Departmental Security Administrator DSA Training Part 1

1
Departmental Security Administrator (DSA)
TrainingPart 1

• Dan Rinkert
• drinkert_at_ucsd.edu
• x41005

2
What Youll Get From This Training Series
a Ability to Set-up and Maintain Your
Departments Access to UCSD Core Business Systems
Through AccessLink TNG

• Ability to Set-up and Maintain Your Departments
  Access to UCSD Core Business Systems Through
  AccessLink TNG

a Ability to Set-up and Maintain Your
Departments IFIS Approval Hierarchies Supporting
its Ability to Transact Financially
a Ability to Set-up and Maintain Your
Departments PAN Reviewers within PPS
3
(No Transcript)
4
https//altng.ucsd.edu
5
(No Transcript)
6
ALTNG does not display fields when there is no
data
7
(No Transcript)
8
Tabs Are Not Displayed When There Is No Data
No Tabs means that this individual has not yet
self-registered
9
(No Transcript)
10
(No Transcript)
11
When Someone Transfers into Your Department
Watch out for former depts account
12
Create additional mainframe account

• Pick a Department from your DSA list
• Available prefixes for that dept show up, pick
  one
• Default RACF Group should be ok
• Option of sending email to inform user of new
  account
• Takes overnight to show up in your list, but
  account is active and available for access
  requests immediately

13
How to Handle Multiple Accounts
You can check for multiple userids within the
Facility or RACF tabs of ALTTNG
Make sure you update the correct account
Make sure user logs on with the correct account
for your department and not with their email
address.
14
Temporary Employment Services
TES employees often have more than one account
PERxxx userid
Dept code 000167
Please remember to terminate your departmental
account upon completion of their assignment
15
Become Familiar with the People in Your
Department
16
(No Transcript)
17
(No Transcript)
18
from your deptnot into
19
Monthly Email to DSAs
20
(No Transcript)
21
(No Transcript)
22
(No Transcript)
23
Step 1
User Self-Registers
MyLeaveBalances
MyDirectory, Etc
Step 2
AccessLinkTNG Action by DSA
Core Business Systems
IFIS, ISIS, PPS, FinancialLink
24
Attempts to reduce the number of passwords you
need to remember
Once you sign in, you dont have to sign in again
until you sign out, remain idle for a period of
time or close the browser
Accepts either your email address or userid
25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28
(No Transcript)
29
If SSO Does Not Appear to be Functioning Properly
30
and sometimes when you cant get to what you want
clear the cache cookies in your web browser
close re-open your web browser
make sure that only one window of the browser is
open
31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
(No Transcript)
35
(No Transcript)
36
UCSD Core Transactional Systems

• IBM Mainframe (Enterprise Server)
• Student Data
• Maintained within ISIS
• Financial Data
• Maintained within IFIS
• Payroll/Personnel Data
• Maintained within PPS

37
ISISIntegrated StudentInformation System
Facilities
Organization Structure
Course Catalog
Course Schedule
Housing
General Person (student)
Registration
Accounts Receivable
Grades
Admissions Recruiting
Faculty Staff
Academic History
Communications
Degree Audit
38
IFISIntegrated FinancialInformation System
Modules
Travel Accounting
Accounts Payable
Accounts Receivable
Budget/ Staffing
Express Order
Purchasing
Utilities
General Accounting
Person/ Entity
39
PPSPayroll/Personnel System
PAN Subsystem
Central Office Inquiry
EDB entry/ update
Payroll/ Personnel Employee Data Base (EDB)
Document to Employees
Departmental Inquiry
Employee History
40
UCSD Core Transactional Systems Data Warehouse

• ACT Mainframe (Enterprise Server)
• Student Data
• Maintained within ISIS
• Financial Data
• Maintained within IFIS
• Payroll/Personnel Data
• Maintained within PPS
• Administrative Data Is Warehoused In
• DB2 Data Warehouse (formerly DARWIN SQL-DSE)

