- 14 Posts
- 314 Views
Dynamic role assignment - primarily based on job code and/or department
Distributed user profile functionality, where certain users/groups are authorized to grant and remove specific roles. All of this activity is fully audited so there's a record of who assigned or removed a role from a given user, or modified their row level security.
Peoplesoft Security Administrator within IT receives a request from a designated "functional area owner"
Who is responsible for maintaining PS Financials security in your organization? Our IS department wants to move the responsibility to Accounting. This is a segregation of duties conflict. I appreciate all responses!
PeopleSoft security is maintained
by our Accounting Systems Team, which is part of our Accounting
Diane Freese, FLMI
Manager – Accounting Systems
At AutoZone we have an team of Financial Systems Analysts. This team is part of the Finance organization and manages application access to PeopleSoft financials which includes dynamic assignment rules. The role that permits the ability to manage user access is restricted to use by this team only. The team does not have the ability to record any transactions in the system, such a journal entries or vouchers, which mitigates the potential segregation of duties conflict. This team also manages the configuration of the application and has responsibility for settings like BUs and accounting templates for example. We treat the role that permits the ability to update user access as a sensitive role and perform periodic review to validate that it is only assigned to this team. We also have logging turned on for user profiles so that we can check the log periodically for any instance of a user updating heir own access. These reviews further complement the control environment to mitigate any segregation of duties conflict.
At our organization it is mostly controlled by IT. IT provisions everything except for Nvision access and project costing access. Those require approvals from the business.
City of Richmond
IT is responsible - users enter Help Desk tickets that require Manager approval or above.
My current company has it in IT. However, it works better to be in the Systems group that is the liaison group between IT and Accounting. Sometimes the liaison group reports to IT and sometimes to Accounting. But that still allows for segregation of duties. Having it out of IT allows for better roles/permission list as my experience has been that when in IT the segregation of duties and page level understanding is not there. Happy to discuss in more detail.
PS security is maintained by a project team within the Accounting Operations area….in the business. This group does some configuration in some modules but do not have access to do transactions across the modules. We did discuss with our Information Security Ops team in IT to have them do it, but given the complexity of PS security and the special knowledge it requires, they agreed to have the Business team maintain it.
In our organization, we have a security request form that departments submit their request for security access into PeopleSoft. The PeopleSoft Finance Manager (me) reviews and approves, and then the form is routed to our admin person to update the security in the system. We are looking to automate this further with a GT Form, so upon approval by me the system will be updated automatically.
Hi Jo Ann. In my organization, IT works with the business to define and maintain appropriate permission lists and roles. Basic access (e.g. ESS) is fully automated based on employee status. Roles that provide higher levels of access are administered several ways:
Director of Information Systems
Beth Israel Deaconess Medical Center