i e,/67531/metadc685122/m2/1/high_res... · doc item: security administration plan hnf- 2713, rev.0...
TRANSCRIPT
![Page 1: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/1.jpg)
'"
f Distribution
12. To: (Receiving Organization) I 3. From: (Originating Organization) 14. Related EDT NO.:
SYSTEMS FDH N/A 7. Purchase Order NO.:
HAND1 2 0 0 0 INTEGRATION N/A 9. Equip.1Component No.: DAWN E. ADAMS
I FOR RELEASE ~
11. Receiver Remarks: 1 I A . Design Baseline Document? 0 Yes No
NI A 10. System/Bldg./Facili~:
N/A 12. Major Assm. Dwg. No.:
N/A 13. Permiffpermit Application No.:
(A) Item (E?) DocumentlDrawing No. (')$Pt No.
N/A 14. Required Response Date:
A proVal R~~~~~ OW- Receiv- 6esig- or Tran KFL &Lo- nator mittal stion sition
(E) Title or Description of Data Transmitted
2 1 Design Authority DAWN E. ADAMS G 1 - 2 1 3
116. KEY
DIANE WILSON G 1 - 2 1
I Approval Designator (F) I Reason for Transmittal (G) I Disposition (H) & (I)
Design Agent
Cog. Eng.
Cog. Mgr.
E, S, Q, D OR NIA 1. Ap roval 4. Review 1. Approved 4. Reviewed no/wmment I (See WHC-CM-3-5, I 2. Rekase 5. Post-Review 2. Approved wlwmment 5. Reviewed wlcomment . Sec. 12.7) 3. Information 6. Dist. (Receipt Acknow. Required) 3. Disapproved wlwmment 6. Receipt acknowledged
3 DOE/RL Reading Room H2-53 3 Hanford Technical Library Pa-55 3 Central Fi 1 es 81-07
117. SlGNATURElDlSTRlBUTlON (See Approval Designator for required signatures)
60-7400-1 72-2 (1 0197) 81)-7404172.1
![Page 2: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/2.jpg)
s HNF-2713, Rev. 0
SECURITY ADMINISTRATION PLAN FOR HAND1 2000 BUSINESS MANAGEMENT SYSTEM
Dawn E. Adams, FDH 2355 Stevens MSN G1-21 Richland, WA 99352 U.S. Department of Energy Contract DE-AC06-96RL13200
EDTJECN: 6 2 5 3 6 8 UC: 900 Ow Code: SL610000 Charge Code: WF6800 B&R Code: EW7001000 Total Pages: +7
b" Keywords: HAND1 2000, BUSINESS MANAGEMENT, SECURITY ADMINISTRATION, H2K, BMS, PEOPLESOFT, PASSPORT, TOOLS & METHODS, FINANCE, SUPPLY, CHEMICAL, HUMAN RESOURCES, PAYROLL, COTS
Abstract: This document encompasses and standardizes the integrated approach for security within the PP and PS applications, It also identifies the security tools and methods to be used. The Security Administration Plan becomes effective as of this document's acceptance and will provide guidance through implementation efforts and, as a "living document" will support the operations and maintenance of the system.
~~~~ ~
TRADEMARK DISCLAIMER. Reference herein to any specific commercial product, process, or service by trade name, trademark. manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation. or favoring by the United States Government or any agency Wereof or its wnbac:ors or subcontraiius.
Printed in the United States of America. To obtain copies of this document. contact: Dowment Control Services, P.O. Box 950, Maiistop H6-08. Richland WA 99352, Phone (509) 372-2420: Fax (509) 3764989.
P a s s p o r t (PP) i s a trademark o f Indus Corpora t ion . Peoplesof t (PS) i s a trademark of P e o p l e s o f t Corporation. U N I X i s a trademark l i c e n s e d e x c l u s i v e l y through X/Open Co. Ltd. Orac le i s a trademark o f Oracle Corporation. SQL i s a trademark o f Microsof t Corporation.
I .
Regase Approval Date
-.-- _.___^._ __ Approved For Public Release
A-6400-073.1 (10/97)
![Page 3: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/3.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 PAGE 1 of 46
SECURITY ADMINISTRATION PLAN
FOR
HAND1 2000
BUSINESS MANAGEMENT SYSTEM
Prepared by: Amanda McKay, LMSl Software Engineer
Prepared for: Fluor Daniel Hanford
Approved by:
Rbbert E. c_a?es, H2K Projek Director
Steve Maffey, FDHlClO Managel;/
L Y - % S Dawn E. Adams, BMS Project Manager
Phillip B. (Brian) Ixaacs, LMSl Project Manager
Jades T. Stowe, Site Security Operations
Date
&?A8 Date
9/2 d S 23' Date
![Page 4: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/4.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713. Rev.0 DATE: 09/15/98 PAGE 2 of 46
TABLE OF CONTENTS
1 INTRODUCTION ....................................................................................................... 3 1.1 OVERVIEW ................................................................................................................................... 3 1.2 PURPOSE ...................................................................................................................................... 3 1.3 SCOPE ........................................................................................................................................... 3 1.4 ACRONYM DEFINITIONS ............................................................................................................. 4 1.5 ROLES AND RESPONSIBILITIES ................................................................................................. 5 1.6 REFERENCES ............................................................................................................................... 5
2 NETWORK SECURITY ............................................................................................. 6 2.1 UNlX ACCOUNT MANANGEMENT PROCESS ............................................................................ 6 2.2 FILE ACCESS ................................................................................................................................ 7 2.3 EXTERNAL SYSTEM INTERFACES ............................................................................................. 8 2.4 FILE AND DATABASE SERVERS ................................................................................................. 8 2.5 WORKSTATION SECURITY ......................................................................................................... 8
3 3.1
4 4.1
5 5.1
6 6.1
PASSPORT ORACLE DATABASE SECURITY ....................................................... 9 PASSPORT DATABASE CONSIDERATIONS .............................................................................. 9
PEOPLESOFT RDMS DATABASE SECURITY ..................................................... 11 PEOPLESOFT DATABASE CONSIDERATIONS ........................................................................ 12
PASSPORT APPLICATION SECURITY ................................................................. 13 PASSPORT APPLICATION CONSIDERATIONS ........................................................................ 13
PEOPLESOFT APPLICATION SECURITY ............................................................ 15 SECURITY PROFILES ................................................................................................................ 15
6.2 OBJECT SECURITY ................................... : ................................................................................ 16 6.3 ROW LEVEL SECURITY ............................................................................................................. 16 6.4 QUERY SECURITY ..................................................................................................................... 17 6.5 FIELD LEVEL SECURTY ............................................................................................................. 17 6.6 FIELD AND RECORD AUDIT TRAIL ........................................................................................... 17
7
8
9
APPENDIX A USER ACCESS FORM .................................................................... 18
APPENDIX B PASSPORT SECURITY PROFILES ................................................ 23
APPENDIX C PEOPLESOFT HWPAYROLUTRAINING SECURITY PROFILES . 42
![Page 5: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/5.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 PAGE 3 of 46
1 INTRODUCTION
1.1 OVERVIEW
The Hanford Data Integration 2000 (HAND1 2000) Project will result in an integrated and comprehensive set of functional applications containing core information necessary to support the Project Hanford Management Contract (PHMC). It is based on the Commercial-Off-The-Shelf (COTS) product solution with commercially proven business processes. The COTS product solution set, of Passport (PP) and PeopleSoft (PS) software, supports finance, supply, chemical management, human resources, and payroll activities under the current PHMC direction. The PP software is an integrated application for Accounts Payable, Contract Management, Inventory Management, Purchasing and Material Safety Data Sheets (MSDS). The PS software is an integrated application for Projects, General Ledger, Human Resourcesflraining, Payroll, and Base Benefits. This set of software constitutes the Business Management System (BMS) and MSDS, a subset of the HAND1 2000 suite of systems. To be referred to throughout this document as BMS.
