User Security Roles
General
Q: I heard the myUFL systems use “role–based
security.” What does that mean?
Q: How is role–based security different
from what we did in the past?
Q: How do I know that I have been assigned
a role?
Q. How do I get a role so I can access a system
in myUFL other than those in My Self Service?
Q: What roles do I need in order to see the
other role–based news pagelets–Faculty News, Staff News or Student
News?
Q: What role do I need to gain access to Enterprise
Reporting?
Q: How do I add, delete or modify a role?
Q: What is the difference between a user security
role and a workflow role?
Q: How do I know if a problem when using the
myUFL systems is related to a user role or the system itself?
Department Security Administrators
Q: What is the role and responsibilities
of a Department Security Administrator (DSA)?
Q: How do I become a Department Security Administrator?
Q: How can I tell which Department IDs have
been assigned to me? And where can I find a complete list of DSAs?
Q: How can I add or remove DeptIDs assigned
to me?
Q: How do I see the people I supervise?
Q: How can I find the Home Department ID for
someone I supervise?
Q: Can a college or department decide not
to let their employees have the self–service functions?
Q: Where can I find a list of common university
functions and the user roles, workflow setups, preferences and reporting
roles required to perform the function?
Q: Where can I get a complete list of roles
and the associated password policies?
Q: What happens when I assign someone role
with password policy of P4 or P5?
Q: How can I learn more about the new password
policies?
Q: What does Rounds 1, 2, and 3 refer to?
Q: How can I find users who are overdue
or close to their certification deadline?
Q: Where do I find which users have saved
or submitted requests in the departments for which I am authorized?
Using the Access Request System
Q: How do I add, remove, or otherwise modify
user roles for an individual?
Q: How do I remove roles for a terminated
employee?
Q: How do I request a role for a non–UF
employee?
Q: How do I assign roles for the legacy systems?
Q: Why did I receive the message “You
are not authorized to access this component” when I tried to add some
roles?
Q: I am attempting to add a new request for
an employee and the system says “Not a Valid UFID”. What am
I doing wrong?
Q: How are role requests processed?
Q: How do I monitor the role requests I have
made?
Q: Are there Enterprise Reporting reports
available for workflow role requests?
Q: I have role requests that are not being
processed and the Pending Role Requests report (in Enterprise Reporting)
does not show the number of days in queue?
Q: Who do I call if I have a problem with
using ARS or Enterprise Reporting?
Assign User Security Roles
Q: What roles are recommended for Enterprise
Reporting?
Q: What role is needed to see job applicants?
Does any type of workflow need to be set up?
Q: What role is needed for the EEO person
Q: What role do I assign for someone who
needs to produce a list of assets and associated information by Department
ID or search for a specific asset?
Q: What roles do I need to assign for a Directory
Coordinator?
I heard the myUFL systems use “role–based
security.” What does that mean?
Role–based security means a user will be authorized to perform a specific
function or task in the myUFL systems (accessible through the myUFL portal) because he or she has a particular role.
The roles you have will determine what menu item(s) or task list(s) you
see when you log on to the myUFL portal. For example, students have the
“student” role and will see the Gator Tickets link in the myUFL
menu whereas faculty and staff will not. Most roles will apply to functional
tasks. For example, employees that are assigned a “payroll processor”
role will see links to payroll functions in their myUFL Menu.
How is role–based security different
from what we did in the past?
Role–based security is fundamentally different from the method of
assigning access rights that was used in the past. In the past, we used
a variety of methods––some ad hoc, some based on affiliation,
some based on job title, etc. Today, if your department assigns you a role
to perform a specific task, your access rights will match everyone else
who has that same role. Role–based security is much more consistent
and manageable.
How do I know that I have been assigned
a role?
In the myUFL portal, you
can verify what roles you have been assigned by using My Account > My
Roles. Everyone who can log into the portal will have at least one role
and usually several. Some roles are automatically assigned based on your
affiliation in the UF Directory and provide access to services through My
Self Service, such as Time Reporting and Travel and Expense. A visual display
of the relationship between the UF Directory and your user security
roles is available on the Bridges Web site > Services > User Security
Roles.
How do I get a role so I can access a system
in myUFL other than those in My Self Service?
Contact your Department Security Administrator (DSA). The current list
of DSAs is available as a link on the My Account > My Roles page in the
portal.
What roles do I need in order to see the
other role–based news pagelets–Faculty News, Staff News or Student
News?
You can add any pagelet to your Custom Tab page. If you do need access to
menu items available only to certain groups to which you don’t belong,
then you need to request the appropriate role via your Department
Security Administrator: UF_PA_FACULTY or UF_PA_STAFF or UF_PA_STUDENT.
For example, WebMail is in My Self Service for students but not staff or
faculty.
