Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
NWEUG
2017
Session Rules of Etiquette
Please turn off or silence your cell phone
If you must leave the session early, please do so discreetly as
possible
Please avoid side conversations during the session
NWEUG
2017
A bit about Lewis & Clark
• Kathy Tymoczko, Senior Developer/Analyst
• Lewis and Clark College, Portland, Oregon
• College of Arts and Sciences - ~2000 undergraduates, 166 faculty, 29 majors
• Graduate School of Education and Counseling - graduate degrees, certificates,
licensure and endorsement preparation, and continuing education
• Law School – JD and LLM programs, ~600 students
• Using Colleague since 1986, ST and CF, but no longer HR
• Customization – probably too much, ~130 screens (some of these are WebAdvisor)
• Colleague users - ~210
NWEUG
2017
Introduction
Thanks to Jean Ryan at Luther College who did a session like
this at Ellucian Live 2017
How long has it been since you took the Colleague
Administrator training?
What’s new in Colleague administration?
What do you need to do to keep your Colleague system
humming?
NWEUG
2017
System Maintenance
• Locking out users
• Clearing inactive Colleague sessions
• Software updates
• System security
• Cloning environments
• Changing “datatel” password
• Purging files
NWEUG
2017
Locking users out of Colleague
• Use UIEC (Environment Connection Management) to prevent most
users from using Colleague
• Environment-specific – you can lock users out of your production
environment but still leave the test environment available
• User with UI_NO_LIMITS security class on their OPERS record will
still have access. Be sure you have at least one of these.
NWEUG
2017
Locking users out of Colleague - UIEC
NWEUG
2017
Locking users out of Colleague –
UI_NO_LIMITS
• User with UI_NO_LIMITS security class on their OPERS record will
still have access. Be sure you have at least one of these.
• Your “datatel” or “colleague” user should have this
• Your admin users in IT should probably have this
NWEUG
2017
Locking users out of Colleague – UI_NO_LIMITS
NWEUG
2017
Locking users out of other Colleague-
related systems
• WebAdvisor – you can stop the DMI listener if it has a separate
one or stop the WebAdvisor service (Tomcat, IIS)
• Colleague Studio – change password on CSPA, if necessary (we
don’t do this)
• Self Service
• Other systems such as eTranscripts, Touchnet, TMS, Perceptive
Content
NWEUG
2017
Clearing inactive Colleague sessions
• MUSI (Mark UI Session Inactive) – clear all operators or just one:
NWEUG
2017
Killing Colleague sessions
• Be very, very careful with this
• Why do this?
• For UniData on Unix, use “kill -9”
• For UniData on Windows, use Unidata Extensible
Administration Tool
NWEUG
2017
Software Updates – Issues to Consider
• Frequency of installation – biweekly, monthly, quarterly, on a random
basis?
• Scheduling downtime (for DMI updates especially, since stopping listeners
will kick out users)
• User testing/sign-off before installing in LIVE environment
• Notifying users
• Installing updates out of sequence
• Managing update groups (MSUG, SUGS)
• Cleaning up an environment if installation fails (AEPR)
NWEUG
2017
Software Updates - Types
• Envision (Colleague) updates
• DMI updates
• Installers
• Download all of these with SAValet
NWEUG
2017
Envision Updates and Installer Packages
NWEUG
2017
DMI Updates
• Install in each environment separately
• Stops all listeners (kicks out users)
• Use SAValet to install
NWEUG
2017
DMI Updates – install using SAValet
• Choose which updates you want to install
• Must install in chronological order
• Pay attention to pre- and post-installs if any
NWEUG
2017
Colleague Updates Custom Impact
• For each group of updates, on MSUG, run the “custom impact”
report
• Review any items shown on custom impact report and make
needed changes
• Review any other custom items for necessary changes
• Keep track!
NWEUG
2017
Researching Software Updates - SUSE
NWEUG
2017
Researching Software Updates – SUSE, etc.
• Detail from SOUP to SOUI, SUSI, SUII, SUGI, and down the rabbit hole
NWEUG
2017
Researching installed items - RPIF
• Use RPIF (Release Package Item Finder) for information about a specific
screen, process, data element
NWEUG
2017
Researching installed items – RPIF, RPIO
• Detail from RPIF to see detailed information about the item
NWEUG
2017
Reporting on Software Update - SUPR
• Use SUPR (Software Update Reporting) for detailed reports about
software updates
NWEUG
2017
Software Updates at Lewis & Clark
• Month 1 – download and install all Envision/Colleague updates from the
previous month in DEV environment, create a Google sheet with
information about the updates, IT to review for custom impact, needed
testing, etc.
• Month 2 – install group in TEST environment and notify end users so they
can test
• Month 3 – install group in LIVE environment and notify end users
• This is a “rolling” process, with all three of the above tasks done each
month (on a different group)
• Exceptions – year end regulatory updates and FA updates, follow same
procedure but accelerated
NWEUG
2017
Cloning Environments
• Why clone?
• How often to clone – monthly, quarterly, semi-annually, on demand?
• Clone procedure is documented in “Colleague by Ellucian Installation
Procedures”
• We have a step-by-step document with screen shots
NWEUG
2017
Steps in Clone Process
• Make a note of which software update groups have NOT been installed in the
environment which will be replaced by the new clone
• Remove application environment (and database for SQL)
• Copy apphome directory (and database for SQL)
• Run the clone wizard in SAValet
• Add authentication providers (LDAP, Registry) in SAValet
• Run BECU in the new Colleague environment
• Make necessary changes on any Colleague parameter screens (e.g. PID5, UIWP,
servlets and hyperlinks, UWPR, UIPM, WSPD, maybe others)
• Reinstall all software update groups except those noted on the first step
• Test to make sure things are working
NWEUG
2017
What to do if clone fails
• Start over and try again?
