Row | Role Description | Role Name | Descr | Role applicatio | Role app group | App sub-group | Sec course ID | Sec course name |
1 |
ASUPRCS Prod |
ASU_GB_UT ASUPRCS Prod |
|
GB |
UT |
|
<NONE> |
No Training Required |
2 |
Archive Data to History |
ASU_GB_UT Archive Data |
LIMITED ACCESS
This role grants access to the page at PeopleTools -> Data Archive Manager -> Archive Data to History. That page lets users choose which type of data to archive, from global payroll, to commitment accounting, to time & labor, plus a few more. Since archiving the data also removes it from the active tables, access should be limited to users who have an in-depth understanding of the potential consequences of archiving data and are authorized to make such decisions. Any request for this role should list either Lissa Kelley or Rey Servin as the supervisor in order to get their approval. |
GB |
UT |
|
<NONE> |
No Training Required |
3 |
Technical Business Analyst |
ASU_GB_UT Bus Analyst Tech |
THIS ROLE IS ASSIGNED BY THE OASIS SECURITY TEAM. An internal project userid (PS_) is required for this access. This access is not assigned to the ASURITE userid. Business Analysts needing this role will always request it IN ADDITION TO their module-specific Business Analyst role.
This role means the employee needs CMSC terminal server access for App Designer and/or Oracle DB access. View-only access to App Designer is granted by this role. Oracle DB access is granted through a script which looks for this role to be present on the userid. This role needs to be added in each environment. |
GB |
UT |
|
<NONE> |
No Training Required |
4 |
PS Definition Security Admin |
ASU_GB_UT Definition Security |
Full update access to PeopleSoft definition security pages. Access should only be granted to members of the PeopleSoft Security and PeopleSoft Systems Support teams. |
GB |
UT |
|
<NONE> |
No Training Required |
5 |
Definition Security Update |
ASU_GB_UT DefinitionSecUpdate |
This role give access to update the Definition Security. User needs to have terminal server access and access to application desinger in conjunction with this role. This role is restricted to PeopleSoft Security team members only. |
GB |
UT |
|
<NONE> |
No Training Required |
6 |
Prod Level Developer Access |
ASU_GB_UT Developer Prod |
THIS ROLE IS ASSIGNED BY THE OASIS SECURITY TEAM. An internal project userid is required for this access. This access is not assigned to the ASURITE userid.
View access to all pages, App Designer, and process groups. Access to run existing queries but not to create new ones. This access will be applied to developers in PRD. |
GB |
UT |
|
<NONE> |
No Training Required |
7 |
Duo Administrator |
ASU_GB_UT Duo Admin |
An empty role created to track Duo administrators. This role is intended only for people who will be considered owners or administrators of the Duo Admin application at ASU, typically they will be members of the PeopleSoft Security Team. |
GB |
UT |
|
<NONE> |
No Training Required |
8 |
HR Row Security Setup |
ASU_GB_UT HR Row Sec Setup |
This role provides access to all of the pages necessary to create HR row security permission lists and time reporter groups. It is intended for use by BTS and UTO employees only. |
GB |
UT |
|
<NONE> |
No Training Required |
9 |
Integration Broker Admin View |
ASU_GB_UT IB Admin View |
This role grants view access to Integration Broker under ASU Customization Menu. Access is extremely limited, typically only to technical people who need to verify messaging. |
GB |
UT |
|
<NONE> |
No Training Required |
10 |
Message Catalog Update |
ASU_GB_UT Message Catalog |
Access to update the Message Catalog. Message catalogs are migratable objects in PeopleSoft, so any changes to delivered messages should be made like a normal modification and migrated to PRD. Delivered messages have numbers below 20000. Custom messages have numbers 20000 and above. These can be modified directly in PRD, but it is still preferable to at least create a project for the modification and make the change in DEV and TST, just to make sure the change does not get overwritten by someone else's migration. |
GB |
UT |
|
<NONE> |
No Training Required |
11 |
ASU Message Monitor |
ASU_GB_UT Message Monitor |
This role grants access to check Message Monitor. Access is extremely limited, typically only to technical people who need to monitor messages being sent between OASIS environments or from OASIS to some outside system like Affiliate. |
GB |
UT |
|
<NONE> |
No Training Required |
12 |
Password Change in Dev |
ASU_GB_UT PSWD PROD |
This role is created for users who have a need to change the passwords in Non-Prod environment for testing purposes. The ASU_GB_UT PSWD PROD role does not have any page access but is used to grant dynamic access to the role ASU_GB_UT PSWD DEV in Non-Prod environments. Role ASU_GB_UT PSWD DEV grants users the ability to change passwords. |
GB |
UT |
|
<NONE> |
No Training Required |
13 |
Processes and Reports |
ASU_GB_UT Processes Reports |
This role includes full access to Process Monitor and Report Manager. This can be doled out liberally to anyone who needs to access the results of queries, etc. |
GB |
UT |
|
<NONE> |
No Training Required |
14 |
Security Processes in Prod |
ASU_GB_UT Prod Processes |
This role is copy of role ASU_GB_UT Prod. It contains permission lists for any run controls or setup tables needed for PRCGBUT to schedule jobs through Control-M. Only Security team member have access to this role. As it enables them the similar access as PRCGBUT.