41
FinancialLinkReports
TritonLinkReports
EmployeeLinkReports
DB2 Data Warehouse
IFIS
ISIS
PPS
42
DB2 DATA WAREHOUSE(formerly DARWIN SQL-DSE)
IBM Mainframe Computer
IFIS
ISIS
PPS
DB2 Data Warehouse
Re-engineered Structures SQL Server
Data About The Data Relational Database
Desktop Computer Data Query Link
Applications Data Download
43
For SQL access. Not required for Link Family or
Queries
See http//datalink.ucsd.edu for greater detail
Users can initiate this for themselves
44
Generic Departmental Accounts
GAOzzz
https//altng.ucsd.edu/extras/genericAccounts.html
45
Security Roles
Data Stewards
Department Management
ACT Security Administration
ACT CORE DATA
DSA
Audit and ManagementAdvisory Services
Campus Central Offices
Employees Using Core Data
46
Ensuring Core Data Access and Security
Data Stewards
Department Management
ACT Security Administration
ACT CORE DATA
DSA
Audit and ManagementAdvisory Services
Campus Central Offices
Employees Using Core Data
47
DepartmentManagement

• Appoints DSA (s)
• Decides which employees need access to core data
• Instructs DSA to obtain access
• When employee job responsibilities change,
  reviews access needs
• Assigns signature authorization to employees who
  prepare, approve or review IFIS and PPS documents
• Gives DSA written approval hierarchy and PPS
  instructions
• Ensures that DSA performs all required tasks
• Handles data security violations reported by DSA

48
(No Transcript)
49
DepartmentalSecurityAdministrator
(DSA)Appointment Form
50
How Authority to Commit University Funds for
Expenditures is Delegated
Chancellor
Vice Chancellor
Department Head/ Chair
51
Department Heads Re-delegate Signature
Authorization to Department Final Approvers
Dept. Head/Chair/ MSO or Admin. Officer above
MSO level
Employee 1 Final department approver for
Travel documents
Employee 2 Final department approver for
Purchasing documents
52
(No Transcript)
53
(No Transcript)
54
(No Transcript)
55
Ensuring Core Data Access and Security
DSA
Department Management
ACT Security Administration
ACT CORE DATA
Data Stewards
Audit and ManagementAdvisory Services
Campus Central Offices
Employees Using Core Data
56
Roles of the DSA

• Acts as ACT Security Administration contact for
  the department
• Informs employees about self registration.
  May resolve problems so employee can
  self-register.
• Assigns appropriate access within AccessLinkTNG
• May reset an employees userid when an employee
  cannot.
• Terminates an employees userid.
• Answers employee questions about core data,
  systems, training, data security, and logon
  procedures
• Sets up, updates and deletes userids from IFIS
  approval hierarchies and PPS notification screens

57
(No Transcript)
58
(No Transcript)
59
(No Transcript)
60
(No Transcript)
61
(No Transcript)
62
Self Service
63
is dependent upon the persons email being able
to receive official campus communications
must have an Active Payroll status
64
Become Familiar with How People Get Email in Your
Department
65
ALEN
http//www.ucsd.edu/directory/finger
66
(No Transcript)
67
Justification Comments
68
Self Service
69
(No Transcript)
70
(No Transcript)
71
Resume account DEVDFR
72
Account Termination

• Account Revoked
• DB2 access revoked
• All Facility values revoked NO WORKFLOW
• Automatic entry of Termination request Visible
  at ALTNG Extras Utilities
• Still needs to have final processing from ACT
  before account is removed

Please dont to go to Facility or DB2 Tab areas
to revoke access
73
(No Transcript)
74
(No Transcript)
75
(No Transcript)
76
(No Transcript)
77
ALTNG Utilities
78

• Enter an account to see the mainframe application
  accesses.
• Each template or group can be clicked to see
  screen or dept code detail.