This document provides a framework for communicating how security will be implemented and maintained across the Fluor Daniel Hanford, Incorporated (FDH) integrated components of the financial, supply, chemical management, human resource, and payroll modules. The primary objective is to minimize significant risks to the new System while ensuring access is reasonable and commensurate with job position functionality.
1.2 PURPOSE
This document encompasses and standardizes the integrated approach for security within the PP and PS applications. It also identifies the security tools and methods to be used. The Security Administration Plan becomes effective as of this document's acceptance and will provide guidance through implementation efforts and, as a "living document", will support the operations and maintenance of the system.
1.3 SCOPE
The scope of security applies to the BMS applications The system is comprised of the following vendor product modules as databases
![Page 6: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/6.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 0911 5/98
This plan will consider three levels of security requirements: the network, application layer, and the DataBase Management Systems (DBMS).
PAGE 4 of 46
PassPort Oracle Database
Network
Peoplesoft Oracle & SQL Databases
Passport Peoplesoft
This plan does not encompass security of data that has been extracted or exported from the BMS environment. Lockheed Martin Services, Incorporated (LMSI) will not be responsible for security or validity of that data, however, LMSI will assist FDH in identification and/or control mechanisms for this data.
1.4 ACRONYM DEFINITIONS
![Page 7: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/7.jpg)
, . HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98
Acronym TEL TMS WAN
PAGE 5 of 44
Definition Telecommunications Training Matrix System Wide Area Network
Level of Security Implementation Responsible Organization &
Production Responsible Organization &
Network UNIX Sewer Access NT Sewer Access PP Oracle Database PS Oracle Database PS SQL Database PP Supply Application
Position Position LMSVOPS Network Administrator LMSVOPS Network Administrator LMSVOPS Password Administrator LMSVOPS Password Administrator LMSIREL Password Administrator LMSIREL Password Administrator LMSVOPS DBA LMSVOPS DBA LMSVOPS DBA LMSVOPS DBA LMSI/SDI DBA LMSI/SDI DBA FDH System Administrator FDH System Administrator
LMSVSDI Software Engineer
1.6 REFERENCES
HNF-2584 HNF-2858 HNF-2859 HNF-PRO-592 HNF-2857 System Design Description Appendix A Security Access Form Appendix B Passport Security Profiles Appendix C PeopleSoft Security Profiles
Region and Database Management Plan Backup and Recovery for HAND1 2000 Software Disaster Recovely for HAND1 2000 Hardware and Software Unclassified Computer Security Management Control Process
LMSI/SDI Software Engineer
FDH System Administrator
LMSI/SDI Software Engineer
FDH System Administrator
LMSVSDI Software Engineer
LMSVSDI Software Engineer
FDH System Administrator
LMSI/SDI Software Engineer
FDH System Administrator
![Page 8: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/8.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 PAGE 6 of 46
2 NEWORK SECURITY
The network is comprised of the following components:
Fileservers Database servers User workstations
Communication lines across the Wide Area Network (WAN) and Local Area Network (LAN)
Network and database security controls will comply with existing FDH policies and guidelines. The departments and responsible hardware owners will administer network security and audit on fileservers, workstations, and printers. Responsible LMSl organizations will ensure that policies are implemented in their appropriate areas.
Network Logon is the highest level of security for the system. Each Project Hanford Management Contract (PHMC) network user is assigned a user identification value, commonly referred to as Hanford Identification (HID) and password for authorized access to the network. Network operational procedures dictate enforcement of password changes on a regular basis and prevention of multiple unsuccessful logon attempts. These procedures will be applicable to BMS.
2.1 UNIX ACCOUNT MANANGEMENT PROCESS
A Password Administrator (PA) will set up a user account on the UNlX HAND1 2000 computer system. The security controls in place protect the system from unauthorized access, assure data integrity, and prevent misuse. Reference, HNF-PRO-592, Unclassified Computer SecunYy Management Control Process, Section 5.0 guidelines. This security is necessary in order to gain entry to the Peoplesoft and Passport applications.
2.1.1 Password Access Controls
The password automatically expires every 90 days. The expiration date initializes when the new user logs on the system for the first time. Passwords shall be from six to eight characters in length, with at least one non-alphabetic. The password's first character must be an alpha. There are controls established to prevent users from resetting passwords to a previous password.
User account passwords automatically expire every 90 days prompting the user to enter a new password. There are no restrictions regarding how often a password can be changed. Each time a password is changed it is encrypted to insure security.
