLICATION SYSTEMS ACCESS PRIVILEGES
BASED ON BOARD OF TRUSTEES’ RULE AND TITLE
6Hx7-7.1 Technology
PAGE
07-0102
1 OF 3
DATE REVISED
July 23, 2015
Purpose
The purpose of this procedure is to describe the processes associated with the assignment of access
privileges (security) required for the use of college enterprise application systems.
Description
A. Enterprise application systems are secured by a three-level security architecture, which includes:
1. College Computing Services Account
2. System-level Access (Enterprise Resource Planning (ERP) Main Menu) PeopleSoftTM
3. Application (module) Access (ERP Module Access)
B. Access privileges may only be granted to current college employees and authorized contractors.
C. Access to the College’s enterprise application systems (including ERP) is available only to those who
have been provided access privileges by the appropriate system owner (also known as user group
manager).
Procedure
A. New Employees and Contractors – College Staff Computing Services Account
1. New employees may be granted a college staff computing services account through the employee
portal account request system by request of the position supervisor, or designee.
2. Contracted services staff (contractors) may be granted a college staff computing services account
through the employee portal account request system by request of the contractor’s college
manager/supervisor. Contractors are defined as non-college employees engaged through an
executed agreement, which may include successfully passing a criminal history record check as
outlined in APM 03-0314, Criminal History Record.
B. Enterprise System-level Access
1. Once a college staff computing services account has been activated and the position supervisor, or
designee, has determined that the employee or contractor requires specific enterprise application
system access as part of their assigned duties, roles and responsibilities (as noted in the approved
College job description or contract agreement), a request for system-level access may be submitted
through the System-level Access Request System in the employee portal.
ADMINISTRATIVE PROCEDURE MANUAL
SECTION TITLE
NUMBER
ENTERPRISE APPLICATION SYSTEMS ACCESS PRIVILEGES
BASED ON BOARD OF TRUSTEES’ RULE AND TITLE
PAGE
07-0102
2 OF 3
DATE REVISED
6Hx7-7.1 Technology
July 23, 2015
C. Application (Module) Access
1. Access to application modules is granted and managed by System Owners through their
designated security group, as follows:
System
Facilities
Finance
Financial Aid
HR/Payroll/Instructor Resource
Management (IRM)
Student
System Owner
Executive Director, Facilities Management &
Construction
Controller
Director of Financial Aid
Chief Human Resource Officer (CHRO)
Registrar
2. The designated System Owners (User Group Managers) are responsible for the development and
management of processes dealing with the provisioning of user application (module) access. The
Executive Director, Enterprise Applications is responsible for review and certification of system
owner authorization approval processes. Upon request by an employee’s (or contractor’s) position
supervisor, the User Group Manager assesses the appropriateness of an access request and may
grant the requested application user access privileges.
3. System Owners are required to review user access privileges on a regular basis by reviewing and
emailing College Information Technology Services (CITS) certifying that the additions, deletions
and currently granted access is required for assigned position duties. A separate report will be sent
by CITS to the appropriate System Owner for review and reauthorization of security group
membership. Audit review reports reviewed by System Owners will be retained in CITS.
D. Account Access Changes
1. Once the Information Technology account management team is notified by the Office of Human
Resources that an employee or contractor has been transferred or separated from employment,
their system-level and application (module) level access will be removed. Employees and
contractors whose role with the College has been terminated will have their college computing
staff account disabled, removing access to all systems. All renewed account access is granted
through the same process as new account creation. Position supervisors must request access for
transferred/reassigned employees or contractors.
2. Use of all account access privileges must conform to the College’s approved “User Agreement”
and enterprise application security practices as published in the Technology Department Policies
& Procedures “ERP Applications Security”.
ADMINISTRATIVE PROCEDURE MANUAL
SECTION TITLE
ENTERPRISE APPLICATION SYSTEMS ACCESS PRIVILEGES
BASED ON BOARD OF TRUSTEES’ RULE AND TITLE
6Hx7-7.1 Technology
REFERENCES: F.S. 1001.64, SBE Rule 6A-14.0261
Adopted Date: February 26, 2013
Revision Date: July 23, 2015
NUMBER
PAGE
07-0102
3 OF 3
DATE REVISED
July 23, 2015
Download