• Search in Ellucian Support Center
• Open a case with Ellucian Support Center
• No idea why it fails
• Main thing that fails for us is listeners not starting in new environment
NWEUG
2017
Changing “datatel” password
• Why do this? IT admin leaving, disgruntled former employee with lots of access,
good practice to do it on a regular basis?
• Document 5039: How to change the admin (ellucianadmin or datatel) password
• It’s a multi-step process and fraught with peril
NWEUG
2017
Purging System Files
• appl.PPROCESS files – use UTJR to produce a report, UTJP to purge
• UILP – User Interface Log Purge (view these files on UILR)
• UAPU – User Activity Purge (run USRA User Activity Report first?)
• _HOLD_, _PH_, SAVEDLISTS
• EDX files
EDEP – EDX Errors Purge
ELGP – EDX Log Purge
EDSP – EDX Status Purge
• ELF batch purge: EBPG for more than one batch, EPRG for one batch
• VOC file? – items with names like RUN…
NWEUG
2017
Colleague Security
• Security classes – role or process based, naming convention
• Security for detail forms
• Field-level security
• Directory security
• Record-level security
• Duplicating users and security classes
• Reporting on security
NWEUG
2017
Colleague Security Classes
• Naming conventions
If application is part of name, easier to deal with on SOD (e.g.
UT.UTMIN, ST.CASHIER) • Mnemonics should be in security classes in the application
e.g. NAE, BIO should be in CORE security class, not in ST, CF, or HR
If NAE is only in a user’s ST class, then must type CORE-NAE to access it
• For mnemonics in “all” applications (e.g. VAL), put them in a UT class and add to
the ADFS (Appl Dependent Form Setup) so that user will be prompted for the
application
• Document 114.16: Troubleshooting Security: Error Messages
NWEUG
2017
Role-based vs. Process-based security classes
• Role-based – all mnemonics for a user’s job in one class (e.g.
registrar, cashier)
• Process-based – set of mnemonics for a particular function (e.g.
process cash receipts, create vouchers and purchase orders)
• We have a mix of these
• Needs thought and testing
• Needs regular review
NWEUG
2017
Security for detail forms
• Access to a form allows the same access (maintenance, inquiry) to any
form that can be detailed to
• You have to use “never do” to exclude detail forms
• Lots of work to better manage detail forms
• Run PSCS for a form to find all the security classes that reference it
and all the forms that detail to it
• Watch for software updates that change or add detail screens
NWEUG
2017
Field Level Security
• Secure fields with sensitive data (e.g. SSN, birth date, GPA)
• Security levels (deny access, inquiry-only, modify data, privileged)
• Define on SCDF (detail from SCD)
NWEUG
2017
Directory Security
• Allow users to view contents of a directory (e.g. FINANCIAL.IMPORTS,
PAYROLL.EXPORTS, others)
• Define on SCDA (detail from SCD) (we’ve never used this)
• Allows access to one or more directories from forms such as FLUL,
FLDL, TCBE
• Use UTFA (BROWSE File Authorization) to control which directories
can be seen on UTFB
NWEUG
2017
Record Level Security
• Allows you to control which records individual users can access
• RSUC – Record Security User Characteristics
• UTMR – Record Security Specifications
• Envision Runtime Administration manual
• Possibly useful documents in the Ellucian Support Center
71.762: Record Level Security Setup Example
125.1328: HR: Record Level Security – Steps to setup
107.19: RSUC/UTMR: Record security for PO/REQ
210.433: Security for dept heads to see only their students
530.48: DSQL/ESQL: How to Limit Access to Queries
NWEUG
2017
Duplicating users and security classes
• Not recommended, but you can copy UT.OPERS and appl.SECLASS records
• If you copy a UT.OPERS record, be sure STAFF record on SVM has correct
operator ID and SOD has correct Org Entity ID
• If you copy appl.SECLASS records, be sure to run BSEC to update pointers in
appl.PRCS.CTL
NWEUG
2017
Reporting on Security
• SCOR – Operator Security Report
• SCPR – Process Security Report
• PSCS – Process Security Report
• The above delivered reports are helpful, but don’t report everything
• Lots of change requests on Ellucian Support Center requesting better security
reporting – follow these
• Do your own reporting with your favorite reporting tool
NWEUG
2017
Transaction Auditing
• Field-level transaction logging
• Full file transaction logging
• How to Envisionize the transaction log files
NWEUG
2017
Field transaction Logging
• DHST (Define Field History) – logs changes to specific fields in a file
• Changes are stored in files called filename.HIST and filename.HIST.LOG (e.g.
PERSON.HIST and PERSON.HIST.LOG
• Ellucian Support Center document 2971: Tracking Field History in Colleague
NWEUG
2017
Full File Transaction Logging
• UTML (Transaction Log Specification) – turns logging on or off for entire file
• Creates a file called TX_filename (e.g TX_PERSON)
• UTXL – report on transactions
• UTTP – purge data when file gets too big
• Ellucian Support Center document 1249: UTML: Transaction logging to track a
file’s activity
NWEUG
2017
How to Envisionize the transaction log files
• Because files are named for each file for which logging is turned on, you can’t
access them in Envision programs
• Document 3778: Envisioning .HIST and .HIST.LOG files
• Document 9218: Accessing HIST files from Envision
• Change request 11893.41 UTML transaction logging should be Envisionized
NWEUG
2017
Questions & Answers