The report header includes basic information about the employee and supervisor.  It lists the institution, the supervisor, the employee’s name and ID, the last time the employee was paid, the employee’s business unit, and the employee’s classification.

QRG: Finance Security Guide

This section displays the user’s default operator values.

Process Groups allow control of the on-demand features such as budget check or posting directly in AP & AR transaction pages.

QRG: FSCM Security - Process Groups

Default Asset Management settings include date defaults, edit options for the entries in the AP/PO Information, Review Transactions, Unitization, Consolidation, and Default Distribution pages. The Auto-Run Transaction Loader options include running this process, and whether to include the impairment/revaluation, and asset retirement options. The Property Pagelet settings include Business Unit, UOM & location. The Asset tracking option shows the user’s default business unit for search criteria and prompt values.

Default Billing Job defaults that include server, output destination, and job run options.

Default settings and contract status authorizations.

Default GL settings include default ledger, ledger group, and journal entry sources. Journal Entry options include defaulting to use the NEXT journal id number, the Change Journals from Journal Generator option for editing sub journals, ability for the user to post journals, and allowing to copy/delete/unpost journals. The Online Journal Edit Defaults options include allowing the user to re-edit valid journals and Mark Journals to Post  however this option is not usually checked as it bypasses approval workflow. Journal Post Defaults include journal post options to bypass open item reconciliation and summary ledger updates for a specific user. The Budget Post Options include options for the creating events through the Entry Event Processor, Parent Budget Generation which is usually set to Always Generate to keep parent-child budget inline.

QRG: Setting General Ledger User Preferences

PayCycle Output Destination settings, such as server file destination for bank files and email id for notifications, can be added for users with PayCycle processing access.

Assigned approval roles for PO and Requisition approval workflow.

Optional defaults for procurement transactions, such as location, origin, department, ship to location, requester, and buyer.

Procurement contract process and default display options including contract status, authority approve/enter/hold/close/cancel contracts and process PO & AP contract releases.

Default settings for origin (online entry, batch, etc.), operator voucher authority to pay unmatched vouchers, copy from closed PO’s, override accounting date.

Security for Voucher Styles allows the user to access to various voucher types.

Online Voucher Processing options include not checking vs. checking voucher amount limits, ability to post vouchers, manually schedule payments, authority to override matching, and recording payments.

Default settings for Quick Invoice entry that requires a valid chart field combo and/or requires a balanced invoice.

Default settings for receiver entry that include allowing the user to force close non-qualified receipts, change non-PO prices on a receipt, close short, to use the Interface Receipt option to automate passing of inventory and asset information, and to allow subcontract streamline overrides. Other options include blind receiving only where the user cannot see ordered and remaining quantities, No Order Qty to hide the PO quantity, Ordered Qty use default PO quantity, PO Remaining Qty to default to the remaining quantity from the PO, the user’s default business unit, and the days plus or minus the current system date to use. The RTV options (return to vendor) include dispatch, inventory ship and inventory destroy options, if in use.

Allowed actions include approval (for workflow approvers), cancel, delete, close, and reopen. Other options include whether the user can work on approved requisitions, has full authority for all requesters at the location, whether a preferred supplier can be overridden, whether a RFQ (request for quote) required flag can be overridden, if non-qualified requisitions for closure can be overridden, and whether the user can send an approval reminder.

Allowed actions include approval (for workflow approvers), cancel, delete, close, and reopen. Other options include whether the user can work on approved PO’s, can dispatch unapproved PO’s, has full authority for all buyers at the location, can override non-qualified PO’s to close, and whether the user can send an approval reminder.

Settings include whether the user can override document tolerance exceptions when a PO exceeds the requisition amount or if the expenditure (voucher) exceeds the encumbrance (PO) amount.

For users to Enter Suppliers, the Authority to Enter option is checked. The Supplier Audit is automatically checked. The Authority to Approve or Inactivate is for SBCTC use only.

The Receivables preferences are used to set user default values and Payment Worksheet write-off tolerances and discount tolerances.

Buyers for whom this user can work purchase orders and actions that can be taken; add, update, cancel, delete, close, and reopen.

Requesters for whom this user can work requisitions and actions that can be taken; add, update, cancel, delete, close, and reopen.

Buyers this user can work purchase orders and actions that can be taken; add, update, cancel, delete, close, and reopen.

Requesters this user can work requisitions and actions that can be taken; add, update, cancel, delete, close, and reopen.

Grant security enables access to grant projects based on selected project security trees and department(s).

QRG: FSCM Grants Security

BUDG_DT_R: Allows Users to override the budget date on transactions that error due to the budget date on a transaction.

BYPASS_R: Allows a User to bypass budget checking entirely.(This function is reserved for occasions such as when a user needs to correct a suspense journal that was generated from within a source application like Purchasing and whose accounting entries have already been budget-checked.)

NOTIFY: Enables users to be notified by workflow when budget exceptions occur or when a specified percentage of the budget has been used.

OVERRIDE_R: Allows users to override budget checking exceptions for a new transaction or pass a transaction that has failed budget checking.

QRG: Budget Security for Commitment Control

Users with the Security User Assignment will be able to process the ACH/EFT payment dispatch, review payments, review payment files, override payment status, and override payment file status.

College Route controls that are added to ZZ_AW roles used for approval workflow.

QRG: FSCM Security - Workflow Approval Roles in Finance

Lists departments where the user is listed as the manager.

QRG: Updating Department Managers

Lists departments where the user is an approver for travel and expense transactions.

QRG: Maintain Approver Assignments

Lists procurement card proxy assignments assigned to another user (reconciler, administrator, reviewer, approver).

Lists procurement card proxy assignments (reconciler, administrator, reviewer, approver).

Displays whether a user has authorized another user to edit and submit T&E expense on their behalf.

QRG: Recommendations for On and Offboarding Employees for Expenses

Displays whether a user can edit and submit T&E expense on behalf of another user.

Lists roles if the user is included in approval workflow routing.

QRG: FSCM Security - Workflow Approval Roles in Finance

Lists delegation assignments established by the user.

QRG: Delegate Entry Authority

Lists delegation assignments if approving on behalf of another user.

This portion of the report is divided into two sections based on whether or not the role(s) a user has are locally assigned or must be assigned by the State Board security team.

If you're not sure what happens at a navigation, try navigating to that section of the ctcLink Reference Center. The Reference Center is organized to mirror the menu setup in ctcLink.

When reviewing navigations, page access, and roles, consider the following factors, all of which impact the probability of a data breach, or a user being able to act nefariously.

• What level of information is available at the navigation
  • Refer to your institution’s internal documentation to better understand the following categories.
  • Category 1 data is public information. This includes information that is specified as Directory Information under our system’s shared definition per the Family Educational Rights and Privacy Act (FERPA).
  • Category 2 data is sensitive information. All data that isn’t public information is at least category 2, although some data will be higher.
  • Category 3 data is confidential, and includes things like social security number, citizenship status, driver’s license number, credit card number, bank account number, among other information.
  • Category 4 data is confidential information requiring special handling.
• Whether or not the user has a role that grants them the ability to edit the data at the navigation, and, if applicable, whether or not the user has access to correct historical data.
• What other navigations & information is on the role
• Whether or not there are other roles that cover the navigation that might be more appropriate.
• How robust your offboarding processes are.
• Whether or not the user’s current job responsibilities require the access the user has.

Roles granted by SBCTC should be considered as a higher risk level. College should evaluate the access given by these roles rigorously.