The Row Security Permissions List (displayed in HRS as "Row Security Perm. List" and often shortened to just "row security") determines the data that the user can access within the HRS pages they're authorized to use based on their roles. The row security level begins with UW_DP_ and then ends with a business unit or UDDS. Examples of valid row security values include:
A user only has one row security value at a time, which applies to all positions and roles. A user's row security is carried through all HRS Security requests until it is changed by entering a new value into a request, which then replaces the previous value. Because users only have one security row value, that value must be broad enough to cover all units in which the user is working, but should still be the narrowest possible value so the user does not have access to data that they don't need.
Note: row security does not apply to EPM or UWBI (OBIEE) access, only HRS.
The sections or pages that a user can see in HRS, EPM, and UWBI/OBIEE are determined by the roles that the user has.
Roles include abbreviations for relevant functional areas, which can help you determine appropriate roles for different needs.
Roles determine the pages and features that the user can access within HRS, with specific data access determined by their row security permissions list. There are many roles and often roles have some degree of overlap with other roles, so working with roles can be confusing and overwhelming. To make it easier, it is recommended to use security templates to set up new users and then request additional individual roles as additional needs are identified.
Download the UW-Madison HRS Role Catalog
Some technical users might also need access to the Enterprise Performance Management (EPM) data warehouse, which stores data entered into HRS to use in custom queries and applications. EPM access requires the EPM ODBC Data Access (UW_UNV_EPM_ODBC_ACCESS) role in addition to specific roles that provide access to different sets of data tables. Learn more about EPM on the UWSS Data Warehouse site (requires NetID login).
Download the UW-Madison EPM Role Catalog
There are two primary roles for UWBI/OBIEE - non-sensitive and sensitive. Sensitive access includes non-sensitive access, so it is not necessary for a user to have both roles.
Security templates are pre-configured sets of roles designed for common user types. The table below summarizes the update, view, and UWBI/OBIEE access included in each template.
Template Name | Update Access | View Access | UWBI/OBIEE Access |
---|---|---|---|
Division HR |
|
|
|
Division Payroll |
|
|
|
Division Finance |
|
|
|
Department HR |
|
|
|
Department Payroll |
|
|
|
Department Finance |
|
|
|
View Only |
|
|
|
These templates are the result of many discussions between OHR and HRS users from throughout campus. Selecting a template automatically adds a set of roles to the request that HRS users in that template's functional area identified as universal needs.
Download the UW-Madison HRS Security Templates Guide
We want your input! If you have any feedback about these templates, email the OHR HRIS team!