User Access Certification

By default, the certifier is the employee's direct supervisor.

These can also be appropriate delegates as determined by the campus security team.

These are determined by the campus security team and data custodians prior to the certification cycle. 

All employees with access to PeopleSoft HR, PeopleSoft Finance, Summit, and Buyways for whom you are designated as the certifier will appear on your list. 

That employee can be reassigned to the appropriate certifier.

This can either be done by a member of the campus' security team or by the original certifier themselves.

The minimum expectation, prior to reassigning to someone else is that there is a conversation either with your security team or with the employee you are reassigning to and that there is agreement to the transfer of responsibility.

The application is the header level record in the system that represents either a single application (such as BuyWays) or a module of an application (Such as PeopleSoft- Finance). 

The term "Entitlement" in the system represents what we often refer to as a "Role". These are the specific rights the user is entitled to within the application.

The data is point-in-time data, meaning it is not updated once the campaign has been launched.  For this reason, we recommend either approving or revoking access as would be appropriate related to when the campaign was launched.

We are aware that changes such as terminations, transfers and changes in who employees report to can occur between when a campaign is launched and when a certifier certifies.  These can typically be accommodated the data point-in-time perspective described above as well as reassigning as necessary and revoking all for anyone who has off-boarded.

Certifiers will choose to either "approve" or "revoke" entitlements. This can be done on either a single entitlement, for an entire application, or for all rights the employee has (in the case of a terminated employee).

The expectation is that one of the actions will be taken on every entitlement.

If a certifier is uncertain they can mark an entitlement as "revoke" and explain that they are not certain in the required comment for "revoke".  This will trigger a follow-up conversation with the data custodian to determine if revoking truly is the correct action to be taken.

Once all access has been marked as either approved or revoked, the system will ask you to sign off on the completion of the certification task. 

Indicating that something should be revoked does not automatically take any action.

The security team and data custodians will review the reporting of any rights that have been tagged as "revoke" and will follow up if they need clarification or if there is any concern before taking any additional action that would impact the employees' rights. 

You may watch this short demonstration/tutorial to know what the system looks like as well as what it looks like to take the necessary actions.