University of Oregon

Job Scheduling Security Privileges Guide

Audience
Faculty/Staff
Researcher
Student
GTF

Job Scheduling Security/Priviliges Guide

Introduction

This document will serve as a guide for the Applications Manager Security and Privileges plan within the framework of the University of Oregon's business model. This document is a paraphrase of the Applications Manager Administration Guide, Development Guide and Operations guide. Refer to the Applications Manager online documentation for further definition of terms and more detailed information. We will continue to keep this document up to date as we become more familiar with Applications Manager.

Applications Manager Roles

Access to Applications Manager windows and objects are given using roles. Think of roles as containers to which objects and users are added. Users have access to all objects with which they share a container. Users and other Applications Manager objects can be placed in more than one container. Access can further be restricted by designating Edit authorization to some roles and not to others. The number of objects and users that can be assigned to a role is basically unlimited. Objects and users can be assigned to more than one role. Users have access to all the objects in all the roles to which they are assigned.

Who is assigned Applications Manager Roles?

Applications Manager roles are similar to those roles set within Banner. However, Applications Manager roles are not as granular and need careful planning when they are created. For instance we don't want to assign an edit role to a group of Applications Manager users that would allow any one of those users to change something that didn't belong to them.

All role assignments for modules will be made within the Enterprise Administrative Applications group at Information Services. These roles will be assigned to the Applications Manager user(s) based on the department the user belongs and their job function.

End User Roles

End users will be allowed to request modules, chains or other objects that they need to perform their job function. Each end user will need at least three roles;

* UO_END_USER_EDIT role

This role gives privileges to the end user to allow creation of Applications Manager objects where needed. For instance, end users should be allowed to create calendars for their modules, change their Oracle login, create ad hoc reports, build notifications and create messages. The edit role has the following role authorities (able to view and edit Applications Manager windows) assigned to it.

  • Calendars
  • Message Templates
  • Notifications
  • Reports

In addition to this roles, there is a role called BANNER_CHAIN_EDIT. Users who are assigned this role will be allowed to create chains within the Application that they have been assigned. See Applications below.

* UO_END_USER_NON_EDIT role

This role will allow end users to view windows within Applications Manager, but not edit any of the objects within. This role is assigned to all end users. The following role authorities (View only screens) are assigned to this role.

  • Applications
  • Calendars
  • Chains
  • Explorer
  • Logins
  • Message Templates
  • Modules
  • Notifications
  • Reports
  • Requests

* LOGIN_[end_user] role (where end_user is your Applications Manager UserID)

This role allows the end user to change his or her own Oracle database login password.

When an Applications Manager end user logs in to Applications Manager, their default security privileges are outlined in the table below.

Operations Menu Edit View
Explorer No Yes
Backlog Gannt View No Yes
Graphical Forecast No Yes
Forecast No Yes
Dashboard No Yes
Requests No Yes

 

Object Admin Menu
Edit View
Calendars Yes (Create) Yes
Applications No Yes
Chains No (unless) Chain Edit Yes
Message Templates Yes (Create) Yes
Modules No Yes
Notifications Yes (Create) Yes
Reports Yes (Create) Yes
Logins Yes Yes

The Options and View Menu are available for setting personal preferences.

Applications Manager Security Officer Roles

A UO_SECURITY_OFFICER_EDIT role has been created for Applications Manager security officers. This role is basically the same as the UO_END_USER_EDIT role except that the security officer for each department will have access the capability of editing jobs in the backlog. Note that the only jobs the security officer will have access to are those that belong to the Application to which they are assigned.

  • Calendars
  • Explorer
  • Message Templates
  • Notifications
  •  Reports

We may create other roles as needed and as we move forward.

Applications

All banner jobs that are defined within GUAPCTL will be moved to Applications Manager. The jobs will live within what Applications Manager calls Applications. Applications can be thought of as modules within Banner or some other container for like objects. For example, there will be an Application called Banner Finance. All Finance GUAPCTL jobs will be moved to the Banner Finance Application within Applications Manager.