IAM
Space shortcuts

Log in to ASTRA
Manage UW Groups
Manage UW NetID Resources
Manage UW CA Certs
Manage InCommon CA Certs
Register/Update Shibboleth SP

IAM in Service Catalog

Access Management
Authentication
Directory Services
UW NetID
UW Directory
Microsoft Infrastructure

Page Tree

Child pages
  • UW groups for access to Legacy HR reports
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

DRAFT

ANALYSIS
Customers

Alin Hunter, UW-IT – The groups define in this design proposal will be used for Legacy HR/P Archive reports hosted in the BI Portal; also possibly for email notices about the reports.

Application Use

BI Portal.
TBD. Email – Mailman? Marketo?

Membership (Business Definition)

Group memberships are defined as individuals with one of the assignable security roles in Workday.

See https://isc.uw.edu/admin-corner/security-roles/assignable-roles/

See https://isc.uw.edu/support-resources/how-to-get-workday-help/named-support-contacts/

Business ProcessWorkday security role management
System of RecordWorkday
Subject AreaMaster Data
Business DomainMaster Data – Services & Resources – HR/P – Access permissions and restrictions
DESIGN
TypeGroup (security role)
Home Groupuw_isc
Group IDs
Assignable RoleWorkday Role IDGroup ID
Academic PartnerAcademic_PartnerTBD
Costing Allocations CoordinatorCosting_Allocations_CoordinatorTBD
HCM Initiate 2HCM_Initiate_2TBD
HR PartnerHR_PartnerTBD
VO-STAFF-COMP-COST
TBD
Academic Personnel Office PartnerAcademic_Personnel_Office_PartnerTBD
HR Office PartnerHR_Office_PartnerTBD
CBU - Benefits Office Partner
TBD

Absence Office Partner


TBD

Labor Relations / Union Office Partner

Labor_Relations_Union_Office_PartnerTBD

ISC – Retiree Office Partner


TBD
HR Auditor
TBD
Payroll Auditor
TBD
ISC – Payroll Office Partner
TBD
ISC – Compensation Office Partner
TBD
Display Name

TBD. Need to check if Workday has a user-friendly display name for each Workday security role.

Lifecycle Policy (Creation)

Groups will be created only for approved uses related to Legacy HR/P Archive reports.

Lifecycle Policy (Deletion)

Groups will be deleted when custodians request and plan for their deletion.

Membership (Direct)

Direct membership of each group would include the UW NetIDs of individuals assigned to the specific Workday security role.

Membership (Exceptions)

No exceptions for additions or deletions. All updates will be mastered in Workday.

Membership (Grace Period)

None

Membership (Opt-in)N/A
Membership (Opt-out)N/A
Contact Person

TBD. A contact appropriate for Workday security role support, e.g. "ischelp".

Description

TBD. Define descriptions that help potential customers understand fit for purpose and use, including lifecycle policy, membership policy, data quality standards, appropriate use guidelines, access control policy, ownership, and contact information. Some business processes master data that can be used for descriptions.

More InformationN/A 
Application Settings (Exchange)

Inactive; change to settings will require custodian approval.

Application Settings (Google)

Inactive; change to settings will require custodian approval.

ACCESS CONTROL
Data Custodian

Nancy Jagger, Rachel Gatlin, Margaret Stuart, Cindy Gregovich

Classification

TBD. Determine the appropriate UW data classification (Public, Restricted, Confidential).

Access Control PolicyTBD. Decide and document the access control policy including membership viewer control, sender control, appropriate use guidelines, terms and conditions of use, etc.
Membership Viewer ControlTBD. Define the membership viewer control, including exceptions to the access control policy.
Sender ControlN/A
IMPLEMENTATION
Data Source

HRPWS

Membership (Technical)

TBD. Define the technical definition of the memberships in terms used by the data source and its data elements, as well as any additional filtering.

ProvisioningTBD. Define a provisioning model for data integration and reconciliation that ensures the groups are created in accordance with their lifecycle policy and managed in accordance with their data quality standards.
De-ProvisioningTBD. Define a de-provisioning model that ensures the groups are deleted in accordance with their lifecycle policy.
MonitoringTBD. Define a monitoring solution that helps identify incidents and problems, particularly those that impact availability and reliability.
Data Quality Standards

TBD. Define data quality standards under normal operations, including data validation rules, timeliness of updates, defined error rates, integrity monitoring, and reliability. The standards will depend on the business process, system of record, data source, provisioning and de-provisioning models, monitoring, and operations.

Internal DocumentationTBD. Define what internal documentation will be developed and where it will be maintained.
Customer DocumentationTBD. 
Communication PlanTBD. Alin and Snezana will coordinate communications with BI Portal report users and other stakeholders.
OPERATIONS
Request FulfillmentTBD. Define how requests will be fulfilled. For example, standard requests for information, access to memberships, membership exceptions, email settings, design changes, etc.
Incident ManagementTBD. Define how incidents will be handled.
  • No labels

Have a question? Contact us at iam-support@uw.edu.