Setting Up 3C Group SecurityThis chapter discusses how to:
Set up communication, checklist, and comment (3C) group security.
Set up service indicator security.
Copy user security.
Apply demographic data access security.
Securing and setting up the Population Update process.
Setting Up 3C Group SecurityTo set up 3C group security, use the 3C Group Security component (OPR_GRP_3C_TABLE).
You can select which 3C groups user IDs can view and update. The Campus Community 3C engine also uses the security that you set up here. The 3C engine does not process the user's request if the user does not have update access for the 3C value used in the process. 3C groups allow access to specific communication categories, checklist codes, and comment categories.
This section lists prerequisites and discusses how to grant 3C group security.
Prerequisite
Before you set up 3C group security, set up 3C groups and complete institution security setup.
See Also
Understanding the 3Cs — Communications, Checklists, and Comments
Securing Your Academic Institution
Page Used to Set Up 3C Group Security|
Page Name |
Object Name |
Navigation |
Usage |
|
OPR_GRP_3C_TABLE |
Set Up SACR, Security, Secure Student Administration, User ID, 3C Group Security |
Grant user access to 3C group information. |
Granting 3C Group SecurityAccess the 3C Group Security page.
Security Setting
|
Institution |
Enter an institution. Only institutions to which this user ID has access are available. |
|
3C Update/Inquiry Group |
Enter the 3C group that the user ID should have access to for the selected institution. The 3C groups are defined inside the Group 3C Table page (GRP_3C_TABLE page). |
|
Inquiry Indicator |
Select to enable the user ID to view all data in the 3C group. The inquiry indicator is used to widen or narrow searches on 3C inquiry pages throughout the system. For example, a user that has inquiry access to a certain 3C group will only be able to view the communications, checklists, or a comments assigned to an individual or to an organization that is tied to the 3C group. |
|
Update Indicator |
Select to enable the user ID to update—enter or alter—data in the 3C group. You should also select this check box if you want the user ID to be able to process 3C items by using the 3C engine. If the user ID does not have update access to the 3C group, the 3C engine does not process a request by using the 3C group. This is similar to the way the system manages manual assignments for communications, checklists, or comments. |
Setting Up Service Indicator SecurityTo set up service indicator security, use the Service Indicator Security component (SCRTY_TABL_SRVC) and the Service Indicator Display (SCC_SI_DISP_ROLE) component..
This section lists prerequisites and discusses how to:
Grant placement and release access to service indicators
Restrict display of service indicators.
Prerequisite
Before you set up service indicator security, set up service indicators in the Service Indicator table.
See Also
Pages Used to Set Up Service Indicator Security|
Page Name |
Object Name |
Navigation |
Usage |
|
SCRTY_TABL_SRVC |
Set Up SACR, Security, Secure Student Administration, User ID, Service Indicator Security |
Grant placement and release access to service indicators for a user ID for a particular institution. |
|
|
SCC_SI_DISP_ROLE |
Set Up SACR, Security, Secure Student Administration, Setup, Service Indicator Display |
Restrict view access to service indicators on administrative pages to specific roles. |
Granting Placement and Release Access to Service IndicatorsAccess the Service Indicator Security page.
Security Settings
|
Service Indicator Code |
Enter a code for each service indicator that the user ID should be able to place or release. To restrict the use of a service indicator by reason, enter multiple rows for the service indicator and enter the different reasons that apply. You define service indicator codes inside the Service Indicator Table. |
|
Reason |
Enter a reason indicating when the user ID can access the service indicator. You must enter a reason for each indicator. For example, if the user ID should be able to use the conference guest service indicator only for football recruitment visits or Special Olympics guests, select each of those reasons for the conference guest service indicator. Define the reasons for using a service inside the Service Indicator Table. |
|
Placement and Release |
Select if this user ID should have permission to assign or release the service indicator. |
Restricting Display of Service IndicatorsAccess the Service Indicator Display page.
Restrict Display to Roles
To restrict the display of a service indicator's data to specific roles, enter the one or more roles for whom the data should appear. The system displays the data only for the roles that you specify, and does not display it for any role not listed.
If you do not want to restrict the display, ensure that no role is listed. When no role is listed on the Service Indicator Display page, the service indicator data is unrestricted and the system displays it for all roles.
Service indicator data includes the service indicator icon on pages for IDs to whom the indicator is assigned and the service indicator information on the Service Indicator Summary page and the General Info tab of the Student Services Center component.
Note. A user's placement or release security takes precedence over restricted display. If a service indicator's display is restricted but the user has place or release access for that service indicator, the service indicator data will appear for that user whether or not the user has any of the restricted display roles.
