Security • Security controls access to the system. • IRIS will employ role-based security Access (security) is granted depending on what a user (or group of users) needs to do in the system based on job responsibilities. Examples of job roles: • A/P Invoice Accountant • Controller Accountant • Buyer • Approver
Security Options • Open (The University of Mississippi) • Access to functionality • Elimination of paper processes such as IDIVs • Ongoing maintenance costs reduced • Partially Restrictive (Texas State University at San Marcos) • Access to functionality within an area • Elimination of paper processes within the area (cross-area will require paper) • Additional ongoing maintenance • Highly Restrictive (University of Tennessee) • Reduced access to functionality • Paper processing for all IDIVs will continue. • A significant addition of resources will be required for implementation and ongoing maintenance.
Security in IRIS The University has opted for OPEN security to: • Take advantage of functionality • Reduce paper processing • Use drill-down features • Reduce maintenance costs
Security in IRIS • Setting security roles ONLY for Financials, Material Management (Purchasing), and Student Accounting now. • All data protected legally or by regulation will be protected in IRIS. • Employees will sign statement of responsibility and a notice of responsibility will appear at each log on. • User IDs and Passwords must not be shared. • Current Policy: “User access is granted to an individual and may not be transferred to or shared with another without explicit written authorization by the Vice President for Information Technology, a designee, or the appropriate system administrator. “ • In IRIS employees who serve in the role of Approver can delegate their responsibilities to another employee without sharing ids and passwords.
Types of Users and Access Types of Users • Central Office Users A Central Office User is a user who resides in one of the following central offices: Accounting, Accounts Payable, Sponsored Project Accounting, Purchasing, Central Budget Office. • General User A user who does not reside in a Central Office. Types of Access • Update (Enter) and View • View Only
Roles for Central Users 1. Update and View • Users in central departments are not restricted below the transaction level. Central users can update and view. If a Central Office User has access to a transaction (for example, creating a purchase order), the user may assign the cost to any cost center. This approach is consistent with the current FRS Security Policy.
Roles for General Users 1. Update and View (Display) • Purchase Requisitions – A user who has access to create purchase requisitions will not be restricted by cost center (SAP term for account) This will enable users to share costs of purchases across multiple cost centers. • A Purchase Requisition must be approved by a departmental approver before the requisition can be converted to a Purchase Order. As now, only the department that creates the Purchase Requisition will approve the requisition). Only Central Purchasing can create Purchase Orders. • General Ledger Document Parking (IDIV) – A user who has access to “park” (SAP term for create) General Ledger postings will not be restricted by cost center (account). This will enable users to enter IDIV’s online, eliminating the requirement to fill out a paper form that has to be keyed by the accounting office. • A parked document must be posted by the central accounting office. • Funds Reservation - General Users will have access to encumber budget. • Requisition Approvers – Users with this role have access to release (approve) requisitions. Approvers will only see and be able to approve requisitions that are associated with their department(s).
Roles for General Users 2. View (Display) only • Financial Data – Display Users with Financial data access will be able to view master data (cost centers, internal orders, funds, fund centers), general ledger postings, invoices, payment information, and budget transactions (commitments, supplements, transfers) in any area and for any account. • Purchasing Data – Display Users with Purchasing data access will be able to view master data (vendors, materials), purchase requisitions, purchase orders, goods receipts, invoices, and payment Information in any area and for any account. Most users with View only access have access to both financial and purchasing data.
Audit Trails • An audit trail is created in SAP every time a transaction or master record is created or changed. • The audit trail details: • SAP user name • Time of entry • If a change, the old value and the new value • The transaction in which the change was made TWOODS (TIGER)