Identity Access Management

Access Request System Roles

End User

Role NameDescription
UF_ER_PA_APPLICATION_ACCESSContains information regarding the assignment of PeopleSoft Security Roles (for DSA's).
Password Level (3)
UF_SEC_REQUESTORThis role allows a department security administrator (DSA) to request security roles for department employees. The department security administrator (or designated employee) can change or delete security roles. Staff requesting this role must also submit a completed DSA Authorization Form.
Password Level (3)
Training Requirements:

BRG900 - Understanding Your DSA Role

Conflicting Roles:

UF_SEC_APPROVER

Back to top

Core User

Role NameDescription
UF_ER_APPLIC_ACCESSCENTRALContains information regarding the assignment of PeopleSoft Security Roles for use by Bridges personnel.  Data within this folder should be considered sensitive and treated securely.
Password Level (3)
UF_SEC_ADMINThis role is used by members of the UF Computing Help Desk to manually lock or unlock a user's password and view user security roles, setups, and request history.
Password Level (5)
Training Requirements:

OIT801 - GatorLink Password Management

UF_SEC_APPROVERThis is a core user role granting access to:
  • Approve security access request.
Password Level (5)
Training Requirements:

BRG300 - Security Role Approvers

Conflicting Roles:

UF_SEC_REQUESTOR

UF_SEC_APPROVE_CONFLICTSThis role allows access for the conflict [CNFL] group to the Conflict Approver page in the Access Request System (ARS).
Password Level (5)
UF_SEC_IMPLEMENTERThis is for IAM security admin team member responsible for making changes to security access based on approved request.
Password Level (4)
Back to top

UFIT

Role NameDescription
UF_SEC_REQ_ADMINThis role allows users to administer the Access Request System (ARS). This role is reserved for members of the Enterprise Systems security staff.
Password Level (4)
Back to top

Identity Management Roles

End User

Role NameDescription
UF_PA_IDM_COORDINATORThis role allows maintenance of a person's identity information in the UF Identity Registry. Note: When requesting the role, please include the user’s scope of authority - i.e. the DeptIDs the user will need access to - in the Authority Area.
Password Level (3)
Training Requirements:

BRG500 - Identity Management

Conflicting Roles:

UF_PA_IDM_ID_VIEWER
UF_PA_IDM_PRIMARY
UF_PA_IDM_COORD_LIBRARY_GUEST
UF_PA_IDM_COORD_LIBRARY

UF_PA_IDM_COORD_LIBRARYThis role allows the user to maintain all library affiliations for a person's identity information in the UF Identity Registry.
Password Level (3)
Training Requirements:

BRG500 – Identity Management

Conflicting Roles:

UF_PA_IDM_COORDINATOR
UF_PA_IDM_COORD_LIBRARY_GUEST
UF_PA_IDM_PRIMARY

UF_PA_IDM_COORD_LIBRARY_GUESTThis role allows the user to maintain library guest affiliations for a person's identity information in the UF Identity Registry.
Password Level (3)
Training Requirements:

BRG500 - Identity Management

Conflicting Roles:

UF_PA_IDM_COORDINATOR
UF_PA_IDM_PRIMARY
UF_PA_IDM_COORD_LIBRARY

UF_PA_IDM_ID_VIEWERThis role allows view only access to UF Identity Registry information. This view only access includes names, addresses, phone numbers, email addresses, affiliations, and personal relationships. This role allows 'view only' access to the people the assignee has been authorized to view. Department row level security is required. Note: When requesting the role, please include the user’s scope of authority - i.e. the DeptIDs the user will need access to - in the Authority Area.
Password Level (3)
Conflicting Roles:

UF_PA_IDM_COORDINATOR
UF_PA_IDM_PRIMARY

UF_PA_IDM_NETMGRThis role allows IT staff ,and Identity and Primary Coordinator's the ability to manage the "Network Managed By" IT Relationship in the UF Identity Registry.  There can only be one IT relationship per UFID.
Password Level (3)
UF_PA_IDM_PRIMARYThis role allows for maintenance of a person's identity information in the UF Identity Registry, as well as access to QA tools. There is only one Primary IdM Coordinator per unit. Note: When requesting the role, please include the user’s scope of authority - i.e. the DeptIDs the user will need access to - in the Authority Area
Password Level (3)
Training Requirements:

BRG500 – Identity Management

Conflicting Roles:

