UAT/SVL: On Boarding New Hires BEFORE Go Live
Purpose: This guide is intended to help colleges who are adding a newly hired employee into the UAT or SVL environment to allow them to assist in User Acceptance Testing (UAT) or to ensure they have the needed page access security at Go Live, which is sourced from the SVL environment.
Audience: Local Security Administrators (LSAs) and HR Staff assisting with On-Boarding new hires into Project environments in preparation for Testing or Go Live.
You must have identifying information to being this process, such as Date of Birth and Full Legal Name.
Can be performed by HR staff or LSA - Not real job data, just a placeholder to add security
Before adding a person record into the HCM pillar, first check to see if the person already exists in the system. The person may have already worked for another college on ctcLink, or may have been a student at a college within the ctcLink system. Please verify the person has been added in UAT first and carry forward their UAT EMPLID to SVL so that you don't unintentionally utilize and EMPLID belonging to another college from UAT.
Before adding an employment instance, the employee must have a person record in HCM. Keep in mind, they might have a person record in the CS Pillar, but CS Bio/Demo data does not synchronize to HCM and must be added to the HCM system before the employment instance can be attached to the employee's person record. You can determine if they already have a student record in CS by navigating to: navbar > navigator > Campus Community > Person Information > Add/Update a Person and searching by name and comparing the Data of Birth and address information; note the EMPLID. You can then double check they are the intended person by navigating to: navbar > navigator > Campus Community > Person Information > Identification > External System ID and entering the EMPLID noted. This will display the user's Employee SID, but be warned it also has the possibility of showing the user's clear text social security number, which is why access to this page is restricted to a specific security role: ZZ CC External System ID.
9.2 Add a New Employee Person Record and Job Instance
9.2 Add an Employment Instance (training video)
IF BRAND NEW ctcLink Person - Dynamic Process runs every 3 hours from 7am to 7pm to build a NEW HCM User Profile, which will sync to all pillars and portal.
Note: This process ALSO adds the ZZ HCM Manager role dynamically for any manager
Must be done by user with Local Security Administrator (LSA) access (ZZ Local Security Admin)
The user profile will be automatically generated once a Job Data record exists. Keep in mind that if the employee already had a job from a prior college on ctcLink, that employee will already have an existing user profile and you will need to review it to ensure it has the appropriate security roles.
The dynamic process that runs to create a NEW User Profile will also update any existing User Profiles with a CTC_xxx_DISTR security role when a person has an active job at a college. This can ONLY be seen using the Security > User Profiles > User Profiles page, and is not visible on the Distributed User Profile page used by the college to enter new security role assignments.
Note: If the user is a Payable Time processor, they will require the TL Super User row level security of CTC_xxx_TL_SUPERUSER (where xxx = Company Code).
On the HCM User Profile, the General Tab contains fields that the LSA will need to update:
- Symbolic ID: Must be set to SYSADM1
- Primary: Must be set to CTC_PT_WAxxx_ALL (where xxx = Company Code)
- Row Security: Must be set to CTC_PT_WAxxx_ALL (where xxx = Company Code)
- Process Profiles: Must be set to CTC_PT_PRCSPRFL_STAFF (to grant ability to launch processes, including scheduled queries)
On the FSCM User Profile, the General Tab contains fields that the LSA will need to update:
- Symbolic ID: Must be set to SYSADM1
- Primary: Must be set to CTC_PT_WAxxx_ACCESS (where xxx = Company Code)
- Row Security: Must be set to CTC_PT_WAxxx_ACCESS (where xxx = Company Code)
- Process Profiles: Must be set to CTC_PT_PRCSPRFL_STAFF (to grant ability to launch processes, including scheduled queries)
All employees will need their Overall User Preferences set regardless of what they do at the campus. This must be done AFTER the User Profile General Tab is updated to point their Primary/Row permissions to your institutions.
Keep in mind, employees who work at more than one college might NOT have their Overall User Preferences pointing to your institution if their Primary job is at the other college.
On the CS User Profile, the General Tab contains fields that the LSA will need to update:
- Symbolic ID: Must be set to SYSADM1
- Primary: Must be set to CTC_PT_MASK_xxx (where xxx = masking choice - read below)
- Row Security: Must be set to CTC_PT__MASK_xxx (where xxx = masking choice - read below)
- Process Profiles: Regular CS Staff - Set to CTC_PT_PRCSPRFL_STAFF (to grant ability to launch processes, including scheduled queries)
- Process Profiles: Full/Part Time Faculty - Set to CTC_PT_PRCSPRFL_FACULTY (to grant ability to launch processes without allowing daily/weekly recurrence)
Masking Values: (If missing, no search return values will appear. Does not control college data access managed via SACR)
- CTC_PT_MASK_ALL (default) = Mask Social Security Number and Mask Date of Birth
- CTC_PT_MASK_SSN = Mask Social Security Number and Unmasked Date of Birth
- CTC_PT_MASK_NONE = Mask Social Security Number and Unmasked Date of Birth
- CTC_PT_MASK_PARTIAL = Mask Social Security Number and Partial Masking of the Date of Birth
If the newly hired employee will need to work in the CS Pillar they must have Basic SACR Security to enable their access to your college's data. This is managed via SACR security, rather than through Primary and Row Level permissions on the User Profile, as is done in HCM and FSCM.