To alert the System Administrator to possible intruder activity, a system log entry is made after five unsuccessful password entry attempts. There are scripts that generate an electronic mail message to the UNlX System Administrator that invalid attempts have taken place. The System Administrator reviews the log daily.
2.1.2 New Accounts
Either the Functional System Administrator or Data Owner will send an access request form to Technical Operations for a new user account to be set up on a particular system. The PA will perform the following:
Assign the user a Unique User Identification (UID) enabling them to access all UNlX systems for which they are approved.
![Page 9: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/9.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 PAGE 7 of 46
Assign the user an unique logon identification. This is typically the Hanford Identification (HID) number prefaced by an alphabetic character.
After the account and directory for new users are set up, a default password is assigned. The access request application will be returned to the Access Authorizer for notification that the account has been created. The application security can then be established.
0 The Access Authorizer will notify the new user of the logon identification and default password and coordinate any needed training.
The PA will send the new user, via electronic mail, a Password Verification form instructing the user on the proper use of passwords. The user will forward this message back to the PA, which indicates the user has read and understands the password rules. The forwarded form and the access request form will be retained by the PA for as long as the user has access to the system. If the user does not return this form within ten working days the account is suspended and a second request is sent. If no response from the user is received within five working days, the account is deleted from the system.
2.1.3 Delete Account
When the Access Authorizer notifies the PA of a user termination or transfer to another on-site company, the PA will immediately suspend the user account. The account will be deleted from the UNlX system within two days of notification. The PA will use a script to delete the logon id and directories from the password account file. The PA notifies the Access Authorizer of the UNlX system of terminated users that were deleted.
2.1.4 Change Password
The PA will make requested changes to user password files upon request; the most common request by users is to correct forgotten passwords. The PA will change the password to a default password and send the user an electronic mail message with the receipt of request and the new password, The system will prompt the user to enter a new password the next time the user logs on. This password will be encrypted to insure security.
2.1.5 Data Owner Account Review
On a quarterly basis, an updated list of all users is sent to the data owner's Access Authorizer for review along with a second list indicating "LAST LOGON by users. This list indicates the last date the user logged on the system. The Access Authorizer will send a request to the PA of any users no longer requiring access and will request the "LOGON I D be deleted from the password account.
2.1.6 LMSl Account Review
The PA creates a list of all users including the last date the user logged onto the system. Users that have not logged on for 90 days or longer or have a status of "NEVER LOGGED ON" will be deleted from the system. The PA will notify the Access Authorizer of account deletions.
2.2 FILE ACCESS
The EMS executable tiles will reside on secured tileservers. LMSl will list all directories and recommend read-only access to the directories where necessary.
![Page 10: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/10.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 PAGE 8 of 44
2.3 EXTERNAL SYSTEM INTERFACES
When data is sent to systems external to BMS, the security and audit for that data becomes the responsibility of the recipient; LMSl will outline the security and audit considerations for that data. Once data has been extracted for use outside of the BMS systems (through a report, query, or interface), the security and audit for the data is no longer auditable by LMSl or BMS.
2.4 FILE AND DATABASE SERVERS
Physical access to fileservers will be restricted. Each server will also be password protected and have appropriate backup procedures based upon the maximum level of security required by any one segment of the integrated data. Reference HNF-2858, Backup and Recovery for HANDl 2000 Somare and HNF- 2859, Disaster Recovety for HANDl 2000 Hardware and Somare.
NOTE The Human Resources (HR) system contains training data. When users access the Training Matrix System (TMX) via the Hanford Local Area Network (HLAN) Intranet, they will be able to access specific training information within the HR system. User level security will be managed by a 'secure' Structured Query Language (SQL) connection which will permit only approved access to HR training data.
2.5 WORKSTATION SECURITY
Whenever a report is generated from within the system, the default output for the file is the C:\TEMP directory. In this case, the data is no longer secure and becomes the responsibility of the person initiating the report. Each BMS user has the responsibility to abide by the FDH Computer Security Rules for closing down a 'session" while away from the workstation.
![Page 11: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/11.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 PAGE 9 of 46
3 PASSPORT ORACLE DATABASE SECURITY
The environment will consist of eight Oracle database instances (regions): Production Region Acceptance Region Development Region Practice Region Training Region DataLoad Region (Temporary) DemoRegion Integration Region (Temporary)
The user roles requiring differing degrees of access rights to data in these database instances are:
Network Administrator - . Server Administrator -
Functional System Administrator - Business function application administration manages user approvals access, table values security profiles.
Technical System Administration -
Power Users -
Periodic Users - .
Processes requests by users for access to the HLAN Sets up LAN user accounts with an initial password.
Sets up UNlX password accounts to allow logonlaccess to Database Servers.
Technical function which manages the technical aspects of the systems, Implements user access, table values and security profiles
Personnel utilizing PP to accomplish their daily work
Personnel who may require the PP applications to do some of their work but not necessarily on a daily basis.
Casual Users - Personnel who may require PP applications on an occasional basis.
NOTE: For additional information, Reference HNF-2884, Region and Database Management Plan and HNF-2857 System Design Document.
3.1 PASSPORT DATABASE CONSIDERATIONS
Database Logon
Direct access to the database operating environment will be given only to individuals with the proper approval. All other users will access the database strictly through the application. Data Definition Language (DDL) privileges will be restricted to the Database Administrator (DBA). Developers may still have Data Manipulation Language (DML) privileges, but will need the DBA to make physical changes to
![Page 12: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/12.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 PAGE 10 of 46
the database structure. Reference Appendix A, User Access Form
Query tools
Access to SQL*PIus. PS/Queiy, Clystal Reports and any other third party report writers will be used to perform queries. Access to these query and reporting tools will only be given to end-users once the system has stabilized, adequate training has been given and access need identified and approved.
![Page 13: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/13.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15\98
4 PEOPLESOFT RDMS DATABASE SECURITY
PAGE 11 of 46
PS Finance consists of seven databases:
0 Production Acceptance Development Demo Practice Training . Audit
PS Human ResourcedPayroll consists of five databases:
Production Development Demo Test Upgrade
For additional information, refer to HNF-2884, Region and Database Management Plan.
The following defines development, maintenance and user roles - Network Administrator -
Server Administrator -
Funcfional System Administrator- - Business function application administration manages user approvals access, table values security profiles.