Replacing User SecurityTo copy or assign Campus Solutions user security, use the User Security Replacement component (SCRTY_OPRID_REPLAC) or the Mass User Security Replacement component (SCC_MASS_SCRTY_UPD).
Copying a security setup is the same as going to each appropriate menu and entering data for each security object to assign security for a specific user. Replacement security automates the process for you by enabling you to copy a security profile either to another individual user or to several users in mass.
This section discusses how to:
Copy user security for an individual.
Copy user security for multiple individuals.
Note. User security replacement described here applies only to Campus Solutions user security. It does not apply to PeopleTools security.
Pages Used to Replace User Security|
Page Name |
Object Name |
Navigation |
Usage |
|
SCRTY_OPRID_REPLAC |
Set Up SACR, Security, Secure Student Administration, Setup, User Security Replacement |
Copy the security setup of one user to another user. |
|
|
SCC_MASS_SCRTY_UPD |
Set Up SACR, Security, Secure Student Administration, Process, Mass User Security Replacement |
Assign or copy a security profile to an individual user or to a group of users. |
Replacing User Security for an IndividualAccess the User Security Replacement page.
Replacement User
|
Default Replacement User |
To replace or create all of a user ID's security objects with the same security objects assigned to another user ID, specify the user ID whose security objects you want to copy in this field. When you exit the field, the system automatically copies each security object from the replacement user ID. If you do not want to replace each of this user's security objects with all the security objects of one user ID, indicate the replacement user ID for each object that you want to replace. You do not have to replace all objects. For those objects that you do not want to replace, leave the field blank. |
|
User Preferences |
When you enter a user ID in this field, the default values that you set up in the User Default component for the entered user ID are assigned to the user ID, including the enrollment override defaults and user 3C group security. User defaults are set up in the User Defaults component. |
When you enter a user ID in any of the other fields on this page, the user ID is assigned the same security that you set up for the selected user ID for that item. All of these fields refer to the security that you set up on the pages in Set Up SACR, Security, Secure Student Administration, User ID.
Replacing User Security for Multiple IndividualsAccess the Mass User Security Replacement page.
Population Selection
Enter the tool and related parameters for selecting the population of user IDs to which you want to assign this user security or replace the existing security.
Fields in the Population Selection group box function the same as in the Population Selection group box across the system.
See Using the Population Selection Process.
Replacement User
Enter the user ID whose security you want to mass assign to the user IDs selected by Population Selection. You can modify any of the user security values to assign.
Fields in the Replacement User group box function the same as described for same group box on the User Security Replacement page.
Applying Demographic Data Access SecurityTo set up demographic data access (DDA) security, use the Demographic Data Access component (PERS_MSK_CFG) and the Demographic Data Access process component (RUNCTL_MSK_CFG).
This section provides an overview of DDA security, setting up DDA security, and discusses how to:
Define DDA masking configurations.
Run the DDA process.
Understanding DDA SecurityWith DDA security, you can mask the display of national ID and birthdate data in search records, prompt records, and on the Bio/Demo Data and the Relationships pages if these pages have display-only security. You can mask the entire fields or the first five characters of the national ID field or the year of the birthdate field. You can apply masking to one, both, or neither field. No matter which masking configuration you use, users can search on the entire national ID field.
Note. You can make the masking of National ID and birthdate in Search/Match functionality become more flexible. See Search/Match display options. National ID and birthdate data is also not masked in queries and reports.
To apply DDA security, you define masking configurations for all primary permission lists and assign a primary permission list to each user ID as part of his or her User Profile.
For example, suppose a primary permission list assigned to a user ID is named ALLPANLS. You might not want national IDs to appear throughout the system for this permission list, but you do want partial birthdates to appear. You would access the Demographic Data Access setup page and insert a row for the ALLPANLS permission list. In that row, you would configure the system to 1) mask the entire national ID, and 2) to display a partial birthdate field (masking the year).
You must then run the Demographic Data Access (MSK_CFG) process to replace data in the masking configuration table with the masking configuration that you defined and to apply the new configuration to each user to whom that permission list is assigned.
In the example, after running the Demographic Data Access process, each user whose primary permission list is ALLPANLS will not see national IDs on search pages or prompts, but they will see the birth month and day where birthdates appear. The masking configuration for the primary permission list to which a user is assigned also controls how national ID and birthdate data appear on the Bio/Demo Data page (SCC_BIO_DEMO_PERS) and the Relationships page (RELATIONSHIPS) throughout the system.
