Version 12 (modified by lttoth@…, 7 years ago) (diff) |
---|
ZUAUSR Management
Overview
IAM assumed responsibility for ZUAUSR management from OIT-Technical Services February, 2015. The goal of our involvement was to determine how to move off the legacy framework supported by ORACLE forms and a collection of scripts managed by ZUAUSR to grant privileges to users.
During this time several instances of ZUAUSR hosts have been retired and moved away from ZUAUSR management:
- TRNX
- RPTT
- TOKLAT
- Degree Works
Several more functions use ZUAUSR as a reference to privileges that have been granted, but are managed through the Cherwell ticketing system:
- Approval Requests
- SSH access to any Server
- Database query accounts
- Database support accounts
Several Classes have been removed from ZUAUSR. These were removed if they met the criteria above, were infrequently used, or consolidated into other classes. Refer to Google Documents in the ZUAUSR Administration Documents folder.
Many classes that formerly required Type II approvals have been downgraded to Type I approval or no longer require any form of approval:
Finance Classes
Classes]
OnBase Classes
Student Information & Financial Aid Classes
OIT Specific Classes
ZUAUSR Functions
Managing requests from Security Coordinators
Many functions of ZUAUSR administrators are initiated by Security Coordinators. ZUAUSR administrators initiate the same types of requests for UA OIT personnel. To determine how to initiate a request, the following document was created, How do I ...?. It lays out step-by-step procedures to do things like request a new user, ask for SSH access, request service for a problem, and so on. The following functions may be requested by Security Coordinators, and require very specific actions on the part of ZUAUSR Administrators:
Creating New Users
Managing the Queue
Managing Other Requests via Tickets
Behind the Scenes
Several tasks require server access to complete. These fall into two rough categories:
- Tasks depending on SQL knolwedge to complete
- Tasks depending on knowledge of ZUAUSR scripts (ksh, perl, and SQL) housed on the PROD instance
Tasks requiring Knowledge of SQL to Complete
Several tasks require a competent knowledge of SQL and ORACLE commands.
- Creating New Base Classes in ZUAUSR
- Creating New SUPER Classes in ZUAUSR
- Integrating a new BANNER role into ZUAUSR
- ZUAUSR Table Maintenance
Tasks Requiring Knowledge of ZUAUSR Scripts
ZUAUSR processing is managed by script invocations from the UA instance of the AppManager tool. To change a script (add, delete, modify functionality), delete a script, or creation new functionality to provide access for several services all require a working knowledge of ZUAUSR script organization and priority in the AppManager ProcessFlows.
- Creating, Modifying, or Deleting ZUAUSR Processing Scripts
- Add privileges based on changes in Banner
- Diagnosing Issues with Oracle roles, BANSECR.GURUSRI or SSO proxies
Miscellaneous
Guest Account Privileges
Security Coordinators may submit requests for guests for any type of function provided they have approval within their campus and can justify the guests need for that access. In particular, consultants frequently have short term access to Banner, Servers or OnBase as their expertise requires. Most requests for service can be handled in the usual way. See
- Creating New Users
- Consultants Requiring Query Access
- Managing LRGP Refresh for ZZ_AS_CONSULT_LRGP_CLS users
- Managing Other Requests via Tickets
One request in particular requires management via EDIR LDAP, OnBase access for a guest user. See