Processes requests by users for access to the HLAN Sets up LAN user accounts with an initial password.
Sets up UNlX password accounts to allow logon/access to Database Servers.
Technical System Administration - Technical function which manages the technical aspects of the systems. Implements user access, table values and security profiles
Power Users - ~
Periodic Users -
Personnel utilizing PP to accomplish their daily work
Personnel who may require the PP applications to do some of their work but not necessarily on a daily basis.
Casual Users - Personnel who may require PP applications on an occasional basis.
![Page 14: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/14.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 PAGE 12 of 46
NOTE: For additional information, Reference HNF-2884, Region and Database Management Plan and HNF-2857 System Design Document.
The PS Tools application provides the ability to update data and to use a limited subset of the PeopleTools application. Tool access and capabilities will be implemented via the user class to which each HID user is associated. The options that are being considered for user class utilization are Nvision, Tree Manager, Process Scheduler, Process Monitor, and Query.
4.1 PEOPLESOFT DATABASE CONSIDERATIONS
Database Logon
Direct access to the database operating environment will be given only to individuals with the proper approval. All other users will access the database strictly through the application. DDL privileges will be restricted to the DBA. Developers may still have DML privileges, but will need the DBA to make physical changes to the database structure.
Query Tools
SQL*Plus, ISQL, PSIQuery, Crystal Reports and any other third party report writers will be used to perform queries. Access to these query and reporting tools will only be given to end-users once the system has stabilized, adequate training has been given and access need has been identified and approved.
![Page 15: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/15.jpg)
.. ..
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15\98 PAGE 13 of 46
5 PASSPORT APPLICATION SECURITY
The final layer of PP security is implemented within the application itself. PP provides several alternatives for defining the degree of granularity necessary. The appropriate FDH business owners will determine the level of security required for their data, PP facilitates implementation of security with the following options:
.
Security Events Security Event Type - Panel - Options - Execute Function - Generic Search - - Program Defined - Simple Code - Custom Authorization Levels Primary Level Security Level Type Security Group Security Profile
Rules Based (Field level security)
5.1 PASSPORT APPLICATION CONSIDERATIONS
Security Events
The foundation of PP's security system is the Security Event. A Security Event is an identifier associated with the security checkpoints performed by the architecture, and in some cases application programs. The Security Event tells what authorization should be used at the security checkpoint.
Security Event Type
Security Event Types categorize Security Events with types such as panel, option, and execute.
Authorization Levels
Authorization levels are the different levels of activity which a user may be authorized to perform on a Security Event:
Update Read-only None
Authorization levels are assigned to Security Events only within a Security Profile.
Panels have Security Events associated with them to allow the client to provide update, read, or no access to each panel. Options are menu options and may have security events controlling who has discrete option privileges on panel menus. The Execute Function controls access to the action associated with the Execute Command.
![Page 16: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/16.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 PAGE 14 of 46
Primary Level Security
Primary Level Security refers to data, which has a relationship to a global data element. This element is determined at system generation time and is typically Facility. If the value of Facility on the panel matches the default Facility for the user, then that is the user's own data. If the two values do NOT match, then the user is looking at other data. This may allow different access authorizations to be specified when a users' own Facility matches the facility associated with the data and when a user's own Facility does not match the data Facility.
Level Type
Level Type Security type determines what type of security authorizations and checking will be performed for a particular Security Event at the primary levels.
Security Groups
After Security Events, Security Groups are the next level of security. Security Groups are a logical combination of security events. A group is typically composed of related events to which a specific set of users would need the same access. The same authority will be granted later to a user or specified set of users to all the events in requested group.
Security Profiles
A Security Profile consists of a logical combination of Security Groups and/or Security Events, usually tailored to a group of users who have the same system access needs. A user can be assigned a single Security Profile, multiple Security Profiles or a combination of Security Profiles and Security Events. Typically a Security Profile is defined and assigned to a large group of users needing the same authorization levels to the same PP panels. The FDH Project Leads for Supply, Human Resources, and Payroll will finalize Security Profiles by approving the profiles. Approval will be denoted by their signatures.
User Profile
A User Profile consists of a logical combination of Security Profiles and/or Security Events which provide a user with secured system access that meets their particular job requirements. A User Profile may consist of several Security Profiles or Security Events or just one Security Profile or Security Event. If a user is associated with multiple profiles, the maximum "rights" are utilized. Each user will have their own User ID (equivalent to the UNlX user account). The Functional Administrator will assign the appropriate security profiles to individuals. FDH will ensure that appropriate training accompanies the assignment of a Security Profile to a user. For detailed information on PeopleSoft Human ResourceslPayroIl Operator Class Security Specifications Reference HNF - 2857 System Design Description.
Ownlother - grant and check for different authorization levels depending upon whether the data is the user's "own". Unconditional -allows authorization to be granted and checked with independence of the element and data associated with the Primary Level security. None- This level is not being used with this application.
![Page 17: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/17.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 PAGE 15 of 46
6 PEOPLESOFT APPLICATION SECURITY
The final layer of PS security is implemented within the application itself. The PS application offers multiple tools and options for security. It may not be necessary to utilize all aspects of PS security. PS facilitates implementation of security with the following options:
Security Trees Object Security Row Level Security by: - Project - Analysis Group - Ledger Query Security Field Level Security
The following section provides details on the PS security tools. For additional application level security information, reference Appendix B for Finance and Appendix C for Human Resources and Payroll.
Operator and Operator Class Security (Security Profiles)
Field and Record Audit Trail
6.1 SECURITY PROFILES
The Technical System Administrator will maintain control of the non-production (i.e. Development and Acceptance) database regions and will assign access on an as needed basis. Functional security profiles will be utilized in the production environment.
Security Profiles
Security profiles are defined using PS Security Administrator. Each Operator Class (security profile) is ,
defined according to the business processes that it requires access to. An individual may require a new Operator Class in order to meet a specific need, however, the decision to implement the new class will be made after proper change control approvals. Each user will require his or her own ID. The Security Administrator (Functional Administrator) will assign individuals to the appropriate Operator Classes, however, the business owner will determine which Operator Class a user will be assigned. FDH will ensure appropriate training accompanies the assignment of a security profile to a user. For detailed information on PeopleSoft BMS Financials Operator Class Security Specifications and PeopleSoft BMS HRlPR Operator Class Security Specifications Reference HNF - 2857 System Design Description
Panel Security
Panel access will be granted to users when it is needed for completing one's job assignments. This approach will provide users with only those areas that they need access to in order to fulfill the business need and reduce "menu clutter". However, all modules and panels will be accessible in a test environment.