If you do belong to the group but don’t see the appropriate Tab page (i.e., you are both a staff member and a student but only have the Student tab), then you need to have your Directory Coordinator fix your relationship in the UF Directory.
What role do I need to gain access to Enterprise
Reporting?
You need the UF_ER_User role but this will contain very limited information.
Most individuals will need additional UF_ER roles based on their job duties.
A complete list of Enterprise Reporting end
user or core user roles is available on the Bridges Web site >
Services > Enterprise Reporting > Additional Resources for DSAs –
or Security > Additional Resources
How do I add, delete or modify a role?
Contact your Department Security Administrator (DSA). The current list
of DSAs is available as a link on the My Account > My Roles page in the
portal.
What is the difference between a user security
role and a workflow role?
Contact your Department Security Administrator (DSA). The current list
of DSAs is available as a link on the My Account > My Roles page in the
portal.
How do I know if a problem when using the
myUFL systems is related to a user role or the system itself?
If you can see the link in your myUFL Menu it is highly likely that you
have the correct role but that your role preferences or workflow setups
are incorrect. Before contacting the DSA to look at your settings, we do
recommend that you first check the Alert Notices for possible system outages or known issues.
Next, contact your Department Security Administrator or designated College Expert to see if they are familiar with your problem.
They will contact the Bridges Liaison for your area if this cannot be resolved
locally. You may also call the UF Help
Desk (392–HELP) and they will assign your ticket to the Security
team or the appropriate functional team (i.e., Finance, HRMS, Portal, and
Reporting). Each functional team is responsible for approving and implementing
the roles, user preferences, and workflow set ups.
Department Security Administrators
What is the role and responsibilities of
a Department Security Administrator (DSA)?
Vice presidents, deans, directors, and department chairs are responsible
for assigning user security roles for their employees. A Department Security
Administrator (DSA) needs to be designated by a Vice President, Dean, Director
or Department Chairman to do this work on their behalf. The DSA will use
the Access Request System to initiate requests to grant or remove access
to administrative computer applications for people in their department,
college or division. Many of these applications contain confidential or
sensitive information about UF employees, students or university interests.
How do I become a Department Security Administrator?
A completed DSA Authorization Form must be signed by a Vice President,
Dean, Director or Department Chairman to appoint or terminate a DSA. Please
send the completed and signed form to the Bridges Security Team at the address
printed at the bottom of the form. Upon receiving the form, a Bridges security
team member will contact the new DSA to arrange a time to attend the mandatory
DSA training course. After completing the course, the DSA will then have
access to the Access Request System (ARS) in the myUFL portal.
How can I tell which Department IDs have
been assigned to me?
Navigate in myUFL to My Account > My Roles. You will see a link to the
Department Security Administrator List. Use the browser’s search (Edit
> Find) to locate your name in the list. It may be listed multiple times.
The DSA list contains the unit name and corresponding DeptID.
How can I add or remove DeptIDs assigned
to me?
Change in Department IDs for a DSA must be requested by filling out a DSA Authorization Form and having it signed by your supervisor.
Follow the submission instructions on the form.
How do I see the people I supervise?
Department IDs are assigned to the DSA in accordance with the DSA
Authorization Form that is submitted in order to become a DSA. If someone’s
“Home Department” is one of the DeptIDs assigned to you as a
DSA, you will be able to see their security.
How can I find the Home Department ID for
someone I supervise?
If you approve time for the person, navigate in myUFL to Manager Self Service
> Time Management > Time Management Home > Time and Labor Launch
Pad and find them by name. This will also show you the DeptID.
Can a college or department decide not to
let their employees have the self–service functions?
No. All employees will have the self–service roles listed above. Whether
employees actually enter their own time or travel expense via the portal’s
My Self Service is an internal policy decision for the college or department
What happens when I assign someone role
with password policy of P4 or P5?
When you assign a P4 or P5 role, the person will need to change their password
the next time they sign on to the portal or other system authenticated with
GatorLink. The individual will receive an automated email from myUFL but
a verbal and early warning is highly recommended. Some employees have to
authenticate on a local system before they can access the portal to change
their password–letting them know ahead of time will allow them to
use another computer to do this work.
How can I learn more about the new password
policies
Please review the materials and policy located on the Bridges Web site >
Services > GatorLink Password Management.
What does Rounds 1, 2, and 3 refer to?
In the transition from the legacy systems to the new myUFL systems, we used
a series of spreadsheet or on–line exercises to assign user security
roles to UF’s faculty and staff. This largely had to be done because
there was not a one–to–one match between the old work tasks,
processes, or systems and new work tasks, processes, or systems. We began
in October 2003 with Excel spreadsheets and ended with Round 3 via the Access
Request System in June 2004. Refinement and stabilization of role assignments
continue today
How can I find users who are
overdue or close to their certification deadline?