UF_PA_IDM_COORDINATOR
UF_PA_IDM_ID_VIEWER
UF_PA_IDM_COORD_LIBRARY_GUEST
UF_PA_IDM_COORD_LIBRARY

Back to top

Core User

Role NameDescription
UF_N_SECURITY_EXT_BROWSEThis role allows users to browse security extensions. The role is for use solely by RACF administrators.
Password Level (3)
UF_N_SECURITY_EXT_UPDATEThis role allows users to browse and update security extensions. The role is for use solely by RACF administrators.
Password Level (3)
UF_PA_IDM_ADMINUSERThis role is assigned to the Identity Administrator for ID Management (IDM) and staff in the Office of the University Registrar (OUR), Human Resource Services (HR), Finance and Accounting (FA), and other select core offices.
Password Level (4)
Training Requirements:

BRG500 - Identity Management

Conflicting Roles:

UF_PA_IDM_CORE_PII

UF_PA_IDM_CORE_PIIThis role allows non-Admin core office users the ability to view social security numbers on the Search page in Identity Access Management.
Password Level (4)
Conflicting Roles:

UF_PA_IDM_ADMINUSER

UF_PA_IDM_EMAIL_ADMINAssigned to select UFIT workers on the IAM and EI & O teams who are authorized to update business email addresses in the UF identity registry in cases where business rules do not normally allow updates to those email addresses. This role does not provide any page access, so the user must also have the UF_PA_IDM_COORDINATOR or UF_PA_IDM_ADMINUSER role, which provide access to the Manage Identity page in myUFL
Password Level (4)
UF_PA_IDM_IDRThis role allows access for the Identity Administrator at Enterprise Systems to submit an Identity Resolution.  This is used to resolve multiple IDs. Note: This role must have the UF_PA_IDM_ADMINUSER role, and training is required for that role.
Password Level (4)
Back to top

UFIT

Role NameDescription
UF_PA_IDM_COPYTOTSTThis role allows the user to specify a list of UFIDs for copying mainframe directory/registry information from production to test.
Password Level (5)
Back to top

Information Security Roles

End User

Role NameDescription
UF_N_RSK_EXT_SURVEY_VENDORThis role is able to  access Archer: *  Modify associated surveys for Risks projects.
Password Level (3)
UF_N_RSK_PCI_REVIEWERThis role is able to  access Archer: *  View associated Risk projects records. *  View all Risk projects identified with card holder data. *  View associated reports. *  Submit and be informed on associated risk assessment requests.
Password Level (4)
UF_N_RSK_PRIVACY_REVIEWERThis role is able to  access Archer: *  Modify all associated Risks projects. *  Modify associated surveys for Risk projects and related records. *  Modify associated surveys for Risk projects. *  View associated Risk projects records. *  Approve/Deny all Risk projects. *  View all Risk projects identified with card holder data. *  View all Risk projects identified as requiring a requisition. *  View associated reports. *  Submit and be informed on associated risk assessment requests.
Password Level (4)
UF_N_RSK_PURCHASING_REVIEWERThis role is able to  access Archer: *  View associated Risk projects records. *  View all Risk projects identified as requiring a requisition. *  View associated reports. *  Submit and be informed on associated risk assessment requests.
Password Level (4)
UF_N_RSK_UF_USERThis role is able to  access Archer: *  Submit and be informed on associated risk assessment requests.
Password Level (3)
UF_N_RSK_VIEWERThis role is able to  access Archer: *  View associated Risk projects records. *  View associated reports. *  Submit and be informed on associated risk assessment requests.
Password Level (3)
UF_SEC_ISMThis role is for the UF Institution Security Manager.
Password Level (4)
Conflicting Roles:

UF_SEC_ISA
UF_SEC_TECHCONTACT

UF_SEC_TECHCONTACTThis role is reserved for the UF Security Technical contact.
Password Level (4)
Conflicting Roles:

UF_SEC_ISA
UF_SEC_ISM

Back to top

Core User

Role NameDescription
UF_PA_IAM_IDENTITY_SYNCThis is a core IT role to be assigned to high-level staff within Enterprise Systems and the UF Computing Help Desk who have the ability to identify situations where IAM identity data may be out-of-sync and who have been designated to resolve those issues using myUFL interfaces.
Password Level (5)
UF_SEC_ISAThis role is reserved for the UF Institution Security Administrator.
Password Level (4)
Conflicting Roles:

