User Management Implementation at UCL Mike Haward April 2015 Version 1.0

User Management Implementationat UCL

Mike Haward

April 2015

Version 1.0

User Management (UMX)(a new Oracle eBusiness Suite module that extends the standard FND security)

User Management at UCL

UCL are using the following features:

1.Roles 2000 responsibilities -> 25 roles

Entry level role (UCL Staff, consists of 5 responsibilities) allocated automatically when employee record created

2.Devolved administration of users 400 paper requests for change per week -> NONE

DA in each department administers their users

3.Custom process for Auth Sig setup 100 paper requests for change -> NONE

1) Roles

UCL have broadly split roles into the following categories:

1) Roles

You can look at the Role definitions and hierarchy on User Management:

But to be honest it’s a lot easier to see in the spreadsheet!

Microsoft Excel Worksheet

Each User Management role is configured to be restricted in 3 ways defining what:

a) Functions you are allowed to use

b) Users you are allowed to administer

c) Roles you are allowed to assign/revoke

As far as I can tell this is common functionality that could be used across any module!

2) Devolved administration of users


FIVE levels of User Management access have been configured:

1. User Management2. User Management for MyFinance Support3. User Management For Finance4. User Management for SFDs5. User Management for DAs

a) Functions b) Users c) Roles

1. User Management Configuration & Setup of User Management

(User Management lead)

ALL ALL ALL

2. UCL Central User Management Administrator

Helpdesk and MyFinance support teams

User Admin Hierarchy* ALL UCL roles

3. UCL Finance Department User Management Administrator

Finance User Admin Hierarchy* Finance RolesDepartmental Roles

4. UCL SFD User Management Administrator

School Finance Directors User Admin Hierarchy* Departmental Roles(inc. DA role)

5. UCL Local Dept User Management Administrator

Departmental Administrator

User Admin Hierarchy* Departmental Roles(exc. DA role)

*Hierarchy - by default your starting point in the Hierarchy will be your position in the Org Hierarchy according to your employee (per_all_people_f) recordTo change a User Management user’s default starting position in the hierarchy then use the User Level Profile Value: UCL User Management Hierarchy Point


a) Functions you are allowed to use

•Role defn includes a ‘Grant’ called UCL Local User Admin Grant User Management UIs


We should have excluded those. But we left them there and then personalised them away. Doh!


b) Users you are allowed to administer

•Role defn includes a ‘Grant’ called User Administration Privileges


Your default hierarchy starting position

Or your profile value if you have one set


c) Roles you are allowed to assign/revoke

•Role defn includes a Security Wizard where you can set this up



3) Auth Sig Custom Process

ImprovementsOracle

-record history

- On screen

- WF_LOCAL_ROLES

-inheritance trail

- On screen

- SQL

UCL

-AS cust screen vs role

-AS WF identifiers

-Personalisation vs Grants

Questions?

DEMOSCRATCH: https://ebsdev.adcom.ucl.ac.uk:8406/OA_HTML/AppsLogin

DEV: http://www.ucl.ac.uk/myfinance/dev

https://ebsdev.adcom.ucl.ac.uk:8406/OA_HTML/AppsLogin

http://www.ucl.ac.uk/myfinance/dev

Slides not used below here

• Responsibility. But you cannot use it until you also have the “Security Administrator” role

• Gives you access to:

• All User Management Functions

• All Users

• All User Roles Assignments


• Roles.

• Give you access to:

• User administration only

• Only users in your part of the hierarchy or below

• Only restricted roles to assign/revoke


Default (DO NOT CHANGE THIS)

As an exception, put Nicola at the top of the hierarchy so that she can administer all users:


Documents

User Management Implementation at UCL Mike Haward April 2015 Version 1.0