Corrective Action
Correcting historical data is accomplished with Corrective Action. Use of the Correction action will be severely limited. Only specific users will be given full access to the Correction action in PS. This is to ensure that historical records are not updated without an adequate audit trail, and that the integrity of the data is maintained. Department users will only be given access to Correction where the business process
![Page 18: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/18.jpg)
.. .
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 0911 5/98 PAGE 16 of 46
demands it and only after appropriate training has been received
6.2 OBJECT SECURITY
Through Object Securjty, PS offers the capability to secure access to the various objects within the application. The specific objects that can be secured include import definitions, menu definitions, panel group,definitions, panel definitions, query definitions, record definitions, tree definitions, and projects. In a development environment it may be desirable to limit access to some of these objects. For example, once key panels and menus have been configured for production it may be necessary to restrict who has edit capabilities over these objects. It is also possible to create object groups that represent a specific area such as the general ledger. In this manner, access can be assigned only to object groups within a user's domain.
PS also offers the ability to restrict access to an entire object type - records, panels, etc. - using the Application Designer. This serves to control access to the Application Designer functionality that handles a particular type of object.
It should be noted that it is not always necessary to employ object level security, this is especially true when the size of the project team is relatively small and the group is knowledgeable. It is not needed if all developers require access to all application definitions. Currently, Finance does not plan to use Object Security.
6.3 ROW LEVEL SECURITY
PS offers the capability to secure access to specific rows of data within the database based on a number of attributes: Analysis Group, Ledger, Projects, Set ID, or Business Unit. Only one Business Unit and Set ID is being implemented and therefore, unlikely there will be a need to implement any row-level-security for these areas. However with Ledgers, Projects or Analysis Groups there may be requirements for row- level security.
Projects
Security for the project field is based on Project Trees. Within project security, the Tree Manager can control which users have access to each project through the Tree Manager. For example, project security can limit access to only one distinct project that a particular analyst or manager supports. The requirements for project level security will not be determined until the final list of system operator profiles is complete and the business need has be defined for restricting access to information. It is also necessary to wait for the list of valid Project IDS to avoid having to duplicate efforts. Currently, Finance does not plan to use Project level security. If Project level security were to be utilized, it will be necessary to build Project Trees in the system prior to assigning trees to operator classes.
![Page 19: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/19.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 PAGE 17 of 46
Ledgers
Ledger Security limits access to specific Ledger Types, Ledger Groups or individual ledgers. For example, there may be a requirement to allow users access tobudget ledgers without allowing.them access to the actuals ledger. It is also possible to secure access to specific nVision ledgers or business units, which will ensure that users can't create nVision reports that cut across ledgers to which they shouldn't have access.
6.4 QUERY SECURITY
Query takes advantage of operator profiles and row level security to allow how to control what query operations a user can perform and what data they can access using Query. Query options or functions are controlled for users via their Query Profile. For example, users may be able to run existing queries but not allowed to create new ones. Query types may be limited as well as the output options (Le. Excel, Crystal).
PS also uses Access Groups to provide a logical organization to records for user access. For example, an accounting user may have access to the Genaral Ledger Access Group (which contains all the related records for that function). Access Groups are nodes in a query tree which are built with Tree Manager. Once a query tree has been built, users may be granted access to one or more of its Access Groups. The user can then generate queries on any tables in the Access Groups accessible to them.
Once system users and their information requirements are identified, specific levels of access and appropriate Query access will be assigned. Access Groups will be utilized as much as possible. New Access Group will be added to meet specific requirements for additional tables.
6.5 FIELD LEVEL SECURTY
Peoplecode can restrict access to particular fields or columns within application tables. For example, if a certain class of operator needs to be able to access certain panels, but not to view a particular field on those panels, Peoplecode can hide the field for that operator class. At this point, PS recommends this functionality not be implemented because it entails customization of the application and would have upgrades implications.
6.6 FIELD AND RECORD AUDIT TRAIL
Through Field and Record audit trail, PS provides the ability to maintain a full audit trail at either the field or record level. This will be provided only for those processes requiring an audit trail due to impact to on-line performance and required disk space. LMSl will be responsible for providing adequate reports andlor tools for audits where an audit has been deemed necessary.
![Page 20: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/20.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 7 R
PAGE 18 of 46 Appendix A User Access Form
INSTRUCTIONS (Print o r Type) Please complete all applicable information about the person requiring access. Return completed forms to Security Administration G1-57.
User Name (last, first, mi) Hanford ID Company
Job Title CPU Number Work Location (bldg./aredroorn)
Manager Name (last, first, mi) Hanford ID Work Phone No.
Cost Center
Work Phone
Number
Manager
Signature
Select User Access AdditionsIChanges; all selected user access privileges MUST be supported by the Kind of Function or Information Access Required narrative. TYPE O F USER ACCESS REQUEST.
New 0 Change 0 Inactivate User Access
n Local 0 Network
Network Printer Address. I 0 Delet2 (no longer required)
Kind of Function or Information Access Required:
Business Process Owner Approval: Date:
System Administrator Approval: Date:
Function I ADproval I Auto-Approve 1 Comments ***Passport Users Only***
~~
leVL s YES Material request Material Material purchases only
Stock & JIT orders (WIMS)
Requisition Contract Contracts Only - ....
