myUFL Security

General

I heard the myUFL systems use “role–based security.” What does that mean?
Role–based security means a user will be authorized to perform a specific function or task in the myUFL systems (accessible through the myUFL portal) because he or she has a particular role. The roles you have will determine what menu item(s) or task list(s) you see when you log on to the myUFL portal. For example, students have the “student” role and will see the Gator Tickets link in the myUFL menu whereas faculty and staff will not. Most roles will apply to functional tasks. For example, employees that are assigned a “payroll processor” role will see links to payroll functions in their myUFL Menu.
How is role–based security different from what we did in the past?
Role–based security is fundamentally different from the method of assigning access rights that was used in the past. In the past, we used a variety of methods––some ad hoc, some based on affiliation, some based on job title, etc. Today, if your department assigns you a role to perform a specific task, your access rights will match everyone else who has that same role. Role–based security is much more consistent and manageable.
How do I know that I have been assigned a role?
In the myUFL portal, you can verify what roles you have been assigned by using My Account > My Roles. Everyone who can log into the portal will have at least one role and usually several. Some roles are automatically assigned based on your affiliation in the UF Identity Registry and provide access to services through My Self Service, such as Time Reporting and Travel and Expense. A visual display of the relationship between the UF Identity Registry and your user security roles is available on the Enterprise Systems Web site > Services > User Security Roles.
How do I get a role so I can access a system in myUFL other than those in My Self Service?
Contact your Department Security Administrator (DSA). The current list of DSAs is available as a link on the My Account > My Roles page in the portal.
What roles do I need in order to see the other role–based news pagelets–Faculty News, Staff News or Student News?
You can add any pagelet to your Custom Tab page. If you do need access to menu items available only to certain groups to which you don’t belong, then you need to request the appropriate role via your Department Security Administrator: UF_PA_FACULTY or UF_PA_STAFF or UF_PA_STUDENT. For example, WebMail is in My Self Service for students but not staff or faculty. If you do belong to the group but don’t see the appropriate Tab page (i.e., you are both a staff member and a student but only have the Student tab), then you need to have your Directory Coordinator fix your relationship in the UF Directory.
What role do I need to gain access to Enterprise Reporting?
You need the UF_ER_User role but this will contain very limited information. Most individuals will need additional UF_ER roles based on their job duties. A complete list of Enterprise Reporting end user or core user roles is available here.
How do I add, delete or modify a role?
Contact your Department Security Administrator (DSA). The current list of DSAs is available as a link on the My Account > My Roles page in the portal.
What is the difference between a user security role and a workflow role?
Contact your <a href="What is the difference between a user security role and a workflow role? Department Security Administrator (DSA). The current list of DSAs is available as a link on the My Account > My Roles page in the portal.
How do I know if a problem when using the myUFL systems is related to a user role or the system itself?
If you can see the link in your myUFL Menu it is highly likely that you have the correct role but that your role preferences or workflow setups are incorrect. Before contacting the DSA to look at your settings, we do recommend that you first check the Alert Notices for possible system outages or known issues. Next, contact your Department Security Administrator or designated College Expert to see if they are familiar with your problem. They will contact the UFIT Liaison for your area if this cannot be resolved locally. You may also call the UF Computing Help Desk, (352)392-HELP(4357), and they will assign your ticket to the Security team or the appropriate functional team (i.e., Finance, HRMS, Portal, and Reporting). Each functional team is responsible for approving and implementing the roles, user preferences, and workflow set ups.
Back to Top