Available on requet process - Y |
GB |
UT |
|
<NONE> |
No Training Required |
15 |
Production Verifiers |
ASU_GB_UT Production Verifiers |
This is a restricted role only granted by security to designated production verifiers for updates and fixes.
This role is not available on the online request process. |
GB |
UT |
|
<NONE> |
No Training Required |
16 |
Full Access to Run QBUs |
ASU_GB_UT QBU SuperUser |
|
GB |
UT |
|
<NONE> |
No Training Required |
17 |
ASU Query Super User |
ASU_GB_UT Query Super |
This role allows the user to create and run queries.
This access will be applied to the ASU_QRY user profile in PRD. This ASU_QRY ID is locked in PRD.
Restricted Access!!!! This role is available to designated Process IDs and system administrators only. |
GB |
UT |
|
<NONE> |
No Training Required |
18 |
Update Sec Req Training Tables |
ASU_GB_UT SC Training Tble Upd |
This role gives UTO Trainers the ability to update the training tables in the Online Security Request Process. Trainers can add courses that are required in order to obtain access to PeopleSoft, and populate those courses with the names of the attendees. |
GB |
UT |
|
<NONE> |
No Training Required |
19 |
Prod Level Security Liaison |
ASU_GB_UT Sec Liaison Prod |
This role is read-only access to user profiles, permission lists, and roles in the production environments. It is also used in non-production environments to assign the Test level role dynamically and the Test level role gives users the ability to add/update roles, permission lists, and users in non-production environment. |
GB |
UT |
|
<NONE> |
No Training Required |
20 |
ASU Security Administrator |
ASU_GB_UT Security Admin |
This role is assigned to the Security Admin Team. It contains the Security Admin Super permission list and gives access to all security related menus. |
GB |
UT |
|
<NONE> |
No Training Required |
21 |
Security Admin Support |
ASU_GB_UT Security Admin Sup |
This role is assigned to staff supporting the Security Team, such as the Triage team. It gives access to:
- Update information on the General tab of the User Profile
- Update information on the ID tab of the User Profile
- View information on all other tabs of the User Profile
- View detail information on Permission Lists and Roles
- View the tree manager and query security trees
- Full access to the ASU Security menu items
- Query run access
- Clear "proposed" security requests from the queue |
GB |
UT |
|
<NONE> |
No Training Required |
22 |
ASU Security Admin View-Only |
ASU_GB_UT Security Admin Vw |
This role is used to provide view-only access to user profiles, permission lists, and roles, view-only access to row-level security under the Secure Student Administration folder, and access to the Security Request Query page. It should be granted to Help Desk employees, data trustees, and people who are granting row-level security to users.
Nav paths are: PeopleTools -> Security -> User Profiles
PeopleTools -> Security -> Permission Lists & Roles
Set Up SACR -> Security -> Secure Student Administration -> User ID
ASU Customizations -> ASU Security -> Security Request Query |
GB |
UT |
|
<NONE> |
No Training Required |
23 |
Security Role Request Qry Vw |
ASU_GB_UT Security Role Req Vw |
This role provides view access to the Role Request Query view. Role is granted to users who have need to see access for other users in the organization.
Navigation is - ASU Customization>ASU Security>Security Request Query> ASU Security Request Query |
GB |
UT |
|
<NONE> |
No Training Required |
24 |
Prod Level System Admin |
ASU_GB_UT System Admin Prod |
This role is limited to System Administrators who have access to Application Designer and Definition Security. This access is only necessary for verifying objects in Application Designer (not for performing migrations to Production) and for configuring definition security for ASU. |
GB |
UT |
|
<NONE> |
No Training Required |
25 |
WF Notification Template Setup |
ASU_GB_UT WF Notification Tmpl |
Allows users to create Workflow notification templates and adjust the variables available to those templates. Update access will be extremely limited, so be prepared to prove you need it. ;-) There is a display-only version of this role as well.
Pages are located at:
PeopleTools -> Workflow -> Notifications -> Template Variables
PeopleTools -> Workflow -> Notifications -> Notification Templates
PeopleTools -> Workflow -> Notifications -> Generic Templates
PeopleTools -> Workflow -> Notifications -> Delete Notification Templates |
GB |
UT |
|
<NONE> |
No Training Required |
26 |
WF Notification Template View |
ASU_GB_UT WF Notification View |
Allows users to view Workflow notification templates and their variables.
