security management system for department sponsors session #20244 march 15, 2006 alliance 2006...

Security Management Security Management System for Department System for Department

SponsorsSponsorsSession #20244March 15, 2006

Alliance 2006 ConferenceNashville, Tennessee

2

Your PresentersYour Presenters

Jeralyn SnowJeralyn Snow•

3

Your Presenters (Continued)Your Presenters (Continued)

Terri PinkstonTerri Pinkston• Controller for OUController for OU• HRMS and Financials Functional HRMS and Financials Functional

LeadLead• 16+ years of Higher Ed experience16+ years of Higher Ed experience• 20+ years of accounting 20+ years of accounting

experienceexperience

4

Your Presenters (Continued)Your Presenters (Continued)

Karen SturtzKaren Sturtz• HRMS and Financials HRMS and Financials

Implementation Technical LeadImplementation Technical Lead• 10+ years of PeopleSoft 10+ years of PeopleSoft

experienceexperience• 20+ years of IT experience20+ years of IT experience

5

OverviewOverview

Department sponsors use an on-Department sponsors use an on-line system called Financial line system called Financial Account Management System Account Management System (FAMS) to maintain what data (FAMS) to maintain what data Campus Users have access to in Campus Users have access to in HRMS and Financials and what HRMS and Financials and what functions they can perform. functions they can perform. Information from FAMS is fed to Information from FAMS is fed to HRMS and Financials to update HRMS and Financials to update various tables within the systems.various tables within the systems.

6

Agenda/ContentsAgenda/Contents

• Overview of OUOverview of OU• The Birth of Financial Account The Birth of Financial Account

Management System (FAMS)Management System (FAMS)• FAMS sideFAMS side• PeopleSoft side with focus on PeopleSoft side with focus on

FinancialsFinancials

7

The University of OklahomaThe University of Oklahoma

8

The University of OklahomaThe University of Oklahoma

• Located in Norman, a city of ~ 100,000 residents, located 20 miles south of OKC.

• Enrollment on Norman Campus: 24,569

• Faculty & Staff FTE: 3,935

9

The University of OklahomaThe University of Oklahoma

• Total Norman Campus Budget: $511,240,169

• Total Norman Campus Sponsored Programs: $122,890,974

10

University of Oklahoma and University of Oklahoma and OracleOracle

• HRMS 8.0 - November 2002HRMS 8.0 - November 2002

• HRMS 8.8 – Upgrade 2004HRMS 8.8 – Upgrade 2004

• Financials 8.8 – July 2005Financials 8.8 – July 2005- General Ledger- General Ledger

- Purchasing- Purchasing

- Accounts Payable- Accounts Payable

- Asset Management- Asset Management

• Budgeting 8.9 (go live April 2006)Budgeting 8.9 (go live April 2006)

11

The Birth of FAMSThe Birth of FAMS

HRMS was the first ERP module implemented

• Moved from a legacy system with on-line capabilities

• HRMS department vs Financials department (funding source)

Decentralized functions • Approximately 500 department sponsors• Many “non-sponsors” using legacy system

12

The Birth of FAMSThe Birth of FAMS

In-house system created in Oracle• Departments and sponsors fed from Financials• “Roles” were developed for HRMS• Sponsors given access to their departments to

add “proxies” for their departments.• Allowed us to have row level security in PS

based on roles assigned to proxy in FAMS.

Leveraged existing system when Financials was implemented

• Developed roles for Financials• Enhanced the process for updating security in

PS

13

FAMSFAMS

14

FAMSFAMS

15

FAMSFAMS

16

FAMSFAMS

• Must have an EmplID in HRMS to access FAMS.

• Must have an EmplID in HRMS to be designated a proxy.

• Create Proxy – gives individual same abilities as sponsor.

• FAMS is used for the security of an in house Personnel Action Form (PAF) system as well as HRMS and Financials.

17

FAMSFAMS

18

FAMSFAMS

• Sponsored Program departments = xx5xxxxxx

• Teams of Sponsored Program specialists are responsible for groups of Sponsored Program departments

• “Grants and Contracts Teams” captures the members of the teams

• “Grants and Contracts Departments to Teams” captures the departments that belong to each team

19

FAMSFAMS

FAMS does not govern the security of all employees.

