Best Practices: User Security Role Reviews

• Provides best practices for periodic security role review

• Ensure appropriate security role assignments and segregation of duties

• Departments should make sure security roles are assigned to appropriate and knowledgeable staff.
• Departments need to ensure the segregation of duties so that no one person has sole control over the entirety of a transaction.

• Recommend Department reviews of security roles periodically/annually to ensure consideration of roles and segregation of duties.
• Review user roles on a periodic basis to:
  • Ensure the appropriate & knowledgeable staff is approving - based on transaction type
  • Review roles to determine if additional approvers are needed - based on approver knowledge, understanding - departmental vs financial (business office)
  • Review changes in personnel/re-organizations, etc.
• Useful queries in UGA Financials - can include results in review:
  • UGA_USER_ROLES
  • UGA_USER_ROLES_BY_DEPT - all users in a workflow route by department
  • UGA_USER_ROLES_ROUTINGS - by user, list of all roles and departmental assignment

• Quick Start to Financial Approval Pools

• OneSource Training Library course: Access Request, Security, and Workflow

• ​​​​​​​OneSource Security Roles
   

Contributed by Lisa Catanese

Last updated 03/03/2020