Purchase order and Amendment threshold Purchase order and Amendment threshold Contracts and Amendment threshold Contracts and Amendment threshold
Buyer Buyer Manager Contract Admin Contract Manager Contract Pay Payments Authorization only
![Page 21: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/21.jpg)
Authorize Vendor Add Vendor Update AE' Manager A/P Invoice Auditor A/P Vendor
PEOPLESOFT FINANCE
Technical System Administration Functional Administration Technical Support Project Controls Group Accounting Lead GL Accountant Treasury/AP Accountant Cost Accountant Funds Control Analyst Project Budget Analyst Other Program Analyst
Pending Status Only System Admin function only
I ADMINISTRATION USE ONLY. PEOPLESOFT PAYROLLmUMAN RESOURCES
0 0 0 0
Technical System Administration Peoplesoft Panels Crystal Reports Peoplesoft and Crystal
PASSPORT AP, PURCHASING, INVENTORY, CONTRACT MANAGEMENT, CHEMICAL MANAGEMENT
![Page 22: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/22.jpg)
1DI 2000 : ITEM: Security Administration Plan HNF- 2713, Rev.0 TE: 09/15/98 PAGE 20 of 46
7 Material Requisitoners 3 Contract Requisitoners 3 Requisition ReviewIApprove
J Buyer Tech Representative 0 Read 7 Inventory Management Specialist Only
3 Master Catalog Administrator 1 Treasury 7 AP 1099 Only
0 Read Only
0 Read Only
0 Read Only
0 Read Only
0 Read Only
0 Read Only
0 Read
0 Practice 0 Training 0 Audit 0 Upgrade 0 Other-
Date Access ProfiIe Completed: Date Password Assigned: I I Date AnaIyst Notified: Date Update Entered:
- 1 DA or SE Si&ature: Date: 6
1
Date:
![Page 23: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/23.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98 REQUEST FOR USER ACCESS FORM COMPLETION INSTRUCTIONS
. PAGE 21 of 46
1.0 PURPOSE
This form is used to document management authorization of PHMC personnel authorized to access the HAND1 2000 project modules.
2.0 SCOPE
This form must be prepared for any PHMC employee requesting access to the HAND1 2000 project modules.
3.0 RESPONSIBILITIES
The employees' manager shall ensure that a new access form is prepared and submitted to Security Administration when their employee requires:
Newaccess
No longer requires access Changes to an existing security profile
The employees' manager shall also ensure that an exiting employee completes the User Access form to terminate access as part of the exit interview process.
4.0 PROCEDURE
4.1 4.2 4.3 4.4
4.5
4.6
4.7
4.8
4.9
4.10 4.11
4.12
4.13
4.14
4.15
Complete all the user information in Block 1. Complete Type of User Access Request. Annual Access Review Only. - Leave blank and System Administrator will complete. Complete the Kind of Function or Information Access Required information in Block 3- provide a description of how the employee will use the business functions to perform their job duties. Business Process Owner Approval in Block 3 - leave blank and Business Process Owner will review and
sign authorizing employee access. System Administrator Approval in Block 3 - leave blank and System Administrator will review and sign authorizing employee access. For Passport Users only: Approval level - completed by the authorizing manager and required if the employee will be allowed to automatically approve material requests or is a purchasing or contract administrator. Contract administrators should designate approval levels.for contract requisitions, amendments, and payments. For Passport Users only: Auto Approve Indicator - complete by placing a checkmark after the appropriate approval level category. For PassPort Users only: Approval Dollar Level - complete by identifying the maximum dollar level the employee is authorized to approve for materials requests, materials purchase orders (buyer signature authority level), contract requisitions (buyer signature authority level), contract amendment, and contract payment authority level. Send the completed forms to Security Administration MSlN G1-57. Completed forms received at Security Administration will be routed to the appropriate Security Administrator. The functional Security Administrator will review the form for completeness and coordinate review and approval with the appropriate Business Process Owner. Business Process Owner reviews and approves the form and returns the approved form to the functional Security Administrator for assignment of the database(s) and employee security access profile@) that match the access information provided in step 3.9. The completed form is submitted to the Data Base Administrator for setup of the user password. Passport users will also be assigned a UNlX account. The Security Administrator will assign the password and forward request to the UNlX account administrator (if appropriate). If appropriate, the UNlX account administrator will assign an account to the employee and send the required UNlX account authorization form to the employee for completion.
![Page 24: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/24.jpg)
.. .
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE: 09/15/98
'
PAGE 22 of 46 4.16 The Security Administrator will notify the employee when their access is setup and ready for use.
![Page 25: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/25.jpg)
!AND1 2000
Responsibility Description
)OC I' )ATE: I A -
Access/ Functions
1: Securitv Administration Plan HNF- 2713, Rev.0 3/15/98 'ENDIX B PA! Yser PolelPassPort Security Profile
3ffice Support
PAGE 23 of 46 SPORT SECURITY PROFILES User I Passport
office administrative personnel responsible for entering orders basic cataloged office supplies in support of the
Master catalog Material request Vendor Search Electronic approval routing In-line order status View MSDS Purchase requisitions
PassPort Recommended Training Classes
GEN-001 Course No. 085000 Passport General Supplies Workshop for Office Support and PHMC Employees
Droduction Obtain Access
Systems Basics Portall97 CBT
Functional Business Owner POC:
Shari Bultena (Inventory)
Kim Schultz (Purchasing) Mike Stephenson (MSDS)
9pproval Level Designation Pequired for Drofile?
4uto -Approve Material qequests
![Page 26: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/26.jpg)
iANDI 2000 IOC ITEM: Security Administration Plan HNF- 2713, Rev.0
Approval Level Designation Required for Profile?
~
Auto-Approve Material Requests
PassPort Access/ Functions
CBT (Computer Based Training) Pre-Requisite to Obtain Access
Systems Basics Portall97 CBT
Master cat a Io g Material request Vendor Search Electronic approval routing On-line ordei status ViewMSDS Purchase requisitions Statement 01 Work Std. Clauses Contract Requisitions Vendor Search Multi-year milestones Contract payment status Contract amendment Electronic approvals
Electronic approvals Material requests Purchase requisitions Contract
Pi PassPort Recommended Training Classes
CONOOI/PUROO 1 Note: Combined class. Course No. 085005 PassPorl Contract Administration and Purchasing for Requisitioners
'1 5198 ser oldPassPort ecurity Profile
laterial equisitioner
itract qequisitioner
CONOOl/PUROO 1 Note: Combined class. Course No. 085005 PassPort
User Responsibility Description
Project personnel responsible for ordering materials from on-site and off- site sources.
