IAM in Service Catalog
Paid employees who are eligible to be authorized for EDW.
|Membership (Business Definition)||All current paid employees.|
|System of Record||Workday|
|Subject Area||Human Resources|
uw_affiliation_'paid-workers' (placeholder name)
"UW Workers" (similar to uw_affiliation_employee)
|Lifecycle Policy (Creation)|
|Lifecycle Policy (Deletion)|
Group will be deleted when there is no customer demand; data retention schedules apply.
UW NetIDs of all current paid workers.
|Membership (Grace Period)|
|Membership (Opt-in)||No opt-in|
|Membership (Opt-out)||No opt-out|
The UW Workers group is updated nightly from the ODS. This group is available for appropriate business purposes in support of the UW mission. All users are responsible for enforcing the defined access control policy and may not share paid-workers group memberships with unauthorized parties without first obtaining authorization to do so. All users are expected to know and follow the rules related to ethical and appropriate use of UW computing and networking resources. Please contact firstname.lastname@example.org for questions about using this group.
|Application Settings (Exchange)|
|Application Settings (Google)|
|Data Custodian||Rachel Gatlin|
Restricted – same confidentiality impact factors as similar employee affiliation groups (e.g. uw_affiliation_staff-employee). See Classification for Institutional Employee Groups
|Access Control Policy||Data custodians grant permission to view the group memberships to all UW employees as well as processes acting on behalf of UW employees. Non-employee access (including students, affiliates, and other third parties) and other exceptions to this policy may be authorized by the custodians on a case-by-case basis, based on establishing a business need and/or an appropriate data sharing agreement.|
|Membership Viewer Control||uw_employee or u_groups_affiliation_employee-read|
|Sender Control||N/A (not supported yet except via Exchange and Google settings)|
Defined as a SQL query on tables in ODS based on ECS code = 'E'.
ECS code is available in ODS copying it from JobProfile table to WorkerPosition and WorkerPositionDetail tables based on the JobProfileID in WorkerPosition and WorkerPositionDetail tables. For example, select * from ODS.sec.WorkerPosition where ECSCode = 'E'
|Provisioning||PaidWorker_GroupMaker + TegeaGWSGroupUpdater (adds members)|
|De-Provisioning||PaidWorker_GroupMaker + TegeaGWSGroupUpdater (removes members)|
|Monitoring||TegeaGWSGroupUpdater is monitored.|
|Data Quality Standards|
Same as other groups provisioned from HR data in ODS.
|Internal Documentation||See PaidWorker_GroupMaker + TegeaGWSGroupUpdater|
|Customer Documentation||Professional Staff Affiliation Group (make a similar Paid Worker Affiliation group documentation page?)|
|Communication Plan||Email EDW team (Rob McDade, John Mobley) when available. This group would be part of EDW eligible user population for 'who can be authorized for EDW'.|
|Request Fulfillment||Access requests to view the membership will be fulfilled through UW Connect, including custodian approval records.|
|Incident Management||TegeaGWSGroupUpdater errors are emailed into UW Connect|