CS 9.2 SACR Security: Basic Requirements for Staff
In addition to Basic SACR Security, staff that have been granted specific page access will likely also require SACR Security relative to the specific page access:
CS 9.2 SACR Security - Academic Program Security
CS 9.2 SACR Security: Program Action Security
CS 9.2 SACR Security - Service Indicator Security
CS 9.2 - SACR Security: Milestone Security
CS 9.2 - SACR Security: Test ID Security
CS 9.2 - SACR Security: Enrollment Security
CS 9.2 SACR Security - Population Update Security
SACR- 3Cs Group Security (Financial Aid)
In addition to various additional SACR Security needed in the Student Administration area, if someone works with Student Financials data they may also require SACR Security for Student Financials. This applies to Cashiers, Finance staff working in SF, Financial Aid staff reviewing student account data.
CS 9.2 - SACR Security: Student Financials
In some cases the entry time for adding SACR Security can be burdensome. Areas such as Service Indicators, Student Groups and Population Update can have many values. In those cases it may be more efficient to find a user who already has the exact or close to the same access for that area. You can then choose to simply copy their security to the new person and edit it from there.
Always be mindful of staff working at more than one college as they are not a good candidate to use as the source to copy from.
Can be done by LSA with ZZ CC External System ID or ZC CC External System ID role access or by ctcLink Project via OTM Ticket Request
After a new hire has been added to an environment and their security has been established the project team will need to add an External System ID record for that employee. If the employee was previously employed at another institution they will require their new employment relationship to the onboarding college to be added to the Solution Validation Environment (SVL). This is used to ensure that Security User Profiles and all additional security is mapped to the legacy SID and any temporary EMPLIDs in that environment used to store that security can be mapped to the newly created Permanent EMPLID at Go Live.
Keep in mind this page and table store clear text SSN so access should not be broadly granted to view this information at a college.
Must be done by user with Local Security Administrator (LSA) access (ZZ Local Security Admin)
Reference Materials for choosing what roles might need to be added in HCM are available at the links below:
Pillar Security Matrix Mapping by Module – Human Capital Management (DG4)
Reference Materials for choosing what roles might need to be added in FSCM are available at the links below:
Pillar Security Matrix Mapping by Module – Finance (DG4)
Session 4: Understanding Finance Additional Security (DG4)
9/13/21: Security Support on Finance and User Preference Definition & Grants Security (DG6)
9/27/21 - Revision Security on Finance and User Preference Definition & Grants Security (DG6)
FSCM Pillar - Roles with Route Control Profiles:
Keep in mind each role that is associated with Automated Workflow (AWE) will require a Route Control Profile specifying the college Business Unit to be added on the Roles tab of the User Profile in the same row as the AWE relevant role (see screen shot below).
Roles that require this entry that are visible to DG6 colleges are outlined below:
ZZ CC Budget Approval
ZZ GL Journal Approval
ZZ GL Jrnl Accountnt Approval [Seattle District Only]
ZZ Purchasing Approval
ZZ Requisition Approval
ZZ Treasury Approvals
ZZ Voucher Approval
ZZ_AWE_ADMIN_xxx (where xxx = Company Code)
ZZ_AWE_BI_APPR_xxx [Seattle District Only]
ZZ_AW_ALL_PROJECT_APPROVER [Tacoma District Only]
ZZ_AW_AMT_HDR_LEVEL_x (1 or 2)
ZZ_AW_AMT_LEVEL (1,2 or 3)
ZZ_AW_AP_REVIEW
ZZ_AW_BI_INV
ZZ_AW_BUDGT_JRNL_APPROVER - (State Board Staff Only)
ZZ_AW_COMMODITY_xxx (xxx = Various Role Names)
ZZ_AW_EXEC_LEVEL_xx (numbered value)
ZZ_AW_GL_ACCOUNTANT
ZZ_AW_GL_ACCT_SUPERVISOR
These roles are existing in the system and tied to a global approval workflow lists that will be transitioned once all colleges are live from the CTC version of the security role to the equivalent ZZ_AW version of the role:
CTC_AW_COMMODITY_AV
CTC_AW_COMMODITY_FACILITIES
CTC_AW_COMMODITY_IT
CTC_AW_COMMODITY_BRANDING
CTC_AW_COMMODITY_SAFETY
CTC_AW_COMMODITY_TELECOM
Note: ZZ Expenses Approval does not require a Route Control Profile
Note: ZZ_AW_BUYER, ZZ_AW_AP_MANAGER and ZZ_AW_AP_SPECIALIST exist and will be associated with a approval workflow lists once all colleges are live, but at not currently in use today.
Reference Materials for choosing what roles might need to be added in CS are available at the links below:
Pillar Security Matrix Mapping by Module – Core Campus Solutions (DG4)
Pillar Security Matrix Mapping by Module – Financial Aid Campus Solutions (DG4)
Pillar Security Matrix Mapping by Module – Student Financials Campus Solutions (DG4)
Session 5: Understanding CS Additional Security (DG4)
8/9/21: Security Support on Faculty/Advisors + Review CS Roles + Basic SACR Security (DG6)
8/16/21: Security Support on SF/FA Roles + SF/FA Relevant SACR Security (DG6)
9/8/21: Security Support on SACR Security in CS, Local Security Management Discussion Follow-Up (DG6)
0 Comments
Add your comment