• Financial Support Services• Internal Auditing• Purchasing

20

FAMS – The PeopleSoft SideFAMS – The PeopleSoft Side

• Create Record / Page Definitions for the Deptid / Project Authorization tables.

• Create Search / Add views to select / retrieve Deptids / Projects that a Campus User has access to, based upon the Authorization Tables.

• Modify Prompt tables in Record Definitions to use Custom Security Views.

• Modify identified Component Definitions to use Custom Security Views.

21

FAMS – The PeopleSoft SideFAMS – The PeopleSoft Side

1. PeopleTools Customizations2. Interface / Data Requirements3. Detail Design

− Custom Field Definitions and Translate Values

− Custom Record Definitions− Customized Record Definitions− Custom View Definitions− Customized Components− Custom Page Definitions

4. Custom Interface Batch Process – SQR5. Modified Delivered SQR Reports 6. Row Level Security7. Maintenance

22

FAMS – PeopleTools FAMS – PeopleTools CustomizationsCustomizationsCustom Field Definition -

OU_GL_AUTHCODE. • Auth Code Translate values:

− 001 Financials Inquiry Only− 002 Requisition Add / Update /

Cancel− 003 Requisition Approve− 004 PO Receiving

23

FAMS – PeopleTools FAMS – PeopleTools CustomizationsCustomizationsCustom Record Definitions• OU_GL_DEPTAUTH

− Captures Deptid(s) and corresponding Fund Codes per User ID.

− Data retrieved from FAMS, updated by batch process.

• OU_GL_PROJAUTH

− Captures Project(s) and corresponding Fund Codes per User ID.

− Data retrieved from FAMS, updated by batch process.

24

FAMS – PeopleTools FAMS – PeopleTools CustomizationsCustomizationsCustomized Record Definitions:

Prompt Tables pointed to custom views.• Enforces row level security by retrieving

Deptids / Projects for specific Auth Codes

CFCC2_AKS_SBR INQ_CRIT_TBL

JRNL_ERROR_REQ JRNL_PANELS_WRK

JRNL_PANELS_WRK PO_ACTG_ENT_WRK

PV_RECV_FILTER PV_REQ_HDR_WRK

REQ_ACTG_ENT_VW REQ_HDR

REQ_HDR REQ_HDR_VW

REQ_INQ_WRK REQ_LN_DISTRIB

REQ_PNLS_WRK REQ_RECON_SEL

25

FAMS – PeopleTools FAMS – PeopleTools CustomizationsCustomizationsCustom View Definitions:

Various Custom views cloned from original views• Retrieves Deptids / Projects for specific Auth

Codes.OU_GL_DAUTH_VW OU_JRNL_HDR_VW OU_INQ_EDALL_VW

OU_GL_PAUTH_VW OU_JRNL_NPST_VW OU_INQ_EPALL_VW

OU_GL_SPDATH_VW OU_KKQ_BDLD_VW OU_PO_DAUTH_VW

OU_INQ_DALL_VW OU_KKQ_BDLL_DVW OU_PO_PAUTH_VW

OU_INQ_DAUTH_VW OU_KXCP_BD_VW1 OU_PO_RQSTR_VW

OU_INQ_PALL_VW OU_KXCP_GL1_VW1 OU_REQ_SRCH

OU_INQ_PAUTH_VW OU_KXCP_PO2_DVW OU_RQID_ACTG_VW

OU_JRNL_ALL_VW OU_KXCP_PO2_VW1 OU_RQSTR_ACT_VW

OU_ JRNL_DATE_VW OU_SPEEDTYP_VW OU_SPEEDAUTH_VW

OU_JRNL_HDR_FVW OU_XCP_INQ_SRCH

26

FAMS – PeopleTools FAMS – PeopleTools CustomizationsCustomizationsCustomized Components:

Changed Search records to Custom Views • Retrieves Deptids / Projects for specific Auth

Codes.

