Oregon University System

Oregon University System Logo

OUS

 

10.05 Banner & Data Warehouse User Access

10.05 Banner & Data Warehouse User Access, Chancellor's Office Business Policies & Procedures

Purpose:

To establish policies and procedures associated with access to the Chancellor's Office production instances (CHPS and OWAG) of the Financial Information System (FIS) and Human Resources Information System (HRIS) as well as the Data Warehouses for FIS and HRIS.

Policy:

When an employee's duties and responsibilities require access to Banner FIS, Banner HRIS, and/or the Data Warehouse(s), the following procedures will be used to gain access or to change existing access. In addition, when an employee's duties and responsibilities change to no longer require access to these systems, the procedures included below will be used to terminate access.

Index:

  1. Procedures for New Users
  2. Procedures for Changes to Access
  3. Procedures for Termination of Access
  4. Review/Monitoring Procedures
  5. Database Authorizers

  1. Procedures for New Users:
    1. The Department Head or department staff complete the appropriate access request form. (See links to access request forms under 'Forms' near the bottom of this policy.)
    2. The Department Head approves the request and sends it to the Security Administrator in the Controller's Division.
    3. The Security Administrator approves the request if:
      1. the necessary authorizations have been submitted (see approvals required on the form),
      2. the user is scheduled to receive FIS or HRIS training and/or Data Warehouse training, if applicable (as identified by the user on the request form). Note: If applicable, continued access is contingent upon completion of training, and
      3. the user has provided the Controller's Division with a completed Security and Confidentiality - Administrative Computer Systems form.
    4. The Security Administrator sets up the requested access, provides necessary login information to the employee, and notified Enterprise Technology Services (ETS) of hardware and/or software needs.
    5. The Security Administrator files the completed request in the Controller's Division Banner security archive files.
  2. Procedures for Changes to Access:
    1. The Department Head submits a written request, to include an explanation of the business need, to the Security Administrator to change employee's access.
    2. The Security Administrator approves the request if the necessary authorizations have been submitted (see section E below for a list of database authorizers).
    3. The Security Administrator sets up the requested access, notifies the employee, and notifies ETS of hardware and/or software needs.
    4. The Security Administrator files the documentation for the access change in the Controller's Division Banner security archive files.
  3. Procedures for Termination of Access:
    1. When an employee's duties and responsibilities change to no longer require certain access, the employee and/or the employee's supervisor should notify the Security Administrator.
    2. Human Resources notifies the Security Administrator when an employee is terminating employment with the Chancellor's Office.
    3. The Security Administrator will terminate the access no longer needed, according to the time frame provided in the notice.
    4. The Security Administrator will notify the supervisor that the access has been removed.
    5. The Security Administrator files the documentation in the Controller's Division Banner security archive files.
  4. Review/Monitoring Procedures
    1. Periodically (at a minimum, annually), the Security Administrator and Business Services will review user access based upon business need and proper segregation of duties.
    2. Ninety days following the granting of access, the Security Administrator verifies that individuals requiring training for additional access have received that training.
    3. Periodically (at a minimum, annually), the Security Administrator will review access to Chancellor's Office data held by non-Chancellor's Office employees. Campus Security Officers will be asked to indicate whether or not the access is still required.
  5. Database Authorizers: The following list provides the individual responsible for authorizing access to the database:

 Data Warehouses:

BudgetMart*

Manager of Central Budget

FIS Aggregate

Management Information Systems

HRIS Aggregate

Controller

HRIS Chart K

Manager of Business Services

Payroll Aggregate

Payroll Operations Manager

Other Charts

*

* Access to campus-specific charts (other than chart K) is authorized by a campus designee(s).

Banner FIS

Manager of Business Services

Banner HRIS

Manager of Business Services

Banner OWAG

Manager of Business Services

Forms:

Definitions:

See 01.10 Definitions

History:

12/22/04 Policy issued (These policies and procedures replace the Chancellor's Office FIS Security and Approvals Policy dated 1/6/96). Last Updated: 10/29/07