HRS Security

UW HRS Security Provisioning is used to request and grant access to the Human Resource System (HRS) for entry and/or viewing data.

Security Provisioning eForms are located on Employee Self-Service. When logging into HRS, core users may default to the Administrator Homepage. Select the Employee Self-Service page on the center drop down of the navigation bar. For ease of use going forward, we recommend you add Security Provisioning to your Favorites.

A guide for first time users or as a reference for those familiar with the system is available in the KB resources:

• KB 44549 – Request HRS Security Roles in HRS
  Note: Do not use the Request Roles for Multiple Employees until further notice
• KB 45752 – Approving HRS Security Role Requests in HRS
• KB 45004 – Approving Compliance Agreement (if end user missed the email notification with the link)

General info regarding HRS Security requests

• Strongly recommended to use the HRS templates. They are division or department level specific to functional areas and are a more effective way to request access to a related set of HRS security roles. Guidance for Determining Appropriate UW–Madison HRS Template(s) should be used when identifying the appropriate template(s) and whether Optional and Special Request security roles are also needed. Suggested changes to these standard templates should be sent to OHR HRIS.
• Comments are required for all requests. Indicate if template/s are being used and additional roles were added. If template is not used, include brief description why not. If the row level is more than division, include a brief justification. If using Security Removal, state why roles are being removed.
• An additional resource is the HRS Security Role Catalog with comments explaining how HRS security roles are being used at UW–Madison.
• HRS entitlements can be requested up to 6 days in advance of an HR user’s new start date. If the new user currently has HRS access in another UW position, wait for that position to end before submitting the request. If two positions are ongoing, the security roles being requested must be attached to the correct position.
• A user has 14 calendar days to complete the Compliance Agreement; otherwise, the roles will be dropped, and a new entitlement request would be needed.
• The Approver has 6 calendar days to approve the request; otherwise, the roles will need to be resubmitted.
• HRS entitlements are removed from an end user when their position terminates or an employee moves to a new position (e.g., action reason code: hire/rehire/transfer).
• Level of access reverts to the department level when action reason code is position change/change department on an employee’s current position.

Other Security-Related Requirements

• Security Awareness Assessment is required for all new HRS Core Users, including new users with Oracle Business Intelligence Enterprise Edition (OBIEE) access for HRS Shared Queries/Reports.
  • Email sent to new users at 4 p.m. on the day the HRS roles are approved.
  • User has 30 days to complete and pass the assessment.
    • HRS access (including OBIEE) will be granted prior to completion, however, access will be locked if not completed within 30 days.
    • Warning is sent before access is locked.
• Annual Security Awareness Assessment is required for all existing HRS Core Users.
• Attestation process, i.e., review of all HRS end user roles based on current business needs, occurs annually.
• Conflicts, referred to as Separation of Duties (SOD), need to be avoided whenever possible. They occur when an end user has security roles that allow an end user to add/change person/position/job data and also approve time.