Goals of this Session: Discuss all of those items related to Access to Information.. You – H/R completely control: –Access for the employee and to what they can see –Access for staff according to their current assignment and what employee information they can see/edit –** This is scary but extremely efficient ** Discuss EC Userid and Password process Discuss newfound ‘tight’ relationship with I/T – how can this happen, how can we manage this without adding to our workload? Why and to what degree should H/R be involved? Security & Access
Employee has access providing they are an active employee (main status = Y) –PAY.324 access to update their info (PAY.190) –EIS.122 access to appropriate folders –EIS.131 access particular certificates/expiry notices How to generate EC password? CIMS can do this automatically for you!!! Nightly job will look for new employee and auto-create a random password. THEN, Employee uses ‘Forget my password’.. No maintenance! Seriously CONSIDER Security & Access
Staff have AdminConnect access based on –A match between PRO.300 and PRO.100 which keys on position, location, sub-type. More than one person could be assigned to the same CIMS Userid –PAY.324 ability to provide forward access at times (beginning of school year) based on the cut-off date –Super important: RES.000 PAY.ACC SUB.000 Confirmation: What districts have NOT gone to generic User Profile names for iSeries?? Security & Access
Reminder: Our goal is to achieve our own version of single signon –Employee signs into EC (can align password with network password (or not) and that is IT – access to all other modules NO additional password! No need to know/see iSeries userid or password - ever! Take Two program changes –EIS.331 scrambled/encrypted password –EIS.331 manage password option to enforce (or not) users to change their password every X days –When SC or AC launched, AS/400 user profile sign in field updated so iSeries is aware that userid is being used. Security & Access
Relationship with I/T –SD23, BSD, RETSD, SDML, PLPSD: CIMS nightly job looks at PRO.300 history and provides a change report (or full file) that describes all user changes. Super complex process and hugely more accurate than any daily list you could be providing to them right now! I/T uses this report to do their work (setup in AD, , VOIP, distribution lists) –New PRO.150 available for CIMS to automatically generate your distribution lists accurately each night based on CIMS PRO.300 … HUGE, HUGE POTENTIAL EVERY district using PRO.300 should be exploiting this with I/T … If not – a huge manual process must be occurring! Security & Access
Relationship with I/T –Does I/T have EIS.380 access to CIMS (or AC) and do they understand how to read PRO.300 history records?? Wouldn’t this help them immensely? –Some districts provide I/T with EIS.332 – maintain addresses for employees.. Some districts – H/R adds this, some districts upload a file each night to CIMS … other districts ????? Security & Access