SFS Business Unit Security Administrators (BU Admins)
See the SFS Security page for the process, current form and a link to this page.
Following are the BU Admins. If there is a "**" next to the e-mail cell, it means Sec Auth should use e-mail scans when forwarding to gather needed signatures:
|Campus||BU Admin||E-mail Address||Phone||Fax|
|Eau Claire||Jackie Krieselemail@example.com||715-836-2520||715-836-3632|
|Extension||Jean Storandt (+Grants)||firstname.lastname@example.org||608-265-6645||608-262-0163|
|Bob Price (+Grants)||email@example.com||608-262-1979||608-262-0163|
|Janet Waldburger (+Grants)||firstname.lastname@example.org||608-265-6787||608-262-0163|
|Green Bay||Lisa Jackovichemail@example.com||920-465-2968||920-465-5104|
|*** For HRS users:||Liv Gofffirstname.lastname@example.org **||608-265-1182||Please email forms|
|Jen Stenjememail@example.com **||608-265-1182||Please email forms|
|La Crosse||Jason Steinerfirstname.lastname@example.org||608-785-8550||Please email forms|
|Sandy Chapmanemail@example.com **||608 785-8599||Please email forms|
|Madison - DoIT
|Dave Rice (+Grants)||414-229-6652||Please email forms|
|Tom Osmanskifirstname.lastname@example.org **||414-229-5240||Please email forms|
|River Falls||Dave Sorensonemail@example.com||715-425-3905||715-425-0621|
|Stevens Point||Bo Dedekerfirstname.lastname@example.org||715-346-3999||715-346-4011|
|Stout||Kim Schulte-Shobergemail@example.com||715-232-1285||Please email forms|
|Sheri Olsonfirstname.lastname@example.org||715-232-2344||Please email forms|
System Admin/ Systemwide
All * fields on form must be filled in, or Security could delay or reject the form.
The latest form must be used, or Security could delay or reject the form. See http://www.uwsa.edu/fadmin/sfs/SFSAuth.pdf.
For adding access (provisioning):
- User MUST sign - to acknowledge they understand the security to the access they are requesting.
- Supervisor should sign, to attest the User is an employee and should have access - yet, does not need to sign.
- Need one signature from a BU Admin.
- For example, if Laurie Grams signs as the BU Admin for a non-BU Admin, Eric Engbloom does not need to sign for Financials.
- For BU Admins requesting their own access, see below.
- The supervisor, BU Admin and even Module Steward could be the same person for some campuses, like Mark Sweet for UWMSN Grants and Carol Block for UWMSN DOIT.
- If it is UWMSN, need one BU Admin signature for each security module
as UWMSN decided to split authorizing for Financial, Grants and Travel.
- If Travel roles are requested in addition to Financial roles, would need Susie Maloney and Jan Richardson to sign.
- If Grants in addition to Financial roles, would need Susie Maloney and Mark Sweet to sign.
- If UWMIL or UWEXT, only need a BU Admin for that campus to sign, even if they are asking for both Financial and Grants roles.
If a BU Admin is adding their own access: they sign as user, but need
BU Admin signoff from a higher BU Admin or Module Steward.
- E.g. if a Colleges BU Admin sends in a form for their own access, it needs additional signoff from a System BU Admin (Laurie or Eric) or Diann for separation of powers.
- BU Admin signer cannot be the backup BU Admin at the same campus.
- A different BU Admin/Module Steward must sign/authorize for adding access.
- If new user is not an employee: must indicate in the Additional Information form section that they are consultant, project, etc. Otherwise, Security will not be able to find them and will reject the form.
If it is for auditor access:
- Internal auditor access is controlled by BU Admins at each campus. Do not need Diann to sign. They still get UW_USER.
- External auditor access (usually LAB, but may be Federal): Diann Sypula MUST sign. UW_Base_User.
- For clarifications, email email@example.com.
*** For HRS roles (UWAP_HR* or any roles in Role Catalog with HRS owner):
- No longer a special form, since HRS went live.
- HRS BU Admin MUST sign.
