HRS Access Guide - Row Security, Roles, and Security Templates
This document provides an overview of the HRS Access Guide - a series of KB documents providing guidance about HRS access for UW-Madison users, including requesting access, finding training, and fulfilling security requirements.
This document provides in-depth information about the Row Security Permissions List, Roles, and Security Templates, which all determine what users are able to do in HRS, EPM, and UWBI.
Row Security Permissions List
The Row Security Permissions List (displayed in HRS as "Row Security Perm. List" and often shortened to just "row security") describes the data that the user can access within the HRS pages they're authorized to use based on their roles. The row security level begins with UW_DP_ and then ends with a business unit or UDDS. For example:
- UW_DP_A022045 - access to jobs in A022045 subdepartment
- UW_DP_A0220 - access to jobs in A0220 department
- UW_DP_A02 - access to jobs in A02 division
- UW_DP_UWMSN - access to jobs in UW-Madison
Row security should be the smallest unit that still fulfills the user's work needs. However, a user can only have one row security level, which sometimes makes it necessary to move "up" a level. For example, if a user needs to see job data within A07 and A53, they would need a row security level of UW_DP_UWMSN as the smallest unit that contains both A07 and A53 since they cannot have specific access to A07 and A53 (be sure to explain this in the comments!)
Note: row security does not apply to EPM or UWBI (OBIEE) access, only HRS.
Roles
The sections or pages that a user can see in HRS, EPM, and UWBI/OBIEE are determined by the roles that the user has.
Role Areas
Roles include abbreviations for relevant functional areas, which can help you determine appropriate roles for different needs.
- AM -- Absence Management - includes access to information about leaves taken, balances, entitlements, etc.
- BI -- Business Intelligence - includes access to reporting functions such as PayCheck, Commitment Accounting, OBIEE/UWBI, etc.
- BN -- Benefits - includes access to various elements of employee benefits
- DB -- Database - includes access to data tables/views (EPM only)
- FI -- Finance - includes access to information about funding, budgets, salary cost transfers, etc.
- HR -- Human Resources - includes access to information about persons, jobs, positions, etc.
- IR -- Interactive Reporting - includes access to data tables/views (EPM only)
- PY -- Payroll - includes access to information about additional payrolls, direct deposites, paychecks, retro pay, taxes, etc.
- TL -- Time and Labor - includes access to information about timesheets, supervisors, payroll coordinators, schedules, etc.
HRS roles
Roles determine the pages and features that the user can access within HRS, with specific data access determined by their row security permissions list. There are many roles and often roles have some degree of overlap with other roles, so working with roles can be confusing and overwhelming. To make it easier, it is recommended to use security templates to set up new users and then request additional individual roles as additional needs are identified.
Download the UW-Madison HRS Role Catalog
EPM roles
Some technical users might also need access to the Enterprise Performance Management (EPM) data warehouse, which stores data entered into HRS to use in custom queries and applications. EPM access requires the EPM ODBC Data Access (UW_UNV_EPM_ODBC_ACCESS) role in addition to specific roles that provide access to different sets of data tables. Learn more about EPM on the UWSS Data Warehouse site (requires NetID login).
Download the UW-Madison EPM Role Catalog
UWBI/OBIEE roles
There are two primary roles for UWBI/OBIEE - non-sensitive and sensitive. Sensitive access includes non-sensitive access, so it is not necessary for a user to have both roles.
- BI HRS Qry-Non-Sensitive (UW_UNV_EPM_ALL_QRY_LBRY_NS) - access to all non-sensitive UWBI/OBIEE reports
- This role is included in HR, Payroll, and Finance security templates and is appropriate for most users.
- BI HRS Queries-Sensitive (UW_UNV_EPM_HR_QRY_LBRY_S) - access to both sensitive and non-sensitive UWBI/OBIEE reports
- This role requires justification in the request comment for why the user needs to access sensitive data. This role is typically only given to HR staff at the division level, but exceptions may be made if a user has a specific business need for it.
Security Templates
Security templates are pre-configured sets of roles designed for common user types. The table below summarizes the update, view, and UWBI/OBIEE access included in each template.
| Template Name | Update Access | View Access | UWBI/OBIEE Access |
|---|---|---|---|
| Division HR |
|
|
|
| Division Payroll |
|
|
|
| Division Finance |
|
|
|
| Department HR |
|
|
|
| Department Payroll |
|
|
|
| Department Finance |
|
|
|
| View Only |
|
|
|
These templates are the result of many discussions between OHR and HRS users from throughout campus. Selecting a template automatically adds a set of roles to the request that HRS users in that template's functional area identified as universal needs.
Download the UW-Madison HRS Security Templates Guide
We want your input! If you have any feedback about these templates, email the OHR HRIS team!