9.2 Security - Using Launchpad to Copy User Roles

Purpose:  Use this document as a reference to copy roles from one user profile to another, or to multiple users.

Audience: Security staff

Only Local Security Administrators with the ZZ Local Security Admin role and ZD Local Security Admin view-only role have access to Launchpad features.

If you need assistance with the above security roles, please contact your local college supervisor or IT Admin to request role access.

Using Launchpad to Copy User Roles

Navigation: NavBar > Navigator > Launchpad > Launchpad

Launchpad menu page

How Does "Copy From" (Source) and "Copy To" (Target) Work?

Finance Pillar:

Copy From (source) and Copy To (target) fields are restricted by the user's Primary Permission List to control the Business Units.  For roles that require Route Control Profile (see QRG 9.2 FSCM Security-Workflow Approval Roles in Finance) , the route control will not copy over. The route control will have to be manually added after the security roles have been applied.

Campus Solutions Pillar:

Copy From User ID (source) lookup criteria requires the User ID to have a SACR Security Academic Institution that aligns to college associated with the Primary Permissions List of the User Profile performing the search (LSA).

The Copy To User ID (target) lookup criteria requires the user to have an "Active" job record at the same institution in order to be selected.  

Human Capital Management Pillar:

The Copy From (source) and Copy To (target) User ID lookup criteria requires the User ID to have a Primary Permission List that aligns to college associated with the Primary Permissions List of the user performing the search (LSA).

The Copy User Roles feature in Launchpad can be utilized to apply a set of Security Roles from a source User ID to one or more target User ID(s). 

A source User ID can be from Templatized User ID (Role Grouping Templates beginning with WAXXX_template_name), created on request for your college by the SBCTC Security Team, upon request or from the User ID of an existing employee. College copying roles from an existing employee must carefully analyze the security access granted to ensure roles are not over-allocating access relative to job duties and are in alignment to Segregation of Duties requirements.

The Copy From User ID is at the top of the screen.

Pick from a Templatized User ID or an existing employee's User ID.

The roles that would be assigned from the Copy From User Profile will display on the screen for review.

The Copy To User ID section at the bottom of the screen allows for one or multiple User IDs. All User IDs will receive the same set of roles displayed above.

After you populate the Copy To, the COPY button will be enabled. The user(s) in the Copy To area must have an "Active" job record at the institution associated with the person scheduling the process to display in the search results and enable the Copy To function.

Copy User Roles page

Select the Copy button. This will apply the displayed roles to all the Copy To User Profile(s).

After the copy process has completed, the audit query (available in each pillar) can be run to see the roles that were applied, and which roles that already existed on the user profile:

QXX_SEC_ROLE_COPY_USER_BY_OPR

Query page

In the query results, blue drill-down links are available to see detailed data. If run to HTML, the drill-down data will show the roles that were copied. The Action column will indicate Add or Exists.

query page drill down links
Helpful Hints
  • If an HCM user profile/template is created for a user with both HCM and CS roles for their job, the following steps will be needed: The user profile template will automatically copy to the other pillars and the LSA will need to add the pillar specific roles to that same template in each pillar. Run the LaunchPad Role Copy process separately in each pillar.
  • You can apply multiple User Id Templates to a User id, however ensure there are no segregation of duties issues. You can only apply one template at a time so if applying multiple, the process has to be run multiple times, once per template id.
  • Template adjustments: If the LSA copies roles to a user and finds that the template is incorrect, then they can update the template and/or manually update the roles assigned in the user profile.
  • If you apply a Template ID to a user in HCM, and that role exists in other pillars, the role will sync to the user id in the other pillars as well. LSA’s may need to go in and remove it from the other pillars if it isn’t applicable.
  • The ZZ Legacy App roles can now be administered in HCM as well as Campus Solutions.
  • Template applied will not duplicate roles. Keep in mind that if elevated security roles are included, then it needs to be allowable at each location. Global SACR: If the user has your academic institution to someone with active job record it will delete what is there and add in what is on your template which affects the other institution. Check with other college before copying.
  • HCM & FS copy to user profile will need row level security for copy from and active job. Trying to copy from real user id and row/primary perm list from other college, cannot copy from. Copy from template to user, copy from needs to be your college’s primary/row, copy to needs active job record. Acct like 120_ must manually apply roles. No alternative user profile, we are secondary, in CS if have academic institution as copy from and active job for copy will work.
  • The role copy feature will not work on Secondary User Accounts like WAXXX_FirstInitialLastName. Roles will need to still be manually applied to these users.

End of procedure.

Requesting Templatized User Profiles

Templatized User Profiles will be created per college with the naming convention starting with “WAXXX”.  There are a maximum of 50 Templatized User Profiles in each pillar for the colleges to populate with desired security roles.  It is imperative that the local security administrators review the templatized user access for Segregation of Duties concerns prior to using them to copy to a new hire.  Because the base roles are already on the new hire’s user profile, they should not included in the list of security roles applied to the on the Templatized User ID.  These User IDs will be Pre-Approved at the institution for those positions for audit purposes.

To request a Templatized User ID, please submit a Service Desk Ticket with the desired Template User Profile name, beginning with WAXXX_ (where XXX is the college code) and continuing with the template name using underscores, (for example WA120_Fiscal_Analyst or WA062_Registrar). Please also provide the desired Description and pillar. Keep in mind, if you would like the template to be built and exist in all 3 pillars, specify Human Capital Management (HCM). If you intend to ONLY use the template in Finance (FSCM) or Campus Solutions (CS), please specify in the Service Desk Ticket. 

Once the Templatized User ID is established you have the discretion to edit the Description locally. You will need to manually apply the desired security roles and any secondary security in order to use the template.

-> During UAT please follow these specific Template Load Request instructions.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.