79
STUDENT WORKERS
80
Please Do Not Request Student access for Student
Workers
81
FACULTY
82
Faculty are typicallynot granted access to ISIS
Grant Faculty Access to WWW TritonLink
83
Does TNG permit a DSA to make Facility assignment
to themselves?
Yes, but it requires an alternate DSA to approve
it
84
Data Security Violations

• Employee using another employees userid
• Userid not terminated after employee left the
  department
• Passwords written down or shared
• No computer/information use and security
  statement signed by employee
• Downloaded restricted data not properly protected
  or stored
• No delegations of signature authority forms on
  file
• On-line approval hierarchies or PPS setup does
  not match written instructions
• Information not accessed for legitimate
  University business

85
(No Transcript)
86
Available within ALTNG Common Forms
87
Responsibilities for Handling Private Data

• Use and Share the Data Only for Business Purposes
• Protect the Data from Unauthorized Physical or
  Electronic Access (eg locks, passwords)
• Do Not Keep Private Data Unless Required for
  Conducting University Business
• Use Email and Data Responsibly
• Comply with University Policies and Federal
  State Regulations

88

• http//blink.ucsd.edu/go/identitytheft

89
Working from Home
90
Ensuring Core DataAccess and Security
DSA
Department Management
ACT Security Administration
ACT CORE DATA
Data Stewards
Audit and ManagementAdvisory Services
Campus Central Offices
Employees Using Core Data
91
ACT Security Administration

• Processes DSA appointment forms
• Processes ALTNG workflow
• Answers DSA questions about ALTNG, Core
  Business Systems , and Data access and security
• Sets up special access to Core Systems Data per
  Data Steward instructions

Everett Stauffer estauffer_at_ucsd.edu
Ron Campnell rcampnell_at_ucsd.edu
92
Ensuring Core Data Access and Security
DSA
Department Management
ACT Security Administration
ACT CORE DATA
Data Stewards
Audit and ManagementAdvisory Services
Campus Central Offices
Employees Using Core Data
93
Audit and Management Advisory Services

• Conduct department audits to ensure compliance
  with university policies
• Investigate Core Data access and security
  violations
• Sometimes referred to as Campus Audit

94
Ensuring Core Data Access and Security
DSA
Department Management
ACT Security Administration
ACT CORE DATA
Data Stewards
Audit and ManagementAdvisory Services
Campus Central Offices
Employees Using Core Data
95
Employees Using Core Data

• Self-Register
• Reset their own Password
• Read and Sign the Computer/Information Use and
  Security Statement
• Understand and Follow University Policies for
  Core Data Access, Use and Security
• Review Information About Security
• Computer Security Basics Online Training
• Find Departments DSA
• If needed, request Business Systems access from
  DSA

96
Self Service
97
(No Transcript)
98
Available within ALTNG Common Forms
99
Employees Using Core Data
100
(No Transcript)
101
(No Transcript)
102
(No Transcript)
103
UCSD Information Systems Rights and
Responsibilities
104
Ensuring Core Business System Data Access and
Security
DSA
Department Management
ACT Security Administration
ACT CORE DATA
Data Stewards
Audit and ManagementAdvisory Services
Campus Central Offices
Employees Using Core Data
105
Campus Central Offices

• Train employees to use core Business Systems and
  core Business Systems data
• Provide a help desk for the business functions

106
(No Transcript)
107
Ensuring Core Data Access and Security
DSA
Department Management
ACT Security Administration
ACT CORE DATA
Data Stewards
Audit and ManagementAdvisory Services
Campus Central Offices
Employees Using Core Data
108
(No Transcript)
109
(No Transcript)
110
MyAffiliates
AFFxxx Account
111

MarketPlace
Sponsored individuals can now sign up for Staff
Ed classes when they are not a UCSD employee.
112
Step 1 Set-up MyAffiliates Administrator(s)
113
Step 2 Attempt to Find the Individual
https//a4.ucsd.edu/myaffiliates/ap
114
(No Transcript)
115
(No Transcript)
116
(No Transcript)
117
(No Transcript)
118
(No Transcript)
119
(No Transcript)
120
MyAffiliates Example in ALTNG
121
(No Transcript)
122
What if my affiliate needs access to the central
business systems?
123
(No Transcript)
124
Academic Personnel On-line
Dawn Reser Academic Personnel
Office
125
ALTNGWhat Else is Coming?

• COEUS 4 (Pre-awards)
• Content Management System (CMS)
• Campus Asset Management System (CAMS)

126
ALTNG
127
ALTNG
128
Access By Roles
http//physics.ucsd.edu/kandrews/Roles/Overview.h
tm