To:
|
NSM Application Administrators
|
From:
|
David Wimberly
|
Date:
|
August 30, 1993
|
Subject:
|
Desk-Based Security
|
On September 4th the University will be implementing
desk-based security. Users of Natural
applications will be assigned Desk IDs and
their access rights to those applications will be redefined in
terms of these Desk IDs. This means that you, as an owner and
security administrator of a Natural application, will begin
authorizing desks for access to your applications in place of
individual users.
Currently, access is defined in terms of an individual's user ID.
When there is a turnover of personnel, the access rights granted
a past employee should no longer be valid and those rights need
to be passed on to the new employee. With access defined in terms
of user IDs, this transition is very cumbersome and labor
intensive. It requires a departmental representative to request
the necessary security changes, and it requires you, the
application owner, to remove all access established for the old
employee and re-setup this access for his or her replacement. It
may take several months to effect these changes, and during this
transition the University is exposed to potential breaches of
security. With desk-based security, personnel turnover requires
no action by the application administrator, and the department
need only reassign the desk to the new employee. This parallels
exactly what happens in real life: a new person fills an old job
with an existing office, phone, physical desk, and now a
computerized desk complete with the tools to perform online
administrative functions.
There are two reasons for implementing desk-based security at
this time, and they both relate to the implementation of the new
BASIS (Business and Administrative Strategic Information System)
applications.
- BASIS requires direct departmental access and update ability.
There will be far more users of Natural applications than ever
before, and those users will be performing critical
administrative functions using those applications. This means
there will be more security definitions to be maintained by
application administrators, and those definitions will be
essential to the operation of the University. The shift to
desks will greatly reduce your effort required to
perform this administration, and it is desirable to complete this
transition before BASIS comes online.
- BASIS will employ electronic routing and approval of some
transactions. To accomplish this, there will be thousands of
transaction routing definitions that have to be defined and
maintained. The BASIS applications and the necessary support
systems have been designed to perform this routing based upon
desks. This was done for the same reasons that desks are being
used for application access: changes in personnel can be
accommodated with minimal effort. Desk-based security needs to be
in place prior to the creation of the transaction routing
definitions.
The NSM Maintenance System and security for NSM applications
has been enhanced to allow default access to an
application. This means that you, as a security administrator,
can now define your application to be accessible to anyone that
has a valid CICS and Natural ID without explicitly granting
access to the desk (previously the user). This feature does not
have to be used, you may continue to explicitly grant all access
privileges to your application. If, however, there is never a
reason to deny a certain type of access (inquiry only ability
limited to selected screens), you may be interested in defining
default access for your application. Please see the the ADA
function, Application Default Access, for more information.
The conversion from the existing user-based security to
desk-based security will be performed by Computing Services on
September 4th. All access previously provided an employee will
continue to be available. You, as an application administrator,
are affected since further security definitions within the NSM
Maintenance System (NSM-MS) must be performed in terms of desks.
Several changes have been made within the NSM-MS application to
use desk. To assist you in using the updated system, you are
invited to attend a special training session to be held in ADSB
118 on September 8th from 3:00 to 4:30. We are confident that you
will have little problem adjusting to the changes. The attached
documentation on the new functions may be of benefit if reviewed
prior to the class, or may be used in lieu of the training.
Please feel free to call Kathryn Cantrell (7332) or David
Wimberly (6465) for more information or assistance.