Note. The national ID and the birthdate fields appear masked on the Biographical Details page and the Relationships page only for users who have security set to show the pages in display-only mode. If a user has more than one permission list and therefore has both add/update and display-only access to a masked page, the least restrictive setting (add/update) takes precedent and masking is not applied.
Setting Up DDA SecurityTo set up DDA— security, you must assign a primary permission list to each user ID, grant administrative access to components for managing DDA, and define masking configurations for each primary permission list.
Note. All Campus Solutions search records and prompts depend on DDA security. You must therefore assign a primary permission list to each user, even to those who do not need the national ID and the birthdate fields masked. In the latter case, simply set the masking configurations in the primary permission list for both the National ID and the Date of Birth to Display entire field.
Pages Used to Apply DDA Security|
Page Name |
Object Name |
Navigation |
Usage |
|
USER_GENERAL |
PeopleTools, Security, User Profiles, User Profiles, General |
Assign a primary permission list to a user ID. |
|
|
ACL_MENU2 |
PeopleTools, Security, Permissions & Roles, Permission Lists, Pages |
Grant access to new components for managing DDA masking configurations for each primary permission list. Grant access to new Student components for users that should prompt only against Students. |
|
|
PERS_MSK_CFG |
Set Up SACR, Security, Secure Student Administration, Permission List, Demographic Data Access |
Define masking configurations for primary permission lists. |
|
|
RUNCNTL_MSK_CFG |
Set Up SACR, Security, Secure Student Administration, Process, Demographic Data Access |
Initialize the primary permission list configuration for all primary permission lists assigned to users. |
See Also
Enterprise PeopleTools PeopleBook: Security Administration, “Setting Up User Profiles” and “Working with Permission Lists”
Defining DDA Masking ConfigurationsAccess the Demographic Data Access (setup) page.
Important! Each time you make changes to the Demographic Data Access page, you must run the DDA process to apply the changes.
Configure Primary Permission List
|
Set as Default |
Select to assign this masking configuration to all permission lists used as primary permission lists. When selected, the Primary Permission List field becomes unavailable. |
|
Primary Permission List |
Insert a row for each primary permission list that requires a masking configuration different than the default masking configuration. When you run the process, the system applies this masking configuration to all users to whom this primary permission list is assigned. |
|
Mask National ID |
Enter the configuration to use for national IDs. Values are Display entire field, Display partial field, and Mask entire field. If you display a partial field, the system masks the first five characters of the national ID field. These translate values should not be modified. |
|
Mask Birthdate |
Enter the configuration to use for birthdates. Values areDisplay entire field, Display partial date, and Mask entire field. If you display a partial date, the system masks the year and displays month and day in the default date format for each birthdate field. These translate values should not be modified. |
Running the DDA ProcessAccess the Demographic Data Access (run control) page.
You must run the DDA process (MSK_CFG) to apply changes made on the Demographic Data Access (setup) page and to apply the default masking configuration to any newly created, newly assigned primary permission list whose masking configuration is not otherwise defined.
Note. The process applies the masking configuration only for permission lists that are used as “primary” permission lists. Therefore if you assign a User ID a primary permission list that was not used as primary the last time the DDA process was run, you will need to run the process again.
Securing and Setting Up the Population Update ProcessTo secure and set up the Population Update process, use the Population Update Security (SCC_POP_UPD_SRTY) component and the Population Update Setup (SCC_POP_UPD_SETUP) component
This section discusses how to:
Assign Population Update user security.
Set up the Population Update process.
See Also
Understanding the Population Update Process
Pages Used to Secure and Set Up the Population Update Process|
Page Name |
Object Name |
Navigation |
Usage |
|
SCC_POP_UPD_SRTY |
Set Up SACR, Security, Secure Student Administration, User ID, Population Update Security |
Set user security for accessing records to update using the Population Selection update process. |
|
|
SCC_POP_UPD_SETUP |
Set Up SACR, Administration, Utilities, Population Update, Population Update Setup |
Identify records and fields to make available for updating. |
Assigning Population Update User Security
Access the Population Update Security page.
|
Record (Table) Name |
Enter each record that you want the user to be able update for populations selected by the Population Selection process. After you save the page, the user can view and update the records if your institution or department makes them available for updating on the Population Update Setup page. |
Setting Up the Population Update ProcessAccess the Population Update Setup page.
When you select a record and access the Population Update Setup page, the system makes the fields from that record available in the Field Name drop-down lists. Select each field that you want to make available for users to update. Only the records and fields that you select and to which the user has security access, will be available on the run control page.