Security using OSU Data Tools
About
Institutional Data Security at OSU
OSU employees need and rely on institutional data to do their work and make informed decisions. Many of these data, including Human Resource, Student, and Financial Records, contain sensitive or confidential information. Federal law and OSU policy provide specific guidance for securing and protecting institutional data and records.
To assist with the regulation and protection of institutional data, OSU employs role-based security permissions for all central reporting systems including CORE, GRS, and OSUF. This means that all OSU employees have access to these systems and specific reports and dashboards within based on their employment classification and job profile.
How can I share and store sensitive data?
| YES | NO |
|
Banner |
Drupal |
| Box (OSU) | Any email (subject line) |
| Canvas | AWS Infrastructure (requires approval) |
|
CORE |
Slack |
| Google Drive (ONID) | Sending to student non-OSU emails |
| Office 365 |
Desktop or My Documents folder |
| OSU Secure Drive | Thumbdrives |
| Qualtrics | |
| Salesforce | |
| VPN |
Visit the Data Management & Classificiation website for more detailed information, or contact us with questions.
CORE
CORE Access and Security Structure
Access to the Cooperative Open Reporting Environment (CORE) system is an automatic assignment based on your employee position and Banner access. All employees with an active employment record in Banner have access to select types of departmental CORE uReports, charts, and uDashboards.
Access levels for employee classifications or job profiles were developed through discussions with the university records custodians. If you need special access beyond your default access level, you can submit a Security Override Request using the form described below. User requests must clearly define the business need and why the data is needed by the particular employee for their position.
| Student Data | Finance Data | Research Data |
Human Resources, Payroll & Benefits |
||||
|
Security Level 1a |
Aggregate Summary |
Aggregate Student Record Data |
Finance Aggregate Summary General Ledger & Operating Ledger |
Aggregate Research Data | Aggregate Summary | ||
|
Security Level 2b |
Summary with targeted detail |
Aggregate Student Record Data that is Detailed or More Sensitive than STU1 |
Finance Transaction Summary General Ledger & Transaction Ledger |
Grants Summary | Proposal Summary | Human Resources | Payroll Only |
|
Security Level 3c By Role |
Summary with more sensitive detail |
Individual and Identifiable Student Record Data (includes Sensitive and FERPA protected data) |
Finance Transaction Summary General Ledger and Transaction Ledger with subset of more sensitive detail |
Grants Summary |
Proposal Summary |
Human Resources | Payroll Summary Data Only |
|
Security Level 4d By Role |
Transaction Detail |
Classified or Restricted Student Record Data and Details |
Finance Detail General Ledger, Transaction Ledger, Payroll Ledger, Fixed Assets and Nolij Invoices |
Grants Detail |
Proposal Detail |
Human Resources | Payroll Detail Summary OPE |
|
Security Level 5e By Role |
Sensitive Data | No Security Level 5 | No Security Level 5 | Human Resources | Payroll Detail & Benefits Detail | ||
aAssigned to all active OSU Employees. Reports which aggregate data by high level classifications (Fund/ORG, Employee Classification Ux Cx Xx, College, Major, Student Level/Residency). Examples are total Student headcount/credit hours by Campus or College, Budget/Expense reports by Org Code, Student enrollment by Major.
bAccess assigned by Position Classification. Reports aggregates data by mid-level classifications (Index, Department/ORG, Student Level). Budget/Expense reports by Index/Account Code, average student GPA by College/Major. Reports also have targeted detail. Users at this security level also have access to security level 1.
cAccess assigned by Position Classification. Reports with summary and a subset of more sensitive detail transactions by classifications (Index, Department/ORG, Student Level). Budget/Expense reports by Index/Account Code, Course Rosters, Payroll transactions, Nolij Images, etc. Users at this security level also have access to security levels 1 & 2.
dAccess assigned by Position Classification. Reports with summary and detail transactions by Index/Account Code, Transactions, Employee, Student. Budget/Expense reports include drill down to expense and payroll transactions, Class Rosters, Student registration, GPA, including relevant Nolij images. Users at this security level also have access to security levels 1, 2 & 3.
