Oregon University System

Oregon University System Logo

OUS

 

10.03 Banner Security Classes

10.03 Banner Security Classes, Chancellor's Office Business Practices & Procedures

Purpose:

To establish policies and procedures associated with maintenance of Banner security classes.

Policy:

The Chancellor's Office Security Administrator is responsible for maintaining Banner security classes. A security class is a grouping of objects, based on business roles. Each object within a security class is assigned one of two default roles. The default role allows either query only or maintenance access. An object cannot be assigned both roles within a security class. The following procedures will be used for Banner security class maintenance in the Chancellor's Office production instances of Banner.

Procedures:

  1. As a new object becomes available for use in the Chancellor's Office Banner production instances, Business Services works with the functional manager(s) and the Security Administrator to determine whether or not the object will be used by the Chancellor's Office. If used, the Security Administrator determines the appropriate security class(es) that the object will be assigned to. In some cases, the creation of a new security class is necessary; this evaluation and determination is accomplished by the Security Administrator by doing the following:
    1. Evaluating the purpose of the object,
    2. Considering separation of duties and internal controls for other objects in the class(es),
    3. Consulting the functional manager(s), and
    4. Consulting Business Services
  2. The Security Administrator will update the security class(es) in Banner and will document the purpose for any new security classes that are created.
  3. Business Services will notify relevant users of the availability of the new object and its purpose.

Review Procedures:

Periodically (at a minimum, annually), the Security Administrator and Business Services will review the objects grouped within each security class for appropriateness, based on business role, and will update related documentation.

Definitions:

See 01.10 Definitions

History:

12/22/04 Policy issued Last Updated: 12/22/04