Project personne responsible for preparing statements of work to request services from on. site and off-site
E 24 of 46 iaining :ertification lequired for 'roduction legion Access? l0
No Systems Basics PortaV97 CBT
'unctional lusiness Owner 'oc:
ihari Bultena inventory)
;im Schultz purchasing) Aike Stephenson MSDS) stan Cottrell contract mgt.)
Stan Cottrell (contract mgt.)
Auto-Approve Contract Requisitions
![Page 27: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/27.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0
User Responsibility Description
PHMC
DATE: 09/15/98 Passport Access/ Functions
Purchase orders Contract amendments Payment authorization S Purchase
Yser iole/PassPort Security Profile
requisitions Requestfor Proposals Vendor Search Award purchase order Expedite P.O. P.O. Revisions
0 Payment status Purchasing analysis
__ . .
-
iequisition ieviewers
3uyers
managers, who have signature authority to approve requisitions, authorize sole sources,' review open workloads, and track cost expenditures.
Manages !he work of Procurement personnel who prepare and issue purchase orders for material items.
reports Open buyer requisition backlog Purchase requisitions Request for Proposals Vendor Search Award purchase order Expedite
Passport Recommended Training Classes
Administration and Purchasing for Requisitionen
CONOOZ/PUROO 2 Note: Combined Class. Course No. 085010 Passport Contract Administration and Purchasing Workshop for Approving and Reviewing Management
PUR003 Course No. 085020 Passport Purchasing Workshop for Buyers
PAGE 25 of 46 Training :ertification Qequired for Droduction Pegion Access?
VO
Yes Shallenge Zourse by Demonstrating ability to navigate n Passport and serform basic wrchasing nodule functions.
CBT (Computer Based Training) Pre-Requisite to Obtain Access
System Basics PortaVQ7
Yes if challenging course must complete System Basics Portall97 CBT
%nctional Susiness Owner DOC:
3hris Hopkins :supply chain wt . )
Kim Schultz :purchasing) Shari Bultena :inventow mgt.)
, . . .
4pproval Level 3esignation Qequired for Drofile?
Yes Jollar signature eve1
Buyer xocurement authority spproval level ~equired for wrchase .equisitions and P.O. revisions.
![Page 28: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/28.jpg)
iANDI 2000 3OC ITEM: Security Administration Plan HNF- 2713, Rev.0
Approval Level Designation Required for Profile?
)ATE: - Functional Business Owner poc:
'1 5/98 PP Passport Recommended Training Classes
ser olefPassPort ecurity Profile
3uyer Manager
lser ?esponsibility )escription
Procurement personnel who prepares and issues purchase orders for material items.
'assPoti Iccess/ 3mctions
P.O. 1 P.O.
Revisions 1 Payment
status B Purchasing
analysis reports Electronic approvals Vendor performance Payment status Reassign purchase requisitions
performance analysis
Contract requisitions Requestfor Quotes Vendor Search Award contract purchase order Multi-year milestones Contract amendments Payment approvals Payment
8 Buyer
PUR003 Course No. 085020 PassPoit Purchasing Workshop for Buyers
E 26 Of 46 -raining :ertificafion Zequired for Jroduction 7egion Access?
Yes; Challenge Course by Demonstrating ability to navigate in Passport and perform buyer backlog review and assignment, and basic contract administration module functions
:BT (Computer 3ased Training) 're-Requisite to 3btain Access
Yes if challengin! course must complete System Basics Poitall97 CBT
Kim Schultz (purchasing) Shari Bultena (inventory mgt
Buyer Manager procurement authority approval level required for purchase requisitions and P.O. revisions.
. . . .
-
![Page 29: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/29.jpg)
iANDI 2000 IOC ITEM: Securitv Administration Plan HNF- 2713, Rev.0 DATE: - 311 5/98
Yser PoleiPassPort Security Profile
:ontract ldministrator
Contract 4dministrator Manager
Jser ?esponsibility 3escription
'rocurement iersonnel who irepare and ssue purchase xders for services.
Manages the Nork of Procurement personnel who mpare, issue, and administer contract purchase orders
Passport Access/ Functions
status Contract analysis reports Assignopen contract requisition buyer backlog Contract requisitions Requestfor Quotes Vendor Search Award contract purchase order Multi-year milestones Contract amendments Payment approvals Payment status Contract analysis ' reports Contract requisitions Statements of work Contract amendments Payment authorization
%wassport PAGE 27 of 46
Training ?ecommended Paining :lasses
>ON004 :ourse No. )85025 'assPort :ontract Administration for :ontract 4dministrators
:ON004 :ourse No. 185025 'assPort :ontract ldministration for :ontract 4dministrators
Certification Pequired for production Pegion Access?
Yes 3hallenge >ourse by Demonstrating ability to navigate n Passport and serform basic wrchasing nodule functions.
Yes; Challenge Course by Demonstrating ability to navigate in PassPori and perform buyer backlog review
:BT (Computer 3ased Training) Ve-Requisite to lbtain Access
res if challenging :ourse must :omplete System 3asics Portall97 :ET
les if challenging :ourse must :omplete System 3asics PortaV97 >BT
%nctional Susiness Owner POC:
I<im Schultz ;Contract mgt.) 3ob Allen (Vendors) Srent Wagner (accounts payable)
Kim Schultz (contract mgt.) Bob Allen (Vendors) Brent Wagner (accounts payable)
Contract administrator procurement authority approval level required for contract '
requisitions contract amendments, and contract payments.
Contract administrator Manager procurement authority approval level required for contract
Approval l eve l Designation Required for Profile?
![Page 30: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/30.jpg)
+AND1 2000 DOC ITEM: Securitv Administration Plan HNF- 2713. Rev.0
Passport Training Recommended Certification Training Required for Classes Production
Region Access? and assignment, and basic contract administration module functions.
CON005/PUR00 No
DATE: - CB T (Computer Based Training) Pre-Requisite to Obtain Access
Svstem Basics
3/15/98 User RoldPassPort Security Profile
3uyer Technical iepresentative
Inventory Management Specialist
Payment status
who are
reviewing and approving payment
services performed on contracts.
. . who are
maintaing adequate stocking levels for general supplies, spare parts; convenience
tools, and equipment
Master cat a Io g Material request Electronic approvals Cycle counting Replenish- ments Standards and procedures Purchase requisitions Inventory mgt. analysis
Master cat a Io g Material request Central receiving log Warehouse locations Material reservations Vendor search OSD&D
5Note: Classes combined. Course No. 085035 Passport Contract and Purchasing Workshop for Buyer Technical Reps.
