RolePrivilegeMatrix:角色权限矩阵|江阴雨辰互联

2024年4月15日发(作者：不小心恢复了出厂设置没有备份)

UW DATA MANAGEMENT COMMITTEE (DMC)

Security Access and Roles Privilege Matrix for READ-ONLY Access to Enterprise Data Warehouse Data – Version 21

Approved By:

Modified By:

DMC Access & Roles Task Force

Anja Canfield-Budde

Approved Date: October 30, 2013

Last Modified : October 30, 2013

Page 1 of 5

This Role Privilege Matrix describes how data access is administered in the UW’s Enterprise Data Warehouse (EDW). The vertical columns represent the

“Business Domains” of data that are available. There are many data tables from each business domain in the EDW that are available to users. Data is loaded

into those tables from official source business systems. (i.e. Human Resources - HEPPS, Financial - FAS, Student - SDB, etc.) The horizontal rows of the matrix

represent “Roles”, that Data Custodians of the source systems have defined, for specific row and column access to the data tables in each business domain.

Refer below to the definitions of the roles, as well as column privilege levels, for details on how access is applied. Refer to the Decision Support web site for

details on what data tables and reports are available via the EDW.

Business Domains

Financial Student

Rows Columns Rows Columns

All

None

All

None

All

None

All

None

All

Role Privilege Matrix

Areas

All Units

Academic

Units

Central Offices

All Campuses

Roles

Administrator/Manager/Fiscal Tech

Administrative Analyst

Payroll Coordinator

Advisor/Academic Staff

Faculty/Principal Investigator

Chancellor/Dean/Dean's Analyst

Academic Analyst

Institutional Analyst

Student Aid Analyst

Student Fiscal Analyst

Payroll Analyst

Academic Personnel/HR Analyst

Auditor

EDW Administrator

Human Resources

Rows Columns

All

None

All

HR Baseline

HR Expanded

None

HR Baseline

HR High

HR Full

All

Research

Rows Columns

All

None

All

Internal Audit

UW-IT

None All

ST Baseline All

None All

ST Baseline None

ST Baseline All

ST Baseline, ST Aid Low All

ST Expanded All

ST Expanded, ST Aid Med All

ST Expanded, ST Aid High All

ST Expanded, ST Fiscal All

ST Baseline All

All All

Note: Shaded Areas = Role access managed centrally via dmc-support Non-shaded Areas = Role access managed via delegation to ASTRA unit authorizer

Research Business Domain – Refers to access to administrative data related to research operations

Roles - May not relate to a position description or job title.

UW DATA MANAGEMENT COMMITTEE

Page 2 of 5

Security Roles and Access Privilege Matrix for READ-ONLY Access to Data - Version 20

ROLE DEFINITIONS

Role/Group Description Definition

Administrator/Manager/Fiscal Department administrators and managers, in academic or central

Tech departments, responsible for the administration of specific budgets

and/or the administration of employees in a specific organization.

Administrative Analyst Seattle, Tacoma or Bothell administrative staff responsible for providing

analysis of data to support UW Administration. For example, analysts in

UW Finance and Facilities, UW Information Technology, etc.

Payroll Coordinator Payroll Coordinators, in academic or central departments, responsible

for processing payroll information for specified groups of UW

employees.

Advisor/Academic Staff Student advisors and/or other staff involved in administrative functions

related to academic student data only.

Faculty/Principal Investigator Faculty involved in teaching and learning / Principle Investigators

involved in research

Chancellors/Deans/Dean's Chancellors, Deans, or principal Analysts of an academic unit.

Analyst

Academic Analyst

Institutional Analyst

Analysts that provide academic data analysis to UW central offices.

Seattle, Tacoma or Bothell Institutional Research staff responsible for

providing enterprise wide analysis of institutional data. For example,

analysts in UW Institutional Studies.

Analysts that provide student aid data analysis to UW central offices.

Analysts that provide student fiscal data analysis to UW central offices.

