IAM in Service Catalog
This document describes support for UW employee location groups including naming, data integration, data quality, lifecycle life-cycle and access controls.
Employee location groups represent groups of UW employees by job location.
The following affiliation/organization stem is reserved for them:
Each group is identified by this pattern of naming components:
The "workday-location" component is substituted with the name of employee's position's location id.
Data Integration Notes
Group IDs include a lower case version the location id, e.g.
Group Display Name
Display names include the location id, e.g.
Group descriptions include location id, e.g.
"Current employees who hold a position that has location ID "Seattle Other Buildings". This group is updated nightly from the HRPWS. It is available for appropriate business purposes in support of the UW mission. Access to the membership is controlled. Authorized clients are responsible for enforcing the defined access control policy and may not share employee group memberships with unauthorized parties without first obtaining authorization to do so. All users are expected to know and follow the rules related to ethical and appropriate use of UW computing and networking resources. Please contact firstname.lastname@example.org for questions about using this group."
Employee location groups have no owner or contact specified.
Employee location groups are classified as restricted .
Group Access Controls
Employee location groups have a membership viewer control that enforces the defined access control policy (below). Only members of the blah group and blah group u_groups_org_location-read are authorized to view these memberships.
UW G Suite
Employee location groups can blah cannot be enabled for use in UW G Suite by request. In UW G Suite, the sender control is set to "UW" and the viewer control to "members only".
UW Exchange Status
Employee location groups blah cannot be enabled for use in UW Exchange. This business rule is in place to ensure the privacy restriction on the group memberships, which the current design of the UW Exchange service cannot enforce by itself.
Group Membership List
Memberships are reconciled nightly to accurately represent current operational data rather than historical data. Members are identified by UW NetID.
The data custodians for employee data classify employee location groups as blah publicrestricted. This classification forms the basis of the following access control policy and appropriate use guidelines. It is also the basis of the required membership viewer control and group description text (described above).
Access Control Policy: Having considered the privacy, security, and compliance concerns and acknowledging the business needs and widespread operational efficiencies enabled via UW employee location groups, the data custodians for HR data have established an access control policy that grants permission to view employee location group memberships to blah all UW employees (i.e. current faculty, staff, and student employees) as well as blah processes acting on behalf of core UW employees. Non-employee access (including students, affiliates, and other third parties) business needs. Access for third parties may be authorized on a case-by-case basis, based on establishing a business need and/or an appropriate data sharing agreement.
Appropriate Use Guidelines: Use of employee location groups is subject to the following appropriate use guidelines. Permission to view employee location group memberships is granted on the condition that authorized clients use the memberships for appropriate business purposes in support of the UW mission. Authorized clients are responsible for enforcing the defined access control policy (above) and may not share group memberships with unauthorized parties without first obtaining authorization to do so. Copying and posting the membership of a employee location group in a public location, or sending the membership via email, is unadvised and may violate the access control policy. Employee location groups may be used in limited ways to contact employees in support of the UW mission. All users are expected to know and follow the rules related to ethical and appropriate use of UW computing and networking resources. These rules include guidelines on email use that apply to the use of employee location groups with email.
blah HR Employee Data Reference
blah HR Employee Location Data ReferenceWorkday Location Directory report/list