JOURNAL_ENTRY_IE JOURNAL_FS KK_INQ_BD_DETAIL KK_XCP_BD KK_XCP_GL1 KK_XCP_PO2 REQUISITIONS

27

FAMS – PeopleTools FAMS – PeopleTools CustomizationsCustomizationsCustom Department Auth Page:

28

FAMS – PeopleTools FAMS – PeopleTools CustomizationsCustomizationsCustom Project Auth Page:

29

FAMS – Custom Interface Batch FAMS – Custom Interface Batch Process Process

SQR Process that:Updates PS Financials Security tables with User

Roles:

• PSROLEUSER− ReportSuperUser− EOPP_USER− OU_GL_INQ_CAMPUS - Financials Inquiry Only − OU_PO_REQADD_CAMPUS - Requisition Add / Update

/ Cancel − OU_PO_REQAPPR_CAMPUS - Requisition Approve− OU_PO_RECV_CAMPUS - PO Receiving

• PS_ROLEXLATOPR

30

FAMS – Custom Interface Batch FAMS – Custom Interface Batch Process Process

Updates Department and Project Authorization tables

• OU_GL_DEPTAUTH• OU_GL_PROJAUTH

with authorized Deptid / Project values and Auth Code information from FAMS.

31

FAMS – FAMS – Custom Interface Batch Custom Interface Batch ProcessProcess Retrieves Fund Code for the Deptid / Project ID

from the PeopleSoft SPEEDTYP_TBL. Inserts the appropriate FUND_CODE into the Authorization tables.

Updates the PS_REQUESTOR_TBL and the Requisition Setup section of the User Preferences (PS_OPR_DEF_TBLs).

NOTE: In order to retrieve data efficiently, FAMS must have a LAST UPDATE DTTM stamp on every row that it stores. This enables the PS Financials system to retrieve data based on a date or a date range.

32

FAMS – FAMS – Modified Delivered SQR Modified Delivered SQR ReportsReports

GLS7002 - General Ledger ActivityFIN2001 - Journal Entry DetailGLS7011 - Journal Error ReportGLS8005 - Budget Transaction DetailGLS8010 - Budgets / ActualsGLS8020 - Budget Status ReportGLS8510 - Ledger Details report

33

FAMS – FAMS – Row Level SecurityRow Level Security

Permission Lists and Roles were developed to control Campus user access to the Maintain Requisitions pages.

Row level security then ensures that the Campus user only adds, approves or changes requisitions for Deptids / Projects for which he or she is authorized.

On specific pages, when a SpeedChart is selected, the DEPTID /PROJECT_ID is validated against the PS_OU_GL_DEPTAUTH / PS_OU_GL_PROJAUTH custom Authorization tables to ensure the Campus user has the appropriate Add authority for the Deptid / Project selected.

34

FAMS – Row Level SecurityFAMS – Row Level SecurityWhen a Campus users clicks on Speedchart, the values are limited to what is stored in the Authorization Tables.

35

FAMS – MaintenanceFAMS – Maintenance

Interface Monitoring: • Should be monitored daily.• Can be re-run many times in batch mode or

on an ad-hoc basis. • Can be run for a date range, or default to

current date

Application Message Monitoring: • Partial Sync application message sync’s the

User Profile (only) data between HR and Financials.

• Monitor message on a daily basis. If errors or remains in a NEW status, OPRIDs may not be created in Financials.

36

FAMS – MaintenanceFAMS – Maintenance

Changes to FAMS: • Changes to table structures in FAMS must be

addressed in the FAMS to PS interface.

• The rest of the row level security code in PS will not be affected.

• The PS Financials row level security hinges

on the Authorization tables PS_OU_GL_DEPTAUTH and PS_OU_GL_PROJAUTH tables. Changes to these custom tables will affect Row Level Security.

37

FAMS – MaintenanceFAMS – Maintenance

Impact of Patches and Fixes:

• Care must be taken not to overwrite custom Search views for components and prompt table edits for Record Definitions.

• Document all modifications, including SQR’s.

• Run compare reports prior to applying patches to show comments and customizations.

38

Questions?Questions?

39

ContactsContacts

Terri PinkstonTerri PinkstonControllerControllerUniversity of OklahomaUniversity of OklahomaE-mail: terri@ou.eduE-mail: terri@ou.edu

Karen SturtzKaren SturtzPeopleSoft Team LeadPeopleSoft Team LeadInformation TechnologyInformation TechnologyUniversity of OklahomaUniversity of OklahomaE-mail: karen-sturtz@ou.eduE-mail: karen-sturtz@ou.edu

This presentation and all Alliance 2006 This presentation and all Alliance 2006 presentations are available for presentations are available for

download from the Conference Sitedownload from the Conference Site

Presentations from previous meetings are also availablePresentations from previous meetings are also available