Central Department payroll analyst and/or functional staff. For

example, work includes federal income tax and employee deduction

data access needs.

Central Office HR, Academic HR or EOO analysts and functional staff.

Universal access granted by special University privilege. For example,

UW Internal Audit staff.

UW-IT staff responsible for developing and maintaining the Enterprise

Data Warehouse database environment.

Student Aid Analyst

Student Fiscal Analyst

Payroll Analyst

Academic Personnel/HR

Analyst

Auditor

EDW Administrator

Note: Shaded Areas = Role access managed centrally via dmc-support

Non-shaded Areas = Role access managed via delegation to ASTRA unit authorizer

UW DATA MANAGEMENT COMMITTEE

Page 3 of 5

Security Roles and Access Privilege Matrix for READ-ONLY Access to Data - Version 20

COLUMN DATA PRIVILEGES

Data Custodians classify data within the Enterprise Data Warehouse according to appropriate security

principles and standards. The charts below show for certain categories of data how classifications are

applied. The column privilege level headings below are represented in the Role Privilege Matrix above,

which indicates the level of access allowed for specific roles. Each Business Domain may have its own

set of privilege levels defined. Currently Human Resource and Student domains have specific column

privilege levels defined.

X = Privilege for read only access to a category of column data in the EDW

PRIVILEGE LEVELS

HUMAN RESOURCES

HR HR HR HR

Baseline Expanded High Full

All human resources data X X X X

except for the categories

listed below

Employment status X X X

Social Security number X X

Citizenship X X

Home Address and Phone X X

Deductions X X

Contributions X X

Date of Birth X X

Sex X X

Race/Ethnicity X

Disability X

Veteran Status X

Family Medical Leave Act X

Personnel Actions X X

Benefits X

Medical Conditions X

UW DATA MANAGEMENT COMMITTEE

Page 4 of 5

Security Roles and Access Privilege Matrix for READ-ONLY Access to Data - Version 20

STUDENT

All student data except

the categories listed

below

Student Charge Data in

Fiscal Tables

Social Security Number

Disability

Non Charge Data in Fiscal

Tables

Financial Aid Low

Financial Aid Med

Financial Aid High

PRIVILEGE LEVELS

ST ST ST ST Aid

Baseline Expanded Fiscal Low

ST Aid

Med

ST Aid

High

Student Fiscal charge related tables contain student expenditures for tuition, fees, housing, food, etc.

Student Fiscal non-charge related tables contain sensitive student account information

Financial Aid Low – minimal access – Select financial aid data for financial aid need determination analysis only.

Financial Aid Medium – broad access – Select financial aid data for enterprise-wide research and reporting only.

Financial Aid High – complete access – All financial aid data for Office of Student Financial Aid operations staff

only.

UW DATA MANAGEMENT COMMITTEE

Page 5 of 5

Security Roles and Access Privilege Matrix for READ-ONLY Access to Data - Version 20

GUIDING PRINCIPLES

1. This Matrix describes row (i.e. span of control) and column restrictions that should be applied to

institutional data in UW applications such as the Enterprise Data Warehouse (EDW). At the current

time no row restrictions have been defined for roles with access to EDW data.

2. Role assignments may span across different business domains. For example, the Faculty/PI role has

access to HR, Financial, and Student data. At the current time, the Advisors / Academic Staff role is

restricted to data only in the Student business domain.

3. To keep access management simple and timely, Data Custodians are encouraged to assign a user to

a single role on the matrix. If an exception to this principle is necessary (i.e. because a user performs

more than one job function) it is technically possible to assign a user to more than one role. In this

case, the combination of the assigned roles may give the user more, or a higher, level of access

privileges.

发布者：admin，转转请注明出处：http://www.yc00.com/xitong/1713174962a2197598.html

RolePrivilegeMatrix:角色权限矩阵

发表回复

评论列表（0条）

联系我们

400-800-8888

RolePrivilegeMatrix:角色权限矩阵

相关推荐

发表回复

评论列表（0条）

联系我们

400-800-8888