ctcLink Reference CenterResourcesPeopleSoft Security Project Security InformationDay 1 - Off Boarding Staff Converted But Not Active in ctcLink

Day 1 - Off Boarding Staff Converted But Not Active in ctcLink

Purpose: Upon conversion into ctcLink, Local Security Administrators (LSA) may be made aware of staff who had an 'Active' job record at their college, but no longer actually work at the college.  In such cases, a User Profile will have been created and if additional roles or security access was granted it would need to be removed to ensure the employee does not gain access to ctcLink.

Audience: Local Security Administrators, HR Staff

During the Go Live weekend, Local Security Administrators (LSAs) are provided with an early view into which employees converted at Go Live.  An 'All Employees Go Live' tab will be added to the security workbook.  If it is noted that an individual employee had an active job record during this conversion activity, but it is known that there job record should have been marked as separated prior to conversion, action will need to be taken to remove that user's access to ctcLink.

Terminating Job Record

The HR office will need to insert a new effective dated row to reflect the termination of the employee in the job record that converted as active.  This will result in the dynamic process that applies the CTC_<college>_DISTR security role being removed from the employee's User Profile.  In many cases this will remove the tile from the Gateway (Portal) page; however if the employee also has a student relationship with the institution, the tile will remain visible due to the existence of the CTC_<college>_CC role that would not be removed in the Campus Solutions pillar.

Reference Material on Adding a Termination Row to Job Data:

9.2 Entering Terminations and Retirements

Verify Active Employment at Another College

Verifying active employment at another college in the ctcLink system is as easy as navigating to the User Profile page (view only) to view whether the former employee has a 'Dynamically Applied' CTC_<college>_DISTR role for another institution in our system. [Note: manually applied district roles are used to enable a former employee the tile to access that college's W2 when getting in to the Portal (Gateway) page.]

Navigation: PeopleTools > Security > User Profiles > User Profiles

It is recommended to reach out {via Security listserv or email} to the other institution's Local Security Administrator (LSA) to verify that college's access needs prior to removing roles in each pillar.

Removing Roles in HCM

All roles, except those listed below can be removed from the HCM User Profile.  College LSAs will add the role ZZ Former Employee in place of the ZZ PeopleSoft User role to reduce the user's access in HCM.

Run User Preference Definition Report

To view what additional access rights were granted to the user in Finance, you can run a report that will display all User Preferences that have been defined.  

Navigation: Setup Financials/Supply Chain Mgmt > Common Definitions > User Preferences > User Preferences Report

Create a NEW Run Control, by clicking Add a New Value and entering a unique Run Control ID, then click ADD.

Access to your Business Unit can be immediately ceased by removing the Business Unit for your institution on the Overall Preferences.

Removing the user from Requester Setup must be post-poned until the Business Office has an opportunity to either close the outstanding requisitions and purchase orders submitted by that requester.  The Business Office can edit the buy on purchase orders to reflect who now fulfills that responsibility on your campus.

Removing Roles in FSCM

Roles can be removed from the Finance User Profiles for those job duties that relate to your institution, by using the 'minus' (-) symbol on the Distributed User Profile page. Where the employee is shared, please confer with the other institution before role removal.  Removing Primary and Row Level permission for your college will disconnect the user's access to your college's data.

Removing Access in Campus Solutions

In campus solutions you are more likely to have cross-over in Student Access and instructor access at multiple institutions.  Student access is controlled dynamically by the processes that run in the background that assign the ZZ SS Student role.  This role is never removed by the LSA, as it is controlled by the system based on the student's engagement at their various institutions.

Faculty, whether full or part time, their ZZ SS Faculty and ZZ SS Advisor roles are assigned dynamically by the existence of an 'active' record for your institution on the Instructor/Advisor table.  LSAs would not manually remove these roles as the system will only remove these roles if ALL instructor/advisor entries are inactive for all colleges.

Removing Primary and Row Security 'masking' permissions essentially shut off the ability to receive returned results for student data in all search criteria entry pages. Do Not remove masking for ANY user profile in the CS pillar.  We always want to keep masking applied, but if the masking is SSN, Partial or None, set it to Mask ALL as we never know where that employee will end up in the future.

Do Not remove masking for shared employees who need access to the CS pillar.

Removing SACR Security

Colleges can instantly remove Institution Access to SACR Security settings by blanking out their institution, this will not impact any other college access the user has, or simply find a user who does not have SACR and perform a complete replace of the off boarding user's SACR Security with their SACR.

After resolving your implementation security position, please transition to using the operational materials for managing Employee Security Off Boarding:


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.