Department Security Administrators

What is the role and responsibilities of a Department Security Administrator (DSA)?
Vice presidents, deans, directors, and department chairs are responsible for assigning user security roles for their employees. A Department Security Administrator (DSA) needs to be designated by a Vice President, Dean, Director or Department Chairman to do this work on their behalf. The DSA will use the Access Request System to initiate requests to grant or remove access to administrative computer applications for people in their department, college or division. Many of these applications contain confidential or sensitive information about UF employees, students or university interests.
How do I become a Department Security Administrator?
A completed DSA Authorization Form, located on our forms page, must be signed by a Vice President, Dean, Director or Department Chairman to appoint or terminate a DSA. Please send the completed and signed form to the Enterprise Systems Security Team at the address printed at the bottom of the form. Upon receiving the form, an Enterprise Systems security team member will contact the new DSA to arrange a time to attend the mandatory DSA training course. After completing the course, the DSA will then have access to the Access Request System (ARS) in the myUFL portal.
How can I tell which Department IDs have been assigned to me?
Navigate in myUFL to My Account > My Roles. You will see a link to the Department Security Administrator List. Use the browser’s search (Edit > Find) to locate your name in the list. It may be listed multiple times. The DSA list contains the unit name and corresponding DeptID.
How can I add or remove DeptIDs assigned to me?
Change in Department IDs for a DSA must be requested by filling out a DSA Authorization Form located on our forms page, and having it signed by your chair/director. Follow the submission instructions on the form.
How do I see the people I supervise?
If someone’s “Home Department” is one of the DeptIDs assigned to you as a DSA, you will be able to see their security.
How can I find the Home Department ID for someone I supervise?
If you approve time for the person, navigate in myUFL to Manager Self Service > Time Management > Time Management Home > Time and Labor Launch Pad and find them by name. This will also show you the DeptID.
Can a college or department decide not to let their employees have the self–service functions?
No. All employees will have the self–service roles listed above. Whether employees actually enter their own time or travel expense via the portal’s My Self Service is an internal policy decision for the college or department
Where can I get a complete list of roles and the associated password policies?
A list of roles and thier associated password policy levels can be found on the Identity & Access Management Security Roles page at: Security Roles
What happens when I assign someone role with password policy of P4 or P5?
When you assign a P4 or P5 role, the person will need to change their password the next time they sign on to the portal or other system authenticated with GatorLink. The individual will receive an automated email from myUFL but a verbal and early warning is highly recommended. Some employees have to authenticate on a local system before they can access the portal to change their password–letting them know ahead of time will allow them to use another computer to do this work.
How can I learn more about the new password policies?
Please review the materials and policy located here > GatorLink Password Management.
What does Rounds 1, 2, and 3 refer to?
In the transition from the legacy systems to the new myUFL systems, we used a series of spreadsheet or on–line exercises to assign user security roles to UF’s faculty and staff. This largely had to be done because there was not a one–to–one match between the old work tasks, processes, or systems and new work tasks, processes, or systems. We began in October 2003 with Excel spreadsheets and ended with Round 3 via the Access Request System in June 2004. Refinement and stabilization of role assignments continue today
How can I find users who are overdue or close to their certification deadline?
Navigate in myUFL to Access Request System > Requests > Certify Roles. Click the 'Date Last Certified' header to sort in ascending order
Where do I find which users have saved or submitted requests in the departments for which I am authorized?
Navigate in myUFL to Access Request System > Manage Requests > Find an Existing Value. Click on the 'Search' button.
Back to Top

Using the Access Request System

How do I add, remove, or otherwise modify user roles for an individual?
Navigate in myUFL to Access Request System > Requests > Manage Requests and enter the UFID of the person that needs role changes. When you have completed adding or deleting the roles, press the “Submit for Approval” button. Different roles have different requirements, so please review the information availible on the Identity & Access Management > Identity Coordination > Security Roles pages.
How do I remove roles for a terminated employee?
In ARS > Request > Manage Requests, enter the UFID of the employee, select the “Delete Roles” check box, change “Action Requested” for any role to “Delete,” and select “Submit Request” button. If you are unable to remove a role, be sure they have a qualifying affiliation associated to your department.  If not, add a GLID qualifying affiliation in the Identity Registry, then you should be able to delete the role ARS.  The IAM Security team will remove access to the system. Note: If the user’s UFID has already been removed from the system, call the UF Computing Help Desk, (352)392-HELP(4357) and log a ticket for the Security Admin team. They will process the request for you.
Why did I receive the message “You are not authorized to access this component” when I tried to add some roles?
This means that there is an existing request in process for this UFID number. You can make a request for any UFID that does not have a request still in process. Once all roles on an existing request have been processed, you will be able to make another request for that UFID.  This message may also be received if the individual is outside their scope of authority.
I am attempting to add a new request for an employee and the system says “Not a Valid UFID”. What am I doing wrong?
You may have entered an incorrect UFID for the person. If after verifying the UFID, you are still unable to enter the request, the department’s Identity Coordinator should check in the Identity Regirsty to make sure the person has an appropriate relationship assigned. If the relationship is correct, contact the UF Computing Help Desk, (352)392-HELP(4357). The Help Desk will assign a ticket to the Enterprise Systems Security Admin team.
How are role requests processed?
There are three categories of security roles:
  • 1. End user roles that get automatically approved and implemented in the evening hours the same day they are requested.
  • 2. End user and core user roles that require approval by an authorized person at Enterprise Systems or the appropriate central office. These requests get implemented in the evening hours the same day they are approved.
  • 3. Workflow roles are entered on the User Preferences pages and we are working to automate these procedures. The turnaround for workflow roles is somewhat longer than that for end user roles.
How do I monitor the role requests I have made?
In Enterprise Reporting, there are many reports available to DSAs in the Application Access NewsBox. If you do not have Enterprise Reporting link in the myUFL Menu, you will need to request UF_ER_User. If you do not have the Application Access NewsBox, please use ARS to request the UF_ER_PA_Application Access role.
Are there Enterprise Reporting reports available for workflow role requests?
Not at this time.
I have role requests that are not being processed and the Pending Role Requests report (in Enterprise Reporting) does not show the number of days in queue
This suggests that you hit the “Save” button but not the “Submit” button when you entered the role request. Please go back into the Access Request system > Requests > Manage Requests and enter the UFID in the “Find an Existing Value” box. The request will appear, and then, press the submit button.
Who do I call if I have a problem with using ARS or Enterprise Reporting?
First, check the Alert Notices for possible system outages or known issues. Next, contact your fellow Department Security Administrator or designated College Expert to see if they are familiar with your problem. They will contact the Bridges Liaison for your area if this cannot be resolved locally. If no one is familiar with the problem, please contact the UF Computing Help Desk, (352)392-HELP(4357), as soon as possible.
Back to Top

