Detailed Security Policies


SFS Security Processing:

SFS Security Processing:

All * fields on form must be filled in, or Security could delay or reject the form.

The latest form must be used, or Security could delay or reject the form. See SFSAuth.pdf. (PDF; 1 page)

For Granting Access (provisioning):

For most instances:

    • User must sign the form.
    • Supervisor’s signature is not required but is recommended.
    • A Business Unit Administrator (BU Admin) must sign the form.

If the access is for a BU Admin:

If the access request is for a UW – Madison employee for either the Grants or Expense (EX) modules:

If the requester is asking for Technical roles:

If the requestor is not an employee:

    • Indicate on the form that the person is not an employee and what project the individual is working on.
    • A Person of Interest (POI) must be created for the individual in HRS before the SFS security form is submitted.  Local HR staff should be contacted to setup a POI.

If the requestor is an auditor:

    • Internal auditors – should be treated as normal employees.
    • External auditors (LAB, etc) – requires Financial Module Steward sign off and should be granted UW_Base_User for the base role.

Back to top

 For removing access (de-provisioning):

  • Only a BU Admin or Module Steward signature is required
  • No restrictions on self-signature (ie: BU Admins and Module Stewards can sign forms removing access from their own accounts)
  • Emergency access removals are allowed, but will require follow up paperwork

 

 Signature Proofing Rules

  • Note: Please see official training material on Wiki for more detailed process steps.
  • Must have user signature for adding roles.
  • Supervisor signature is suggested but not required for adding roles.
  • Must have a BU Admin or Module Steward for the specific campus the user is from.  Note:  Module Steward trumps BU Admin, if in doubt.
  • Must date/time stamp the form for the date/time received.
  • Must validate user in employment system.
  • Must complete in two business days from time of receipt of valid and correct form.
  • Must contact BU Admin via email or directly with form issues as soon as the error is identified.
  • DoIT Security will consult the Master SFS Role Catalog for additional roles not listed on the SFS Authorization Form. (PDF; 1 page)

Back to top

 


Module Stewards are the data owners-

Module

Steward

E-mail Address

Phone

DoIT

David Pagenkopf

david.pagenkopf@doit.wisc.edu

608-890-3588

Financials

Julie Gordon

jgordon@uwsa.edu

608-262-1803

Grants for UW - Madison

Mark Sweet

masweet@rsp.wisc.edu

608-265-9252

Expense for UW - Madison

Stefanie Merucci

smerucci@bussvc.wisc.edu

608-262-1123

DoIT Module Steward:

    • Needs to sign for anyone getting a DoIT role. May also be the Supervisor.
    • DoIT Module Steward's signature is needed for DoIT role access by functional staff.

FINANCIALS has been delegated to BU Admins at each campus from the SFS Change Manager.

    • Financial Module Steward's signature is needed for Financial role access by technical staff. For example, a developer at UW - Madison DoIT is asking for a Financial role.

GRANTS FOR UW - MADISON:

    • UW – Madison employees requesting Grants access need the UW – Madison Grants Module Steward to sign. This includes BU Admins adding their own Grants access.

EXPENSE FOR UW - MADISON:

    • UW - Madison employees requesting Expense module access need the UW - Madison Expense Module Steward to sign.  This includes BU Admins adding their own expense module access.

Any question as to the owner of a role is answered in the Master SFS Role Catalog file that is maintained for Security.

Back to top