MEMORANDUM

To:	NSM Application Administrators
From:	David Wimberly
Date:	August 30, 1993
Subject:	Desk-Based Security

On September 4th the University will be implementing desk-based security. Users of Natural applications will be assigned Desk IDs and their access rights to those applications will be redefined in terms of these Desk IDs. This means that you, as an owner and security administrator of a Natural application, will begin authorizing desks for access to your applications in place of individual users.

Why are you making this change?

Currently, access is defined in terms of an individual's user ID. When there is a turnover of personnel, the access rights granted a past employee should no longer be valid and those rights need to be passed on to the new employee. With access defined in terms of user IDs, this transition is very cumbersome and labor intensive. It requires a departmental representative to request the necessary security changes, and it requires you, the application owner, to remove all access established for the old employee and re-setup this access for his or her replacement. It may take several months to effect these changes, and during this transition the University is exposed to potential breaches of security. With desk-based security, personnel turnover requires no action by the application administrator, and the department need only reassign the desk to the new employee. This parallels exactly what happens in real life: a new person fills an old job with an existing office, phone, physical desk, and now a computerized desk complete with the tools to perform online administrative functions.

Why is it critical that this change be made now?

There are two reasons for implementing desk-based security at this time, and they both relate to the implementation of the new BASIS (Business and Administrative Strategic Information System) applications.

BASIS requires direct departmental access and update ability. There will be far more users of Natural applications than ever before, and those users will be performing critical administrative functions using those applications. This means there will be more security definitions to be maintained by application administrators, and those definitions will be essential to the operation of the University. The shift to desks will greatly reduce your effort required to perform this administration, and it is desirable to complete this transition before BASIS comes online.
BASIS will employ electronic routing and approval of some transactions. To accomplish this, there will be thousands of transaction routing definitions that have to be defined and maintained. The BASIS applications and the necessary support systems have been designed to perform this routing based upon desks. This was done for the same reasons that desks are being used for application access: changes in personnel can be accommodated with minimal effort. Desk-based security needs to be in place prior to the creation of the transaction routing definitions.

What other changes are being made?

The NSM Maintenance System and security for NSM applications has been enhanced to allow default access to an application. This means that you, as a security administrator, can now define your application to be accessible to anyone that has a valid CICS and Natural ID without explicitly granting access to the desk (previously the user). This feature does not have to be used, you may continue to explicitly grant all access privileges to your application. If, however, there is never a reason to deny a certain type of access (inquiry only ability limited to selected screens), you may be interested in defining default access for your application. Please see the the ADA function, Application Default Access, for more information.

What do I have to do?

The conversion from the existing user-based security to desk-based security will be performed by Computing Services on September 4th. All access previously provided an employee will continue to be available. You, as an application administrator, are affected since further security definitions within the NSM Maintenance System (NSM-MS) must be performed in terms of desks. Several changes have been made within the NSM-MS application to use desk. To assist you in using the updated system, you are invited to attend a special training session to be held in ADSB 118 on September 8th from 3:00 to 4:30. We are confident that you will have little problem adjusting to the changes. The attached documentation on the new functions may be of benefit if reviewed prior to the class, or may be used in lieu of the training.

Please feel free to call Kathryn Cantrell (7332) or David Wimberly (6465) for more information or assistance.