HRS Access Guide - Row Security, Roles, and Security Templates

This document provides an overview of the HRS Access Guide - a series of KB documents providing guidance about HRS access for UW-Madison users, including requesting access, finding training, and fulfilling security requirements.

This document provides in-depth information about the Row Security Permissions List, Roles, and Security Templates, which all determine what users are able to do in HRS, EPM, and UWBI.

Row Security Permissions List

The Row Security Permissions List (displayed in HRS as "Row Security Perm. List" and often shortened to just "row security") determines the data that the user can access within the HRS pages they're authorized to use based on their roles. The row security level begins with UW_DP_ and then ends with a business unit or UDDS. Examples of valid row security values include:

  • UW_DP_A022045
  • UW_DP_A0220
  • UW_DP_A02
  • UW_DP_UWMSN

A user only has one row security value at a time, which applies to all positions and roles. A user's row security is carried through all HRS Security requests until it is changed by entering a new value into a request, which then replaces the previous value. Because users only have one security row value, that value must be broad enough to cover all units in which the user is working, but should still be the narrowest possible value so the user does not have access to data that they don't need.

Row Security examples

  • A user only needs to see data within the A022045 subdepartment. In this case the user should have a row security value of UW_DP_A022045.
  • A user needs to access data within the A022010 and A022045 subdepartments and does not need to access data outside of A0220. In this case the user should have a row security value of UW_DP_A0220.
  • A user needs to access data within the A0210 and A0220 departments and does not need to access data outside of A02. In this case the user should have a row security of UW_DP_A02.
  • A user needs to see data within the A01 and A02 divisions. In this case the user should have a row security level of UW_DP_UWMSN.

Note: row security does not apply to EPM or UWBI (OBIEE) access, only HRS.

Roles

The sections or pages that a user can see in HRS, EPM, and UWBI/OBIEE are determined by the roles that the user has.

Role Areas

Roles include abbreviations for relevant functional areas, which can help you determine appropriate roles for different needs.

  • AM -- Absence Management - includes access to information about leaves taken, balances, entitlements, etc.
  • BI -- Business Intelligence - includes access to reporting functions such as PayCheck, Commitment Accounting, OBIEE/UWBI, etc.
  • BN -- Benefits - includes access to various elements of employee benefits
  • DB -- Database - includes access to data tables/views (EPM only)
  • FI -- Finance - includes access to information about funding, budgets, salary cost transfers, etc.
  • HR -- Human Resources - includes access to information about persons, jobs, positions, etc.
  • IR -- Interactive Reporting - includes access to data tables/views (EPM only)
  • PY -- Payroll - includes access to information about additional payrolls, direct deposites, paychecks, retro pay, taxes, etc.
  • TL -- Time and Labor - includes access to information about timesheets, supervisors, payroll coordinators, schedules, etc.

HRS roles

Roles determine the pages and features that the user can access within HRS, with specific data access determined by their row security permissions list. There are many roles and often roles have some degree of overlap with other roles, so working with roles can be confusing and overwhelming. To make it easier, it is recommended to use security templates to set up new users and then request additional individual roles as additional needs are identified.

Download the UW-Madison HRS Role Catalog 

EPM roles

Some technical users might also need access to the Enterprise Performance Management (EPM) data warehouse, which stores data entered into HRS to use in custom queries and applications. EPM access requires the EPM ODBC Data Access (UW_UNV_EPM_ODBC_ACCESS) role in addition to specific roles that provide access to different sets of data tables. Learn more about EPM on the UWSS Data Warehouse site (requires NetID login).

Download the UW-Madison EPM Role Catalog 

UWBI/OBIEE roles

There are two primary roles for UWBI/OBIEE - non-sensitive and sensitive. Sensitive access includes non-sensitive access, so it is not necessary for a user to have both roles.

  • BI HRS Qry-Non-Sensitive (UW_UNV_EPM_ALL_QRY_LBRY_NS) - access to all non-sensitive UWBI/OBIEE reports
    • This role is included in HR, Payroll, and Finance security templates and is appropriate for most users.
  • BI HRS Queries-Sensitive (UW_UNV_EPM_HR_QRY_LBRY_S) - access to both sensitive and non-sensitive UWBI/OBIEE reports
    • This role requires justification in the request comment for why the user needs to access sensitive data. This role is typically only given to HR staff at the division level, but exceptions may be made if a user has a specific business need for it.

Security Templates

Security templates are pre-configured sets of roles designed for common user types. The table below summarizes the update, view, and UWBI/OBIEE access included in each template.

Summary of access provided by HRS Security Templates
Template Name Update Access View Access UWBI/OBIEE Access
Division HR
  • Person
  • Position
  • Job
  • Person Profile
  • Time & Labor
  • Contracts
  • Emergency Contacts
  • Benefits
  • Payroll
  • Non-Sensitive
Division Payroll
  • Absence Management
  • Payroll
  • Time & Labor
  • Benefits
  • Person
  • Job
  • Position
  • Non-Sensitive
Division Finance
  • Funding/budgeting
  • Person
  • Job
  • Position
  • Payroll
  • Non-Sensitive
Department HR
  • Person
  • Jobs (Student Help only)
  • Jobs (all non-Student Help)
  • Position
  • Benefits
  • Payroll
  • Non-Sensitive
Department Payroll
  • Absence Management
  • Payroll
  • Time & Labor
  • Benefits
  • Person
  • Job
  • Position
  • Non-Sensitive
Department Finance
  • Funding/budgeting
  • Person
  • Job
  • Position
  • Payroll
  • Non-Sensitive
View Only
  • None
  • Benefits
  • Funding
  • Person
  • Job
  • Position
  • Payroll
  • Time & Labor
  • None

These templates are the result of many discussions between OHR and HRS users from throughout campus. Selecting a template automatically adds a set of roles to the request that HRS users in that template's functional area identified as universal needs.

Download the UW-Madison HRS Security Templates Guide 

We want your input! If you have any feedback about these templates, email the OHR HRIS team!



Keywordsoracle, peoplesoft, human resource system, epm, uwbi, obiee   Doc ID119679
OwnerColin S.GroupHR COP
Created2022-07-14 10:58:40Updated2024-01-02 15:18:45
SitesHR Communities of Practice
Feedback  1   0