eAccess assigned by Position Classification. Reports with summary and detail transactions by Index/Account Code, Transactions, Employee, Student. Budget/Expense reports include drill down to expense and payroll transactions,relevant Nolij image Class Rosters, Student registration, GPA, Student Profile information. Users at this security level also have access to security levels 1, 2, 3 & 4.
eDashboard - High level administrative dashboards and scorecards which aggregate data according to University metrics that track overall University performance measures and strategy. Dashboards have the ability to drilldown or drill through to detail data. Executive security level has access to all University data.
uDashboard - University-wide Dashboards and scorecards which aggregate data according to University metrics that track overall University performance measures and strategy. Examples are total Student headcount/credit hours by Campus or College, University Financial Statements, total enrollment by program.
GRS
Grant Reporting Security Structure
The Grant Reporting System (GRS) is available from anywhere in the world where there is an internet connection. GRS is authenticated through an OSU onsite security process. To access your grant reports remotely, you will first need to login to a Virtual Personal Network (VPN).
The Grant Reporting System...
-
updates data daily
-
reflects current transaction information
-
access to My Grant activity is limited to only the Principal Investigator (PI), Co-PI, and Business Center staff
-
principal investigators, co-PI's & fund financial managers are automatically added to GRS when the applicable grant code is added to Banner
-
research assistants can only view grant indexes to which they are assigned
-
Business Center staff with GRS roles, Business Manager, Deputy Business Manager and Accountant, can view Grant Reports and create Non-FIS Encumbrances
-
-
errors in transactions, payroll or encumbrances found? contact your Grant Accountant for assistance
-
lost access to GRS? Contact IAR.
OSUF
OSUF Systems Security Structure
OSU Foundation Systems - Roles and Access
| Role | Reimbursement | Scholarship | Direct Payment |
|
Business Manager |
X | X | X |
|
Deputy Business Manager |
X | X | X |
|
Accountant |
X | X | X |
|
Scholarship Administrator |
X |
Role Descriptions
- Business Manager - Can create Index Reimbursements and signer requests and has ability to manage access at the unit level. Can assign Indexes, Orgs and Scholarship Detail Codes to users. Intended for OSU employees with titles like Business Center Manager, Finance & Accounting Manager or Finance Coordinator.
- Deputy Business Manager - Has the same user rights as the Business Manager. If delegated by the Business Manager, the Deputy Business Manager can manage the systems access for their unit.
- Accountant - Can create Index Reimbursement and Direct Payment requests for their assigned Orgs, with transaction details including account numbers and non-aggregate Other Payroll Expense data. Can create Authorized Signer requests and may view Nolij images if available. Intended for OSU employees with titles like Accountant, Fiscal Coordinator, Office Manager, Administrative Assistant or Office Specialist.
- Scholarship Administrator - Can create, revise and submit Scholarship Plans; Administer FS Index Reimbursements Requests; Manage scholarship awards and approvals, Detail Code X-Walk; Prepare and submit new Authorized Signer requests.
Profile Data Needed for Access to OSUF Systems
A related automatic process copies the following profile data from Banner to the OSUF Systems.
- OSU ID Number
- ONID Username
- First, Middle & Last Name
- Home ORG
- Department
- Email Address
Automatic User Deactivation
User access is automatically deactivated when either of the following events occur:
- The user's employment at Oregon State University is terminated
- The user changes positions and the first two digits of their Home ORG change
- This process does not remove the user. To permanently remove a user account it must be deactivated by the Business Manager in the User Administration utility.
CORE Security Override Request Form
All OSU employees are granted access to CORE with role-based permissions that are assigned according to their job position. This form is to request access to a security level or reports that are not part of the default security classification for the employee's position. There must be a legitimate business purpose to receive an override and the final decision on the request is at the discretion of the data steward for the respective data area.