User Management Implementation at UCL Mike Haward April 2015 Version 1.0.
-
Upload
alaina-mccormick -
Category
Documents
-
view
219 -
download
0
Transcript of User Management Implementation at UCL Mike Haward April 2015 Version 1.0.
User Management Implementationat UCL
Mike Haward
April 2015
Version 1.0
User Management (UMX)(a new Oracle eBusiness Suite module that extends the standard FND security)
User Management at UCL
UCL are using the following features:
1.Roles 2000 responsibilities -> 25 roles
Entry level role (UCL Staff, consists of 5 responsibilities) allocated automatically when employee record created
2.Devolved administration of users 400 paper requests for change per week -> NONE
DA in each department administers their users
3.Custom process for Auth Sig setup 100 paper requests for change -> NONE
1) Roles
UCL have broadly split roles into the following categories:
1) Roles
You can look at the Role definitions and hierarchy on User Management:
But to be honest it’s a lot easier to see in the spreadsheet!
Microsoft Excel Worksheet
Each User Management role is configured to be restricted in 3 ways defining what:
a) Functions you are allowed to use
b) Users you are allowed to administer
c) Roles you are allowed to assign/revoke
As far as I can tell this is common functionality that could be used across any module!
2) Devolved administration of users
2) Devolved administration of users
FIVE levels of User Management access have been configured:
1. User Management2. User Management for MyFinance Support3. User Management For Finance4. User Management for SFDs5. User Management for DAs
a) Functions b) Users c) Roles
1. User Management Configuration & Setup of User Management
(User Management lead)
ALL ALL ALL
2. UCL Central User Management Administrator
Helpdesk and MyFinance support teams
User Admin Hierarchy* ALL UCL roles
3. UCL Finance Department User Management Administrator
Finance User Admin Hierarchy* Finance RolesDepartmental Roles
4. UCL SFD User Management Administrator
School Finance Directors User Admin Hierarchy* Departmental Roles(inc. DA role)
5. UCL Local Dept User Management Administrator
Departmental Administrator
User Admin Hierarchy* Departmental Roles(exc. DA role)
*Hierarchy - by default your starting point in the Hierarchy will be your position in the Org Hierarchy according to your employee (per_all_people_f) recordTo change a User Management user’s default starting position in the hierarchy then use the User Level Profile Value: UCL User Management Hierarchy Point
2) Devolved administration of users
a) Functions you are allowed to use
•Role defn includes a ‘Grant’ called UCL Local User Admin Grant User Management UIs
2) Devolved administration of users
We should have excluded those. But we left them there and then personalised them away. Doh!
2) Devolved administration of users
b) Users you are allowed to administer
•Role defn includes a ‘Grant’ called User Administration Privileges
2) Devolved administration of users
Your default hierarchy starting position
Or your profile value if you have one set
2) Devolved administration of users
c) Roles you are allowed to assign/revoke
•Role defn includes a Security Wizard where you can set this up
2) Devolved administration of users
2) Devolved administration of users
3) Auth Sig Custom Process
ImprovementsOracle
-record history
- On screen
- WF_LOCAL_ROLES
-inheritance trail
- On screen
- SQL
UCL
-AS cust screen vs role
-AS WF identifiers
-Personalisation vs Grants
Questions?
DEMOSCRATCH: https://ebsdev.adcom.ucl.ac.uk:8406/OA_HTML/AppsLogin
DEV: http://www.ucl.ac.uk/myfinance/dev
Slides not used below here
• Responsibility. But you cannot use it until you also have the “Security Administrator” role
• Gives you access to:
• All User Management Functions
• All Users
• All User Roles Assignments
2) Devolved administration of users
• Roles.
• Give you access to:
• User administration only
• Only users in your part of the hierarchy or below
• Only restricted roles to assign/revoke
2) Devolved administration of users
Default (DO NOT CHANGE THIS)
As an exception, put Nicola at the top of the hierarchy so that she can administer all users:
2) Devolved administration of users