Assign User Security Roles

What roles are recommended for Enterprise Reporting?
The Enterprise Systems EPM/Reporting team recommends the following Enterprise Reporting roles for most college and department administrators. Many users are mistakenly requesting reporting roles for “Central” or “All” and this is delaying the reporting role requests being implemented because those particular roles are reserved for a handful of central/core office staff. Roles that are appropriate for department and college users include: Enterprise Reporting Roles for HR/Payroll
  • UF_ER_HRPR_Benefits To access general benefit information
  • UF_ER_HRPR_Ben_PaidBen To access employer–paid benefit information
  • UF_ER_HRPR_Ben_Leave To access employee leave reports
  • UF_ER_HRPR_Information To access general demographic information
  • UF_ER_HRPR_Pay To access payroll–related information
  • UF_ER_HRPR_Pay_CurrPayCycle To access the current pay period reports
  • UF_ER_HRPR_Pay_Warrant To access the current year pay warrant information
  • UF_ER_HRPR_Pay_Cost To access the current year payroll cost information
  • UF_ER_HRPR_Workforce To access workforce information related to jobs, distributions, etc.
Enterprise Reporting Roles for Finance
  • UF_ER_FI_Asset_Mgmt To access Asset / Property reports
  • UF_ER_FI_Ledger_ALL To access Control (available balance) and Departmental Ledger
  • UF_ER_FI_Exp_and_Travel To access expense and travel reports
  • UF_ER_FI_Purchasing To access purchasing–related reports
  • UF_ER_FI_SponsResearch To access sponsored research pre– and post–award reports
For more information about the Financial and HRMS reporting roles, please review the documents available on the Information Technology Web site > Services > Enterprise Reporting. For a complete list of all reports available in Enterprise Reporting go to the Report Catalog. To determine the roles required to view those reports, go to the Identity & Access Management Web site > Identity Coordination > End & Core User Roles > Data Access > Enterprise Reporting Roles .
What role is needed to see job applicants? Does any type of workflow need to be set up?
No. The job applicant must be “routed” by the “recruiter” to the appropriate supervisor in order to be viewed
What role is needed for the EEO person?
The role of EEO Officer is not a user security role but rather a title on the Interview Team. There, the person can view the pool as routed and participate in the evaluation process.
What role do I assign for someone who needs to produce a list of assets and associated information by Department ID or search for a specific asset?
Asset Management reports are available in three locations:
  • Enterprise Reporting > Access Reporting > Financial Information > My UFL Financials > Asset Management
  • Asset Management > Search for an Asset
  • Asset Management > Print an Asset
Look at the roles listed on the Identity & Access Management Web site, off the Security Roles > End & Core User Roles > Finance page under Asset Management Roles for more information.
What roles do I need to assign for an Identity Coordinator?
A list of Identity Coordinator end user roles is available on the following link, Identity Management Roles. When requesting IdM roles please remember to include the Dept ID in the “Authority Area”. The identity Coordinator may only modify or add people to the Identity Registry for that particular DeptID. When requesting a high level Dept ID such as 63100000 the Identity Coordinator will have access to all Dept IDs within 6310, and it is not necessary to list them individually.  Do not leave the “Authority Area” in ARS blank or the request will be denied. To enter the DeptID in ARS: Manage Requests > type in UFID of individual > Add > when user’s security is listed click on the “+” to the right of the last role > on new line use drop down box under “Security type” and select Legacy > click on the magnifying glass, a list of  roles will come up > select the role needed > a box will appear under “Authority Area” > fill in the appropriate DeptID without the hyphen.
Back to Top