Navigate in myUFL to Access Request System > Requests > Certify Roles.
Click the 'Date Last Certified' header to sort in ascending order
Where do I find which users have
saved or submitted requests in the departments for which I am authorized?
Navigate in myUFL to Access Request System > Manage Requests > Find
an Existing Value. Click on the 'Search' button.
Using the Access Request System
How do I add, remove, or otherwise modify
user roles for an individual?
Navigate in myUFL to Access Request System > Requests > Manage Requests
and enter the UFID of the person that needs role changes. When you have
completed adding or deleting the roles, press the “Submit for Approval”
button. Please review the instruction guides for each role that are available
on the Bridges Web site under Services > User Security Roles. Different
roles have different requirements.
How do I remove roles for a terminated employee?
In ARS > Request > Manage Requests, enter the UFID of the employee,
select the “Delete Roles” check box, change “Action Requested”
for any role to “Delete,” and select “Submit Request”
button. The Bridges Security Admin team will remove access to the system.
Note: If the user’s UFID has already been removed from the system,
call the UF Help Desk and log a ticket
for the Security Admin team. They will process the request for you.
How do I request a role for a non–UF
employee?
Currently, non–employees will not be found in ARS until they have
been manually added by the Bridges Security team. The department’s
Directory Coordinator will need to first make sure the person has a GatorLink
username and is in the UF Directory with the proper relationship assigned,
either an employee relationship or the Departmental Associate Relationship
for non–employees. Please follow the Adding an Individual to the UF
Directory if unfamiliar with this task. The DSA must then submit a Help
Desk ticket requesting that the non–employee be added to ARS. Information
necessary for this request to be processed includes the UFID, name, and
DeptID for the non–employee. The Help Desk can be reached at 392–HELP
or UF Help Desk.
How do I assign roles for the legacy systems?
You use the Access Request System just as you do with the roles associated
with the myUFL or PeopleSoft systems except that you change the security
type to Legacy. After clicking on the + to right of one of the current rows,
change security type drop down box to Legacy (it comes up PeopleSoft when
row is added) – see list of legacy roles will come up. Find a role
and click on it. Repeat the process as necessary. All legacy roles in ARS
begin with an ‘N’.
Note that most Legacy roles, with the exception of Directory Coordinator roles, require additional information like Authority Code, EKL (Effort Keeping Location), Source Code, etc. Make sure you have supplied this information in the box provided. For information on what is required for each Legacy role request, go to Bridges Web site > Services > Security > Additional Resources for DSAs > List of Available Legacy Systems and Roles. Look for what is required in “Authority Area” when submitting a role request. A list of Authority Codes is located at http://www.isprod.ufl.edu/directory/orgnlist.htm. Look under the UFID column, which is the organization’s UFID, and is the equivalent of an Authority Code.
Why did I receive the message “You
are not authorized to access this component” when I tried to add some
roles?
This means that there is an existing request in process for this UFID number.
You can make a request for any UFID that does not have a request still in
process. Once all roles on an existing request have been processed, you
will be able to make another request for that UFID.
I am attempting to add a new request for
an employee and the system says “Not a Valid UFID”. What am
I doing wrong?
You may have entered an incorrect UFID for the person. If after verifying
the UFID, you are still unable to enter the request, the department’s
Directory Coordinator should check in the directory to make sure the person
has an appropriate relationship assigned. If the relationship is correct,
contact the UF Help Desk. The Help
Desk will assign a ticket to the Bridges Security Admin team.
How are role requests processed?
There are three categories of security roles:
- 1. End user roles that get automatically approved and implemented in the evening hours the same day they are requested.
- 2. End user and core user roles that require approval by an authorized person at Bridges or the appropriate central office. These requests get implemented in the evening hours the same day they are approved.
- 3. Workflow roles are entered on the User Preferences pages and we are working to automate these procedures. The turnaround for workflow roles is somewhat longer than that for end user roles.
How do I monitor the role requests I have
made?
In Enterprise Reporting, there are many reports available to DSAs in the
Application Access NewsBox. If you do not have Enterprise Reporting link
in the myUFL Menu, you will need to request UF_ER_User. If you do not have
the Application Access NewsBox, please use ARS to request the UF_ER_PA_Application
Access role.
Are there Enterprise Reporting reports
available for workflow role requests?
Not at this time.
I have role requests that are not being
processed and the Pending Role Requests report (in Enterprise Reporting)
does not show the number of days in queue
This suggests that you hit the “Save” button but not the “Submit”
button when you entered the role request. Please go back into the Access
Request system > Requests > Manage Requests and enter the UFID in
the “Find an Existing Value” box. The request will appear, and
then, press the submit button.