- Diann Sypula MUST sign as Module Steward
- UW_Base_User if only UWAP_HR* roles.
For removing access (de-provisioning):
- If emergency removal of access, call Security Authorizations at 608-265-5591. Then follow up with paperwork.
- User does NOT need to sign, but can.
- Supervisor does NOT need to sign, but can.
- One signature is required by a BU Admin for that user's campus OR a Module Steward. This includes HRS access.
- Two different people do not need to sign for removing access.
- If a non-System BU Admin is removing their own roles or roles of their backup BU Admin, they do NOT need ANY additional signoff.
- If a System Admin (Laurie or Eric) is removing their own roles, they do NOT need additional signoff.
- If replacing a more powerful role with a less powerful one, it is still adding a new role and follows "adding access" process, including needing a user signature.
- If moving departments/campuses within the UW: BU Admins should coordinate and not send 2 forms. The new BU Admin should send in a form with the all needed roles for the new position - even if that includes some or all roles from the previous campus. All previous roles will be removed.
- If removing all access: all roles are removed, including dynamic ones, the UW_Inactive_User role is added and the account is locked.
- It is the BU Admin responsibility to notify Sec Auth during absences to avoid processing delays. Contact them by e-mail at firstname.lastname@example.org, fax at 608-265-0667 or phone at 608-265-5591.
- If a campus sends a request via e-mail with all known signatures, Sec Auth may be able to use that to forward for other needed signatures.
- If there is a "**" next to the e-mail cell on this page, it means Sec Auth should use e-mail scans when forwarding to gather needed signatures.
- All needed signatures must be on the form in an attached scanned file.
- The subject should be “SFS - User Request” to avoid SPAM/junk e-mail filtering.
- E-mails will be forwarded for missing signatures, which could cause delays.
Signature User ID Proofing Processing Rules (Sec Auth):
- Note: Please see official training material on WIKI for more detailed process steps.
- MUST have user signature for adding roles.
- Should have supervisor signature for adding roles. Does not need to sign.
- MUST have BU Admin or Module Steward signature for the specific campus the user is from or for A06 see above BU Admin for correct list -- use above rules if any question. (NOTE: Module Steward trumps BU Admin, if in doubt.)
- MUST time stamp form for date received.
- MUST validate user in employment system.
- MUST complete in 2 business days (48) hrs from time of receipt of VALID/CORRECT form.
- MUST contact BU Admin via email or directly with INVALID form issues as soon as error is detected.
- MUST contact DAIS Security if there are additional roles written in on form request - As there is no way to tell what Module Steward they belong with.
Module Stewards are the data owners:If there is a "**" next to the e-mail cell, it means Sec Auth should use e-mail scans when forwarding to gather needed signatures.
|Financials||Diann Sypulaemail@example.com **||608-265-5792||
Please email forms
DoIT module steward is Carol Block.
- She needs to sign for anyone getting a DoIT role. She may also be the Supervisor and can be considered BU Admin.
- Carol Block's signature is needed as Module Steward for DoIT role access by functional staff. For example, an employee of Diann's at UWSYS/UWSA is asking for a DoIT role.
FINANCIALS has been delegated to BU Admins at each campus from the SFS Change Manager.
- Diann Sypula's signature is needed as Module Steward for Financial role access by technical staff. For example, a developer at A06 MSN DoIT is asking for a Financial role.
- If adding an HRS role (UWAP_HR):
- Supervisor should sign.
- HRS BU Admin MUST sign.
- Diann Sypula MUST sign as Module Steward.
- See above for other specific processing.
- Only in MSN, MIL, EXT.
- If the request is from MIL or EXT, then those BU Admins can authorize it, and Mark Sweet does NOT need to sign as Module Steward.
- All other Grants requests need Mark Sweet to sign. This includes BU Admins adding their own Grants access.
- This is only in MSN for now.
- Stefanie Merucci is the primary approver and only needs to sign once.
- Any question as to the owner of a role is answered in an SFS Role Catalog file that is maintained for Security.
As of June 15, 2012. Notify UWSAProblemSolvers@maillist.uwsa.edu of changes.