10.10 Access to University Administrative Systems (REVISED 11/8/16)

DESCRIPTION

Wayne State’s administrative computer systems contain the official information the University uses to conduct business. These systems include: Advance, Banner (Finance, Financial Aid, Human Resources (HR), and Student); Reporting/Business Intelligence (Cognos, Operational Data Store (ODS), and Enterprise Data Warehouse (EDW)); Document Management and Workflow; SMARTi, STARS and WayneBuy. For an overview of each administrative system, visit the Computing & Information Technology (C&IT) website computing.wayne.edu/.

 Access to administrative systems is restricted to authorized users, and is managed by a controlled business process.

TERM(S)/DEFINITION(S)

AccessID

The "user name" associated with WSU administrative systems. An AccessID is issued to all WSU students, faculty and staff by C&IT upon completion of required transactions by schools, colleges or divisions. An AccessID permits access to a broad range of Wayne State’s IT systems and services.

Administrative Systems Access Request Form

A form used to request system access and data level security for Wayne State’s administrative computer systems. Access Request Forms are located on the C&IT website.

Business Affairs Officer (BAO)

The authorizer of security requests for System Users within a School, College, or Division (S/C/D).  For access to Banner HR or Finance systems, the BAO is the final approver; Data Trustees approve access requests for all other systems.

System User

The individual using the administrative system. He/she may or may not be an employee of the University. For systems that require authorization to use (e.g. Banner), non-employee system users must have a Guest AccessID. System Users must receive proper authorization to access an administrative system. In addition, the Data Level Security must be authorized and approved for access to the Banner HR and Finance systems.

Data Level Security

An additional level of restriction for Banner HR and Finance systems, which limits access to data within a particular School, College, or Division. For example, Data Level Security is used for human resource organization levels, finance organization levels, finance approval queues and finance rule codes.

Data Trustee

Represents the division or department that is responsible for the data contained in a WSU administrative system. The Data Trustee (or his/her delegate) reviews and approves Administrative Systems Access Request Forms.

System Security Administrator

Staff members within the C&IT Access & Identity Management Office that are responsible for processing authorized and approved Administrative Systems Access Request Forms.

POLICY

System Users can access, reference, or otherwise use administrative system data for University business only in accordance with Wayne State’s policy on the Acceptable Use of Information Technology Resources, as described in University Policy 00-1. Some systems require the System User to acknowledge additional responsibilities.

Access to the university’s administrative systems must be authorized by the business affairs officer (BAO) or the Data Trustee. This authorization consists of an e-mailed Administrative Systems Access Request Form from the BAO or data trustee to the C&IT Access & Identity Management Office. Authorized and approved Access Request Forms are processed by the C&IT Access & Identity Management Office.

 NOTE: when a System User no longer requires access to an administrative system (due to a change in job, termination, etc.), the BAO (or his/her delegate) must immediately contact the C&IT Access & Identity Management Office and request that the System User’s access be removed by emailing security@lists.wayne.edu.

PROCEDURES

TO ADD OR CHANGE ACCESS

RESPONSIBILITY

ACTION

System User’s Direct Supervisor

  1. Obtain an Administrative Systems Access Request Form from the C&IT website.
  2. Complete all sections of the form by electronically updating the document.
  3. For Banner Student access, obtain and sign a Code of Responsibility form.
  4. Forward completed form(s) to the BAO for authorization.

Business Affairs Officer

  1. Review the Access Request Form and authorize for processing.
    1. If no changes are required, email the approved form to the appropriate location.
    2. If changes are required, note changes and email the approved form to the appropriate location. 
  2. If a Data Trustee’s pre-approval is needed, email the form to the Data Trustee defined on the Administrative Systems Access Request Form. For access to Banner Student, a signed Code of Responsibility must be included.
  3. For all other access, email the approved form to security@lists.wayne.edu.

Data Trustee

  1. Approve or deny the request.
    1. If approved, forward the Administrative Systems Access Request Form to the C&IT Access & Identity Management Office with an indication that the request has been approved.
    2. If denied, email the BAO and other appropriate parties that access was denied. 

System Security Administrator

  1. Validate that the AccessID of the applicant is correctly identified on the Access Request form.
  2. Validate that the approved Administrative Systems Access Request Form came from an authorized Data Trustee or BAO.
  3. Implement appropriate system access.
  4. Forward requests requiring Data Level Security to the appropriate Data Trustee for final processing.
  5. Notify the BAO and Data Trustee by email that the request has been processed.
  6. Notify the applicant that the request has been processed. If appropriate, provide system access instructions for the administrative system.

Data Trustee

  1. If Data Level Security is needed, apply the appropriate coding for the given user.
  2. Notify the BAO and the System User that the coding has been applied and system can now be used.

TO REMOVE ACCESS

RESPONSIBILITY

ACTION

Business Affairs Officer

  1. Send an email to the C&IT Access & Identity Management Office with the name and AccessID of the System User.

System Security Administrator

  1. Validate that the request originated from an authorized BAO.
  2. Validate that the name and AccessID of the System User match.
  3. Remove the System User’s access to administrative systems.
  4. Send confirmation email to the requesting BAO and the appropriate Data Trustee(s).
Data Trustee
  1. Validate that the request originated from the System Security Administrator.
  2. Remove the System User’s Data Level Security, as appropriate.
  3. Send confirmation email to the requesting BAO.

SCOPE

This policy applies to all WSU administrative systems users.