Who do I call if I have a problem with
using ARS or Enterprise Reporting?
First, check the Alert Notices for possible system outages or known issues.
Next, contact your fellow Department Security Administrator or
designated College Expert to see if
they are familiar with your problem. They will contact the Bridges Liaison
for your area if this cannot be resolved locally. If no one is familiar
with the problem, please contact the UF
Help Desk (392–HELP) as soon as possible.
Assigning User Security Roles
What roles are recommended for Enterprise
Reporting?
The Bridges EPM/Reporting team recommends the following Enterprise Reporting
roles for most college and department administrators. Many users are mistakenly
requesting reporting roles for “Central” or “All”
and this is delaying the reporting role requests being implemented because
those particular roles are reserved for a handful of central/core office
staff. Roles that are appropriate for department and college users include:
Enterprise Reporting Roles for HR/Payroll
- UF_ER_HRPR_Benefits To access general benefit information
- UF_ER_HRPR_Ben_PaidBen To access employer–paid benefit information
- UF_ER_HRPR_Ben_Leave To access employee leave reports
- UF_ER_HRPR_Information To access general demographic information
- UF_ER_HRPR_Pay To access payroll–related information
- UF_ER_HRPR_Pay_CurrPayCycle To access the current pay period reports
- UF_ER_HRPR_Pay_Warrant To access the current year pay warrant information
- UF_ER_HRPR_Pay_Cost To access the current year payroll cost information
- UF_ER_HRPR_Workforce To access workforce information related to jobs, distributions, etc.
Enterprise Reporting Roles for Finance
- UF_ER_FI_Asset_Mgmt To access Asset / Property reports
- UF_ER_FI_Ledger_ALL To access Control (available balance) and Departmental Ledger
- UF_ER_FI_Exp_and_Travel To access expense and travel reports
- UF_ER_FI_Purchasing To access purchasing–related reports
- UF_ER_FI_SponsResearch To access sponsored research pre– and post–award reports
For more information about the Financial and HRMS reporting roles, please review the documents available on the Bridges Web site > Services > Enterprise Reporting.
For a complete list of all reports available in Enterprise Reporting, and the roles required to view those reports, go to Report Catalog. This catalog is updated as needed and is available on the Bridges Web site > Services > Enterprise Reporting > Resources > Report Catalog.
What role is needed to see job applicants?
Does any type of workflow need to be set up?
No. The job applicant must be “routed” by the “recruiter”
to the appropriate supervisor in order to be viewed
What role is needed for the EEO person?
The role of EEO Officer is not a user security role but rather a title on
the Interview Team. There, the person can view the pool as routed and participate
in the evaluation process.
What role do I assign for someone who
needs to produce a list of assets and associated information by Department
ID or search for a specific asset?
Asset Management reports are available in three locations:
- Enterprise Reporting > Access Reporting > Financial Information > My UFL Financials > Asset Management
- Asset Management > Search for an Asset
- Asset Management > Print an Asset
Look at the roles checklist on the Bridges Web site under Services > Asset Management > Additional Resources or the Security Roles page at http://www.bridges.ufl.edu/security/roles.html under End User Roles for Asset Management.
What roles do I need to assign for a Directory
Coordinator?
A list of Directory Coordinator roles is available on–line at Bridges
Web site > Services > Directory > Additional Resources for DSAs
or the Security Roles page at http://www.bridges.ufl.edu/security/roles.html
under End User Roles > Directory. When requesting roles related to Directory
Coordinator, please remember to include the DeptID in your request in the
“Authority Area”. The Directory Coordinator may only modify
or add people to the Directory for that particular DeptID. Use the highest
level of the DeptID in the PeopleSoft department tree structure. For example,
if 63100000 is requested, the Directory Coordinator will have access to
departments 63100000, 63100100, 63100200, etc. Do not leave the
“Authority Area” in ARS blank or the request will be denied.
A list of DeptIDs is available on the Bridges Web site > Services >
General Ledger and Budgets > Additional Resources for ChartFields >
DeptIDs.
Important: When giving a Directory Coordinator the ability to relate or add people, please use **** ALL as the DeptID for the UF_N_Browse_Demographic_Information role. This will allow them to do a thorough, enterprise–wide search to ensure that they do not assign a new UFID to an individual who is already in the UF Directory.
To enter the DeptID in ARS: Manage Requests > type in UFID of individual > Add > when user’s security is listed click on the “+” to the right of the last role > on new line use drop down box under “Security type” and select Legacy > click on the magnifying glass, a list of Legacy roles will come up > select the role needed > a box will appear under “Authority Area” > fill in the appropriate DeptID without the hyphen.
