= ZUAUSR Management = == Overview == IAM assumed responsibility for ZUAUSR management from OIT-Technical Services February, 2015. The goal of our involvement was to determine how to move off the legacy framework supported by ORACLE forms and a collection of scripts managed by ZUAUSR to grant privileges to users. During this time several instances of ZUAUSR hosts have been retired and moved away from ZUAUSR management: * TRNX * RPTT * TOKLAT * Degree Works Several more functions use ZUAUSR as a reference to privileges that have been granted, but are managed through the Cherwell ticketing system: * Approval Requests * SSH access to any Server * Database query accounts * Database support accounts Several Classes have been removed from ZUAUSR. These were removed if they met the criteria above, were infrequently used, or consolidated into other classes. Refer to Google Documents in the [[https://drive.google.com/drive/folders/0B1lxXqYPLTCiOENjVjBXaTJyUWM|ZUAUSR Administration Documents]] folder. Many classes that formerly required Type II approvals have been downgraded to Type I approval or no longer require any form of approval:[[br]] [[https://docs.google.com/document/d/1C436S4-1RaWuNq-AJ_sxIkASz52WeLJnq-1c_WjoOII/edit#heading=h.bopg1aq5eqzr|Finance Classes]][[BR]] [https://docs.google.com/document/d/1hgOMjkcHR3GuUsUT07v-s7qlJBNl5jmK4NPKZTWccEk/edit#heading=h.bopg1aq5eqzr[|HR Classes]][[BR]] [[https://docs.google.com/document/d/1HR1MkSe1W-XwDG6gf2Y9LtqOs_GOGJHgZBnIhV_LzfQ/edit#heading=h.i3z5yafrislq|OnBase Classes]][[BR]] [[https://docs.google.com/document/d/1B6klldO-b9mHY3FMnNpr1qllsjmM-Vm4epDBa53WdkI/edit|Student Information & Financial Aid Classes]][[BR]] [[https://docs.google.com/document/d/1w_0XSD0k5T5BcIIGZraJnAWNbWmFJHEuIcI4qHzDFYQ/edit#heading=h.gysxc75vm8gk|OIT Specific Classes]][[BR]] == ZUAUSR Functions == === Managing requests from Security Coordinators === Many functions of ZUAUSR administrators are initiated by Security Coordinators. ZUAUSR administrators initiate the same types of requests for UA OIT personnel. To determine how to initiate a request, the following document was created, [[https://docs.google.com/document/d/1pzKN-aYPtL-cbYaXvs4zsUv7As4R2_9ehfwVc-hH8Cc/edit|How do I ...?]]. It lays out step-by-step procedures to do things like request a new user, ask for SSH access, request service for a problem, and so on. The following functions may be requested by Security Coordinators, and require very specific actions on the part of ZUAUSR Administrators:[[BR]] [[newUsers|Creating New Users]][[BR]] [[queueHell|Managing the Queue]][[BR]] [[managingTickets|Managing Other Requests via Tickets]][[BR]] === Behind the Scenes === Several tasks require server access to complete. These fall into two rough categories: * Tasks depending on SQL knolwedge to complete * Tasks depending on knowledge of ZUAUSR scripts (ksh, perl, and SQL) housed on the PROD instance ==== Tasks requiring Knowledge of SQL to Complete ==== Several tasks require a competent knowledge of SQL and ORACLE commands. * [[ztvclsaInsert|Creating New Base Classes in ZUAUSR]] * [[ztvclsdInsert|Creating New SUPER Classes in ZUAUSR]] * [[bannerRoleSteps|Integrating a new BANNER role into ZUAUSR]] * [[pushingData|ZUAUSR Table Maintenance]] ==== Tasks Requiring Knowledge of ZUAUSR Scripts ==== ZUAUSR processing is managed by script invocations from the UA instance of the !AppManager tool. To change a script (add, delete, modify functionality), delete a script, or creation new functionality to provide access for several services all require a working knowledge of ZUAUSR script organization and priority in the !AppManager !ProcessFlows. * [[scriptHell|Creating, Modifying, or Deleting ZUAUSR Processing Scripts]] * [[banScriptHell|Add privileges based on changes in Banner]] * [[disagnoseGurusriProxy|Diagnosing Issues with Oracle roles, BANSECR.GURUSRI or SSO proxies]] == Miscellaneous == === Guest Account Privileges === Security Coordinators may submit requests for guests for any type of function provided they have approval within their campus and can justify the guests need for that access. In particular, consultants frequently have short term access to Banner, Servers or !OnBase as their expertise requires. Most requests for service can be handled in the usual way. See * [[newUsers|Creating New Users]][[BR]] * [[queryConsultants]|Consultants Requiring Query Access]] * [[refreshLRGP|Managing LRGP Refresh for ZZ_AS_CONSULT_LRGP_CLS users]] * [[managingTickets|Managing Other Requests via Tickets]] One request in particular requires management via EDIR LDAP, !OnBase access for a guest user. See * [[https://iam.alaska.edu/sunldap/wiki/GuestAccount|Guest Account Management in EDIR LDAP]].