IAM in Service Catalog
HRP Modernization Groups Changes
HRP Modernization and Workday Groups are Live!
We've transitioned employee groups previously sourced from HEPPS data to newly modeled Workday sourced groups.
Rather than provision groups that have additional or custom filtering based on job class, earn type, or some other criteria we now provide a standard set of human resource groups.
Using the new HR data from Workday, human resource groups are based on:
Cost Center: using the default Cost Center on the Worker Position (similar to ‘apptdeptbdgt’ sourced groups from HEPPS).
Supervisory Org: using the Supervisory Org on the Worker Position (supervisory reporting structure, not pay-based).
Academic Unit: using Academic Unit on the Academic Appointment ( academic reporting structure, not pay-based).
The existing employee groups that have additional or custom filtering will be discontinued.
The existing employee groups will become stale with no updates but will not be removed for the foreseeable future.
This document describes support in the UW Groups Service for human resource groups comprising current UW academic personnel, staff, and student employees by unit. This document covers group naming, data integration, data quality, life cycle, classification, and access control. UW human resource groups are created for campus units upon request.
UW human resource groups are intended to support effective and efficient day-to-day operations of UW departments, units, programs, teams, and applications by providing timely, accurate group memberships representing UW academic personnel, staff, and student employees by unit.
Human resource groups are identified by UW Group IDs that conform to the UW Group Naming Plan. The following affiliation/organizational stems are reserved for them:
Each human resource group is identified by a series of naming components:
Baseline set - Cost Center
Example format for Cost Center group-id: uw_org_<wd-source><3digitFINorg><costcentervalue><type>
Example format for Supervisory Org group-id: uw_org_<wd-source><supervisoryorgID><subtype>
uw_org_supervisoryorg_som_000001 (flattened membership which includes people of all worker types into one group; also includes the Supervisor of the Supervisory Org as a member).
Job Management Supervisory Orgs
Departments with workers in "job management" positions will have supervisory orgs for those job management positions. There are four classifications for Job Management, including:
Job Management (JM) supervisory org groups have a flat membership, and no sub-types (because these JM supervisory organizations only contain members who are one type of worker, there is no need to have the other types, which would be empty groups).
Examples of 4 JM sup orgs:
Example format for Academic Unit group-id: uw_org_<wd-source><academicunitvalue>
By use of examples, the following table illustrates the classes of human resource groups that have been provisioned into the UW groups service:
Cost Center based:
Employees with a Worker Position with a default cost center.
Grouped by type: staff, academic worker and student worker.
Groups contain UW employees with a Worker Position which has the default cost center ...:
Supervisory Org based:
uw_org_supervisoryorg_isch_000001_staff uw_org_supervisoryorg_isch_000001_academicworker uw_org_supervisoryorg_isch_000001_studentworker
Employees in Positions within a Supervisory Org reporting structure. Supervisory Organizations are defined in a tree structure, which reflects the hierarchy of the university. Currently the Supervisory Organization groups reflect this hierarchy. They contain people in any given supervisory organization along with workers in any of it's child supervisory organizations.
We created a top-level supervisoryorg group without subtypes. This top-level group includes the Supervisor of that Supervisory Org and all Workers with Primary Worker Position assigned to that Supervisory Org or with that Supervisory Org as a superior.
For example, UWIT_000001 contains ALL people within the UWIT_000001 supervisory organization as well as people in every child UWIT supervisory org. The UWIT_000001 supervisory organization group will contain all people within UW-IT.
Supervisory Orgs are grouped by type: staff, academicworker and studentworker. Also has a supervisory org group for all workers regardless of ECS Code.
Groups contain UW employees in a supervisory organization that also meet the following criteria:
Supervisory Org Job Management based:
Employees in Job Management positions within a Supervisory Org reporting structure.
The job management supervisory org groups will not be broken out further into sub-types by ECS codes.
Groups contain UW employees in a job management supervisory organization that also meet the following criteria:
Job Management Supervisory Organizations usually are made up of workers with the following ECS Codes:
Academic Unit based:
Employees with an Academic Appointment within an Academic Unit reporting structure.
Includes paid and unpaid academic appointments.
Human resource groups are based on data integration of UW HR data available in the Operational Data Store (ODS) into the groups service, such that a hierarchy of groups exists for each requesting unit or organization, identified by its supervisory organizations, cost centers and academic units. The groups are updated nightly.
