Post on 12-Oct-2020
BANNER SECURITY Tips for Functional Data Stewards for the Technology Risk & Assurance Audit
Beth Welsh, Bursar
Georgia Regents University
DATA STEWARD ROLE Who serves?
Challenges
Future Goals/Developments
BANNER SECURITY SETUP
ROLE 1 CLASS
CLASS
CLASS
CLASS
ROLE 2 CLASS
CLASS
CLASS
CLASS
ROLE 3 CLASS
CLASS
CLASS
CLASS
The organization of Banner security is pretty simple.
At the highest level are roles that are divided by security classes.
BANNER SECURITY SETUP
Class
Object
Object
Object
Class
Object
Object
Object
Class
Object
Object
Object
The next level includes objects under each class. The class determines
whether the objects within the class are maintenance or query.
CLASSES Each class should reflect the purpose. If it is used for specific duties, it should reflect that as well.
Example:
BAN_AR_QUERY_C
BAN_NAVIGATION_QUERY_C
BAN_PERSON_QUERY_C
BAN_AR_CASHIER_SUPERVISOR
NAMING OF CLASSES
• BAN=Banner • This begins all classes to ensure
there is no confusion of system security
• ADV=Advancement
• FIN=Finance
• FA=Financial Aid
• GEN=General
• HR=Human Resources
• STUD=Student
• AR=Accounts Receivable
• Use of the class, job role, duties
• The final two characters can designate the class as Q=query or M=maintenance
• Example: BAN_AR_DEPT_SUPR_USER_Q
• Audit rule: The appropriation of classes should fit the job function of the individual requesting security
• Audit rule: Changes in job functions must be tracked, changes in jobs or employment must be tracked
OBTAINING ACCESS TO BANNER
BANNER ACCESS FORM
• Ensure the user needs Banner access
• Completed
• Signed
• Filed Electronically
• Understandable
• Data steward
• End user
• IT Services
• Auditor
• Supervisor of end user
GRANTING ACCESS
• Beware of “I’m a backup” access
• Monitor last login dates
• Communicate regarding inactive access up front
• Document “special case” access
AUDITING Reports, Reports, Reports
• Crystal Reports
• Employment status reports
• Terminations, Transfers, Hires
• Includes date access was granted
• Includes last login
• Includes department and supervisor
THE TRA AUDIT
• Pre-audit preparation checklist
• SOPs by area sometimes called ACP – Access Control Procedure
• SOP-How to Request Banner Security
• Periodic audits of Banner security
• Overall review of all active users forms
• Security forms prepared for auditors, preparation of draft security request for auditors
• Pre-audit meeting to ensure there are no outstanding items, documentation is updated, sample handling review, review any leave of stewards, all emails are in central folder
THE TRA AUDIT
Auditors will : • Request reports of active users, or they may request access to database to
pull reports via SQL of active users
• Choose sample of users from various areas with various security
• Data stewards will use the sample list to send emails, audit security, obtain supervisor verification of accurate security for auditor sample file
• Obtain network shared folder access as a way to organize/share information with auditors ensuring security and ease of use
• Audit change requests of security for end users
CHANGE REQUESTS Form to handle change request documentation
Email account to handle requests and change requests for future auditing
Changes due to class or object audit changes-implications
Changes due to Banner releases
THANK YOU
Beth Welsh, Bursar, Georgia Regents University
706-737-1769
bwelsh@gru.edu