Pages are located at:
PeopleTools -> Workflow -> Notifications -> Template Variables
PeopleTools -> Workflow -> Notifications -> Notification Templates |
GB |
UT |
|
<NONE> |
No Training Required |
27 |
ASU Workflow Administration |
ASU_GB_UT Workflow Admin |
This role provides full access to the WORKFLOW_ADMINISTRATION menu (PeopleTools -> Workflow). |
GB |
UT |
|
<NONE> |
No Training Required |
28 |
Form Admin |
FORM_ADMIN |
Form Admin |
GB |
UT |
|
<NONE> |
No Training Required |
29 |
PTF User |
PTF User |
|
GB |
UT |
|
<NONE> |
No Training Required |
30 |
Portal Administrator |
Portal Administrator |
|
GB |
UT |
|
<NONE> |
No Training Required |
31 |
Report Distribution Admin |
ReportDistAdmin |
This is for roleusers who are Report Distributions Administrators. |
GB |
UT |
|
<NONE> |
No Training Required |
32 |
Search Administrator |
Search Administrator |
Search Administrator role is used by users for Search Framework Administration |
GB |
UT |
|
<NONE> |
No Training Required |
33 |
Search Server |
Search Server |
This is for roleusers who are Search Server administrators. |
GB |
UT |
|
<NONE> |
No Training Required |
34 |
[WF] Worklist Administrator |
Worklist Administrator |
This is a list of roleusers who are sent timed out worklist processes. |
GB |
UT |
|
<NONE> |
No Training Required |
35 |
BIP Report Developer |
XMLP Report Developer |
|
GB |
UT |
|
<NONE> |
No Training Required |
36 |
GH ERP Firewall Administrator |
ASU_GB_UT 2FA FW Admin |
Provides Update access to Grey Heller Firewall Configuration pages. This role is restricted to the Security and System team. |
GB |
UT |
2FA |
<NONE> |
No Training Required |
37 |
Firwall Admin for System Maint |
ASU_GB_UT 2FA FW SysMaint Adm |
Provides update access to Grey Heller system message and maintenance pages. This access is granted only to Systems team and Security team |
GB |
UT |
2FA |
<NONE> |
No Training Required |
38 |
Grey Heller Firewall Rule View |
ASU_GB_UT 2FA FW Admin View |
Provide view access to Grey Heller Firewall business rules. This is a restricted access role will be kept hidden on role request. |
GB |
UT |
2FA |
<NONE> |
No Training Required |
39 |
Integration Broker Admin |
ASU_GB_UT IB Admin |
This role grants full access to Integration Broker Administrators. Access is limited to System Administrators only that need to monitor messaging. |
GB |
UT |
IB |
<NONE> |
No Training Required |
40 |
Archive Query Role |
ASU_GB_UT Archive Query |
This role is created for users who need Archive Query Access in production.
Role grants following access:
Page access - To QUERY_MANAGER and DATA_ARCHIVE_MANAGER.
Query Profile - Grants access to 'Allow creation of Role, Process and Archive Queries'
Role Restrictions - Role should not be grated to any developers. Access is restricted. |
GB |
UT |
SYS |
<NONE> |
No Training Required |
41 |
Archive Query Run |
ASU_GB_UT Archive Query Run |
This role is created for users who need to run the Archive Query process in production.
The role grants the following access:
Page access - To QUERY_MANAGER and DATA_ARCHIVE_MANAGER.
Query Profile - Grants access to 'Allow creation of Role, Process and Archive Queries'
Role Restrictions - Role should not be granted to any developers. Access is restricted. |
GB |
UT |
SYS |
<NONE> |
No Training Required |
42 |
PeopleSoft Ping |
ASU_GB_UT PeopleSoft Ping |
Full access to PeopleTools -> Utilities -> PeopleSoft Ping -> PeopleSoft Ping.
May be granted manually by the PeopleSoft Systems Support team on a temporary basis as needed, but may also be requested if more permanent access is needed. |
GB |
UT |
SYS |
<NONE> |
No Training Required |
43 |
Split Difference Review |
ASU_GB_UT SYS IBMsg Sync Rev |
Split Utilities> Data Verification Engine> Difference Review
Split Utilities> Data Verification Engine> Person Data Difference Review- display access |
GB |
UT |
SYS |
<NONE> |
No Training Required |
44 |
Person Data Difference Review |
ASU_GB_UT SYS Person Sync Rev |
This role grants access to the Split Data Verification Utility which allows users to see the differences between CS and HR environments.
Split Utilities> Data Verification Engine> Person Data Difference Review
Split Uilities>Data Verification Engine> Difference Review- Display access. |
GB |
UT |
SYS |
<NONE> |
No Training Required |
45 |
Company Info Administrator |
Company Info Administrator |
Company Info Administrator role is required to configure the CompanyInfo element through PeopleTools branding |
GB |
UT |
SYS |
<NONE> |
No Training Required |
46 |
Process Scheduler Admin |
ProcessSchedulerAdmin |
This is for roleusers who are Process Scheduler Administrators. |
GB |
UT |
SYS |
<NONE> |
No Training Required |
47 |
Secure Branding Administrator |
Secure Branding Administrator |
Branding administrator role that is required to provide access to certain PeopleTools branding components that require an understanding of security issues and concerns. |
GB |
UT |
SYS |
<NONE> |
No Training Required |