The following table summarizes the most relevant aspects of data integration between the ODS and the groups service, related to identifiers, display names, descriptions, memberships, contacts, classification, and access controls.
Data Integration Notes
Group IDs for human resource groups include supervisory organization id, cost center, academic unit and affiliation as derived from UW HR data in the ODS.
Group Display Name
Display names include HR data source type and value .
'Staff in Supervisory Org ISCHL_000001'
Human resource group descriptions contain the HR data source type , value, and description followed by appropriate use guidelines, e.g.
Human resource groups have no owner or contact specified.
Group Access Controls
The membership viewer control permits interactive browser access for all UW employees (i.e. members of the group uw_employee).
UW Google Apps
Human resource groups may be enabled for use in UW Google Apps, upon request. Groups in UW Google Apps will not allow anyone to view the membership.
Human resource groups may be enabled for use in UW Exchange, upon request. This business rule is in place to ensure the privacy restriction on the group memberships, which the current design of the UW Exchange service may or may not be able to enforce by itself.
Group Membership List
Human Resource group memberships are reconciled nightly to accurately represent current operational data rather than historical data. Members are identified by UW NetID.
This section summarizes the data quality standards for human resource groups represented in the groups service.
Data Validation Rules: Validation rules are applied only to ensure that employment data conforms to the constraints of the groups data model. Therefore, the accuracy of human resource groups, including names and memberships, is primarily determined by the quality and validity of the source UW HR data provisioned from the ODS.
Timeliness of Updates: Under normal operating conditions, once employee group data is updated in the ODS, updates will propagate to the groups service nightly.
Defined Error Rates: Overall, the groups service relies on the ODS, as the system of record for employment data, to define the frequency of errors in employee group data. However, some discrepancies are expected between ODS and human resource groups, if for example, loading of the ODS is delayed.
Integrity Monitoring: The integrity of employment data is ensured during secure transport between ODS and the groups service. Physical, system, and administrative controls are used on the groups service to maintain integrity.
Reliability: human resource groups are provisioned from ODS using a nightly process monitored to ensure reliability and availability of the groups. When abnormalities such as potentially corrupt or incomplete data feeds are detected during the provisioning process, updates are not applied until the abnormalities are reviewed. The reliability of human resource groups, once provisioned, is that of the groups service itself: 24 hours a day, 7 days a week, with rare exceptions.
The following lifecycle policy provides advanced notification of human resource group availability to help customers make informed information technology decisions, anticipate de-provisioning, identify other business needs, and provide feedback.
Lifecycle Policy: The lifecycle policy for human resource groups is based on source data. UW Human Resource groups are retained indefinitely. Though the groups themselves are retained, membership changes dynamically based on local personnel changes and/or structural decisions that propagate to Workday.
The data custodians for HR data classify faculty and staff human resource groups as public and student human resource groups as restricted. These classifications form the basis of the following access control policy and appropriate use guidelines, and they are the basis of the membership viewer control and group descriptions.
Access Control Policy: Having considered the privacy, security, and compliance concerns and acknowledging the business needs and widespread operational efficiencies enabled via UW human resource groups, the data custodians have established an access control policy that grants permission to view employee group memberships to all UW employees (i.e. current faculty, staff, and student employees) as well as processes acting on behalf of UW employees. Non-employee access (including students, affiliates, and other third parties) and other exceptions to this policy may be authorized by the custodians on a case-by-case basis, based on establishing a business need and/or an appropriate data sharing agreement.
Appropriate Use Guidelines: Use of human resource groups is subject to the following appropriate use guidelines. Permission to view employee group memberships is granted on the condition that authorized clients use the memberships for appropriate business purposes in support of the UW mission. Authorized clients are responsible for enforcing the defined access control policy (above) and may not share employee group memberships with unauthorized parties without first obtaining authorization to do so. Copying and posting the membership of a employee group in a public location, or sending the membership via email, is unadvised and may violate the access control policy. human resource groups may be used in limited ways to contact employees in support of the UW mission. All users are expected to know and follow the rules related to ethical and appropriate use of UW computing and networking resources. These rules include guidelines on email use that apply to the use of human resource groups with email.
Knowledge Navigator: (Useful for terms like cost center, supervisory org, academic unit, worker position, academic appointment.)
"Find My People" wiki page (by Eric Elkins)