Security access in OneUSG Connect is provisioned in several ways. Some security roles are automatically provided:
- All Employees have access to the Employee Self Service page.
- Reports To Supervisors have access to the Manager Self Service page. This information comes over from UGAJobs.
- Faculty have access to the Faculty Data Self Service page. This is based on certain USG pay groups in UGAJobs.
Other security roles are assigned to particular employees:
- System Managers (Initiators) are assigned by departments or units.
- Departmental Approvers, who approve MSS transactions by Initiators, are also assigned by departments or units.
- Time & Absence Approvers are assigned per employee. This role can be updated by System Managers.
- The Job Data View role, which allows view-only access to the Job Data pages, is a role that can be requested via a security request in Manager Self Service.
- Departmental Dynamic Groups are a view-only role in Time and Labor that can be requested through Manager Self Service.
1. Departmental Approvers: Run this query to identify departmental approvers and to understand their specific approval authority within the established hierarchy of security permissions. This query helps a user identify departmental approvers and understand their specific approval authority within the organization's security hierarchy. It is a tool for ensuring proper financial control, improving workflow efficiency, enforcing security and compliance, and promoting transparency by clearly defining who has the authority to approve various transactions and requests. departmental approvers and understand their specific approval authority within the organization's security hierarchy. It is a tool for ensuring proper financial control, improving workflow efficiency, enforcing security and compliance, and promoting transparency by clearly defining who has the authority to approve various transactions and requests.
2. User Row Level Security Access by Department: This query is crucial because it helps manage permissions for people with cross-departmental roles, special project assignments, or audit responsibilities. By identifying specific permission list roles, the query pinpoints who has special access and to which HR departments. This is a tool for ensuring security, maintaining compliance, and troubleshooting access issues by documenting and verifying that access is granted.
3. User Assigned TL Groups: This query provides a detailed list of the Time and Labor (TL) groups a user is assigned to, which determines their timesheet viewing/editing permissions. This query is a key to those who can view or edit timesheets, but not the Reports To or Time & Absence Approver. The query is a key tool for auditing and understanding a user's full scope of access within the TL system.
4. Access Role Count: This query is used to accurately count the number of users assigned to each security role within the institution. It can be expanded to identify the specific users within each role by using the drilling URL, which links to a detailed User Roles query.
5. User Roles: This query acts as a centralized "access lookup" tool. It provides a clear, concise way to connect users to their or others’ permissions, helping to enforce proper segregation of duties and maintain a secure data environment. The ability to search by different criteria makes it adaptable for various security-related tasks, from routine audits to urgent troubleshooting.
6. Delegations: This query is an essential tool for managing and auditing delegated access within an organization. It helps security administrators and HR staff ensure compliance by allowing them to verify who has been granted authority to act on someone's behalf for sensitive tasks. The query is also vital for troubleshooting access issues, as it can quickly confirm if a delegation is active and correctly configured. Furthermore, it enables proactive security management by helping users identify and address potential risks, such as outdated or overly broad delegations. The query is highly flexible, allowing users to search by delegator or proxy, and to filter results by an effective date or to view both active and inactive delegations for a complete historical record.
7. Access Role Page Access: This query is a security tool used to audit and document what a specific access role can do. By running the query for a given role, an administrator gets a list of all the application pages and menus that the role grants access to. This helps them validate permissions to ensure roles are configured correctly, troubleshoot why a user might not be able to access a certain page, and support security audits by creating a clear record of a role's permissions. Essentially, it turns a security role from an abstract concept into a concrete, verifiable set of permissions that can be used for documentation and reference.
Additional roles may be assigned by System Managers using the Security Request Form. For more information on the Security Request Form, please see Submitting a Security Request for Your Employee.
If an employee has any issues accessing the OneUSG Connect system, please contact OneUSG Support at oneusgsupport@uga.edu or at 706-542-0202.
Relevant Resources
Security Roles Spreadsheet
Associated Standard Operating Procedures (SOPs)
SOP_SYS_001 Security Request