 UF_SEC_ISM
 UF_SEC_TECHCONTACT

Back to top

UFIT

Role NameDescription
UF_N_DATA_SVCS_ANALYTICS_ADMIN
 
Enterprise Systems Data Services Analytics System Administrator:  Maintains and sets server policies, installs and configures application software, administers analytics servers.
Password Level (5)
UF_N_OSG_MVLS_REPThe role provides permission to access the Microsoft Volume Licensing Service (MVLS) Center, including software download and license keys. Requests for this role will be reviewed by the member's designated IT Director. Once the role is approved, CNS-OSG will provision the user with access to the MLVS Center.
Password Level (4)
UF_N_RSK_ANALYSTThis role is for Risk Management only.  This role is able to  access Archer: *  Manage Enterprise Management and Risk Management modules. *  Modify Categorization on all associated Risks projects. *  Modify all associated Risks projects. *  Modify associated surveys for Risk projects and related records. *  Modify associated surveys for Risk projects. *  View associated Risk projects records. *  Create findings and remediation plans. *  View all Risk projects identified with card holder data. *  View all Risk projects identified as requiring a requisition. *  View associated reports. *  Submit and be informed on associated risk assessment request.
Password Level (5)
UF_N_RSK_CONTROL_STD_MANAGERThis role is -for Risk Management only.  This role is able to  access Archer: *  Manage Control Standards solution. *  Submit and be informed on associated risk assessment requests.
Password Level (5)
UF_N_RSK_MANAGERThis role is for Risk Management only.  This role is able to  access Archer: *  Manage Enterprise Management and Risk Management modules. *  Modify Categorization on all associated Risks projects. *  Modify all associated Risks projects. *  Modify associated surveys for Risk projects and related records. *  Modify associated surveys for Risk projects. *  View associated Risk projects records. *  Approve/Deny all Risk projects. *  View all Risk projects identified with card holder data. *  View all Risk projects identified as requiring a requisition. *  View associated reports. *  Submit and be informed on associated risk assessment requests.
Password Level (5)
UF_N_RSK_POLICY_MANAGERThis role is for Risk Management only.  This role is able to  access Archer: *  Modify Policy Management module. *  Submit and be informed on associated risk assessment requests.
Password Level (5)
UF_N_RSK_SYSTEM_ADMINThis role is for Risk Management only.  This role is able to  access Archer: *  Modify all modules including management of Archer Group and Roles. *  Manage Enterprise Management and Risk Management modules. *  Modify Categorization on all associated Risks projects. *  Modify all associated Risks projects. *  Modify associated surveys for Risk projects and related records. *  Modify associated surveys for Risk projects. *  View associated Risk projects records. *  Create findings and remediation plans. *  Approve/Deny all Risk projects. *  View all Risk projects identified with card holder data. *  View all Risk projects identified as requiring a requisition. *  View associated reports. *  Modify Policy Management module. *  Modify Control standards solution. *  Submit and be informed on associated risk assessment requests.
Password Level (5)
UF_PA_IAM_IDENTITY_SYNCThis is a core IT role to be assigned to high-level staff within Enterprise Systems and the UF Computing Help Desk who have the ability to identify situations where IAM identity data may be out-of-sync and who have been designated to resolve those issues using myUFL interfaces.
Password Level (5)
Back to top

Shibboleth Services Roles

Core User

Role NameDescription
UF_N_SHIBSP_ADMINThis role is used by the Dean, Director, or Department Head (DDD) responsible for the Service Provider Gatorlink Authentication.
Password Level (4)
UF_N_SHIBSP_DB_MAINTThis role allows users in the Identity and Access Management (IAM) group to make changes to the Shibboleth Service Provider database.
Password Level (4)
UF_N_SHIBSP_DB_VIEWThis role provides the campus Help Desk with 'read only' access to the Shibboleth Service Provider information.
Password Level (4)
UF_N_SHIBSP_ISAThis role is used by the Institutional Security Administrator (ISA) responsible for the Service Provider Gatorlink Authentication.
Password Level (4)
UF_N_SHIBSP_ISMThis role is used by the Institutional Security Manager (ISM) responsible for the Service Provider Gatorlink Authentication.
Password Level (4)
UF_N_SHIBSP_TECHThis role is used by the technical contact responsible for the Service Provider Gatorlink Authentication.
Password Level (4)
UF_SEC_SHIB_ ADMINCONTACTThis role is reserved for the UF Security Business Administrator of a Shibboleth service.
Password Level (3)
UF_SEC_SHIB_TECHCONTACTThis role is reserved for the UF Security Shibboleth Technical contact.
Password Level (3)
Back to top