HRS Access Guide - Row Security, Roles, and Security Templates
This document provides an overview of the HRS Access Guide - a series of KB documents providing guidance about HRS access for UW-Madison users, including requesting access, finding training, and fulfilling security requirements.
This document provides in-depth information about the Row Security Permissions List, Roles, and Security Templates, which all determine what users are able to do in HRS, EPM, and UWBI.
Row Security Permissions List
The Row Security Permissions List (displayed in HRS as "Row Security Perm. List" and often shortened to just "row security") describes the data that the user can access within the HRS pages they're authorized to use based on their roles. The row security level begins with UW_DP_ and then ends with a business unit or UDDS. For example:
- UW_DP_A022045 - access to jobs in A022045 subdepartment
- UW_DP_A0220 - access to jobs in A0220 department
- UW_DP_A02 - access to jobs in A02 division
- UW_DP_UWMSN - access to jobs in UW-Madison
Row security should be the smallest unit that still fulfills the user's work needs. However, a user can only have one row security level, which sometimes makes it necessary to move "up" a level. For example, if a user needs to see job data within A07 and A53, they would need a row security level of UW_DP_UWMSN as the smallest unit that contains both A07 and A53 since they cannot have specific access to A07 and A53 (be sure to explain this in the comments!)
Note: row security does not apply to EPM or UWBI (OBIEE) access, only HRS.
The sections or pages that a user can see in HRS, EPM, and UWBI/OBIEE are determined by the roles that the user has.
Roles include abbreviations for relevant functional areas, which can help you determine appropriate roles for different needs.
- AM -- Absence Management - includes access to information about leaves taken, balances, entitlements, etc.
- BI -- Business Intelligence - includes access to reporting functions such as PayCheck, Commitment Accounting, OBIEE/UWBI, etc.
- BN -- Benefits - includes access to various elements of employee benefits
- DB -- Database - includes access to data tables/views (EPM only)
- FI -- Finance - includes access to information about funding, budgets, salary cost transfers, etc.
- HR -- Human Resources - includes access to information about persons, jobs, positions, etc.
- IR -- Interactive Reporting - includes access to data tables/views (EPM only)
- PY -- Payroll - includes access to information about additional payrolls, direct deposites, paychecks, retro pay, taxes, etc.
- TL -- Time and Labor - includes access to information about timesheets, supervisors, payroll coordinators, schedules, etc.
Roles determine the pages and features that the user can access within HRS, with specific data access determined by their row security permissions list. There are many roles and often roles have some degree of overlap with other roles, so working with roles can be confusing and overwhelming. To make it easier, it is recommended to use security templates to set up new users and then request additional individual roles as additional needs are identified.
Some technical users might also need access to the Enterprise Performance Management (EPM) data warehouse, which stores data entered into HRS to use in custom queries and applications. EPM access requires the EPM ODBC Data Access (UW_UNV_EPM_ODBC_ACCESS) role in addition to specific roles that provide access to different sets of data tables. Learn more about EPM on the UWSS Data Warehouse site (requires NetID login).
There are two primary roles for UWBI/OBIEE - non-sensitive and sensitive. Sensitive access includes non-sensitive access, so it is not necessary for a user to have both roles.
- BI HRS Qry-Non-Sensitive (UW_UNV_EPM_ALL_QRY_LBRY_NS) - access to all non-sensitive UWBI/OBIEE reports
- This role is included in HR, Payroll, and Finance security templates and is appropriate for most users.
- BI HRS Queries-Sensitive (UW_UNV_EPM_HR_QRY_LBRY_S) - access to both sensitive and non-sensitive UWBI/OBIEE reports
Security templates are pre-configured sets of roles created from the input of common user types: [wpdatatable id=11] These templates are the result of many discussions between OHR and HRS users from throughout campus. Selecting a template automatically adds a set of roles to the request that HRS users in that template's functional area identified as universal needs. Refer to Guidance for Determining Appropriate UW–Madison HRS Templates for help with identifying the appropriate template(s) and whether additional Optional and Special Request security roles are also needed.
We want your input! If you have any feedback about these templates, email the OHR HRIS team!