Oregon University System

10.05 Banner & Data Warehouse User Access, Chancellor's Office Business Policies & Procedures

Purpose:

To establish policies and procedures associated with access to the Chancellor's Office production instances (CHPS and OWAG) of the Financial Information System (FIS) and Human Resources Information System (HRIS) as well as the Data Warehouses for FIS and HRIS.

Policy:

When an employee's duties and responsibilities require access to Banner FIS, Banner HRIS, and/or the Data Warehouse(s), the following procedures will be used to gain access or to change existing access. In addition, when an employee's duties and responsibilities change to no longer require access to these systems, the procedures included below will be used to terminate access.

Index:

1. Procedures for New Users
2. Procedures for Changes to Access
3. Procedures for Termination of Access
4. Review/Monitoring Procedures
5. Database Authorizers

• Procedures for Changes to Access:
  1. The Department Head submits a written request, to include an explanation of the business need, to the Security Administrator to change employee's access.
  2. The Security Administrator approves the request if the necessary authorizations have been submitted (see section E below for a list of database authorizers).
  3. The Security Administrator sets up the requested access, notifies the employee, and notifies ETS of hardware and/or software needs.
  4. The Security Administrator files the documentation for the access change in the Controller's Division Banner security archive files.

• Procedures for Termination of Access:
  1. When an employee's duties and responsibilities change to no longer require certain access, the employee and/or the employee's supervisor should notify the Security Administrator.
  2. Human Resources notifies the Security Administrator when an employee is terminating employment with the Chancellor's Office.
  3. The Security Administrator will terminate the access no longer needed, according to the time frame provided in the notice.
  4. The Security Administrator will notify the supervisor that the access has been removed.
  5. The Security Administrator files the documentation in the Controller's Division Banner security archive files.

• Review/Monitoring Procedures
  1. Periodically (at a minimum, annually), the Security Administrator and Business Services will review user access based upon business need and proper segregation of duties.
  2. Ninety days following the granting of access, the Security Administrator verifies that individuals requiring training for additional access have received that training.
  3. Periodically (at a minimum, annually), the Security Administrator will review access to Chancellor's Office data held by non-Chancellor's Office employees. Campus Security Officers will be asked to indicate whether or not the access is still required.

• Database Authorizers: The following list provides the individual responsible for authorizing access to the database:

 Data Warehouses:

* Access to campus-specific charts (other than chart K) is authorized by a campus designee(s).

Forms:

• Security and Confidentiality - Administrative Computer Systems Statement of User Responsibility
• Banner Production Databases:
  • CHPS Banner Instance (FIS & HRIS)
  • OWAG (Inter-Institution Transaction Processing)
• Data Warehouses:
  • Institution's Banner Warehouse
  • OUS Aggregate Warehouse (FIS & HRIS)
  • OWAG (Payroll Aggregate Warehouse)

Definitions:

See 01.10 Definitions

History:

12/22/04 Policy issued (These policies and procedures replace the Chancellor's Office FIS Security and Approvals Policy dated 1/6/96). Last Updated: 10/29/07