INV-001 Course No. 085040 PassPort Inventory Mgt. for Inventory Mgt. Specialists.
POrtal/97 CBT
Functional Business Owner DOC:
<im Schultz :contract mgt.) Brent Wagner :accounts 3ayable)
Shari Bultena [inventory mgt.) 6im Schultz (purchasing) 30b Ailen [vendors)
4pproval Level Designation riequired for Profile?
squisitions :ontract amendments, and contract 3ayments.
uo
4pprove new blaster Catalog I D S Cycle Count Variance 4pproval
![Page 31: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/31.jpg)
iANDI 2000 )OC ITEM: Security Administration Plan HNF- 2713, Rev.0
jnancial and ion-financial controlled inventories.
Project personnel who are responsible for performing warehouse work associated with receiving, disbursing, counting, and shipping general supplies, spare parts, convenience storage, special tools, and equipment stocked in Materials Mgt. controlled warehouses. Project personnel that are responsible for quality control receiving inspection for material items received at the 2355 Stevens central receiving warehouse.
)ATE: - Jser ?esponsibility gescription
15/98 ser oldPassPort ecurity Profile
I Shari Bultena Auto approve (inventory mgt.) material requests Kim Schultz (purchasing) Bob Allen (vendors)
Jarehouse torekeeper
IC Inspection
'assport Iccesd :unctions
' QC inspection
t Warehouse distribution Shipping
1 Master catalog
B Material requests Purchase requisitions Purchase orders Standards and procedures Vendor search Central receiving log
e OSD&D Electronic approvals
Master catalog Material request Facility transfers Central receiving log Warehouse locations Material reservations Vendor
PAGE 29 of 46
raining Required for :lasses Production
:ourse No. 185045 'assport nventory danagement for Narehouse 'ersonnel
NV-003 :ourse No. 185050 'assport nventoly Mgt. for 3uality Control Inspectors
Yes
BT (Computer ased Training) re-Requisite to lbtain Access
;ystem Basics 'ortaV97 CBT
system Basics 'ortaV97 CBT
poc: Required for Profile?
Shari Bultena (inventory mgt.) Kim Schultz (purchasing) Bob Allen (vendors) Mike Taylor (standards and procedures)
![Page 32: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/32.jpg)
4ANDI 2000
Jser ?esponsibility Iescription
'roject personnel .esponsible for he receipt, Narehousing, iisbursement. iisposal, and Ihysical nventorjing of :hemica1 nventories within 'roject facilities.
Manager of 'reject personnel NhO are esponsible for xrforming Narehouse work associated with eceiving,
IOC I' IATE: __
PassPort Access/ Functions
search
Warehouse distribution
OSD&D
Shipping Cycle counting Tier II reporting . MSDS Schedule cycle counts
e Master catalog Material request Central receiving log Warehouse locations Material reservations Vendor search OSD&D QC inspection Warehouse distribution Shipping Invoice search Payment status Print checks Reconcile bank accounts
1: Security Administration VI5198 llser PoldPassPort Security Profile
3hemical nventorj Specialist
flarehouse Manager
Plan HNF- 2713, Rev.0 PAGE 30 of 46
'assport Zecommended rraining :lasses
NV-004 :ourse No. 185055 a s s P o rt
nventory danagement for :hemica1 nventoty Mgt. jpecialists
NV-002 :ourse No. )85045 'assPort nventory vlanagement for Narehouse 'ersonnel
Training Zertification Pequired for 'reduction Pegion Access?
fes
Yes
CBT (Computer Based Training) Pre-Requisite to Obtain Access
System Basics PortaV97 CBT
System Basics Portall97 CBT
Functional Business Owner POC:
Mike Stephenson (Chemical inventoty mgt. and MSDS) Shari Bultena (master catalog) Bob Allen (vendors) Kim Schultz (purchasing)
Shari Bultena (inventoty mgt.) Kim Schultz (purchasing) Bob Allen (vendors)
4pproval Level 3esignation Pequired for Drofile?
VO
4uto Approve material requests
![Page 33: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/33.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0
!ser ole1PassPort ecurity Profile
'reasury
/ser 7esponsibility )escription
lisbursing. :ounting, and ;hipping general upplies. spare )arts, :onvenience itorage, special ools, and ?quipment jtocked in Materials Mgt. :ontrolled NarehOUSeS. 4ccounting staff .esponsible for approving and Drinting checks 'or payments to satisfy Dutstanding accounts payable.
'assport 9ccessl 'unctions
On-demand payments
checks
transmission verifications
D Cashwires Check signing
B Approve
b EFT
Entering New invoice! Initiating matching Correcting invoice mismatches Process vouchers Entering cash advances Employee reimburse- ments Create model invoice Recurring payment schedule ERS invoice Credit invoices . 1099
rraining 'assport lecommended iaining :lasses
4P-001 PassPort Accounts 'ayable
:ertification 7equired for Jroduction Zegion Access?
Yes
:6T (Computer I Functional lased Training) 're-Requisite to )btain Access
jystems Basics 'ortall97 CBT
usiness Owner 'oc:
Went Wagner accounts layable) lob Allen vendors)
lpproval Level )esignation iequired for Jrofile?
No
![Page 34: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/34.jpg)
iANDI 2000 DOC ITEM: Securitv Administration Plan HNF- 2713, Rev.0 -
User Role/PassPort Security Profile
4P Invoice huditor
AP Payment 4pprover
4P Misc
User Responsibility Description
Accounting personnel responsible for entering invoices, generating verifications of service for payment approvals, reconciling invoices and payments, and entering vendor remit to information.
Accounting personnel responsible for approving payments for the purpose of authorizing payment of outstanding company payables. Accounting personnel responsible for various AP tasks
Passport Access/ Functions
processing
Initiating matching Recurring payment s c h e d u I e ERS invoices approvals Credit invoice approvals Payment approval 1099 processing
Create new vendor Update vendor information Update vendor remit to information Vendor status Deleting invoices administering recurring invoices & recurring payment schedules entering
'assport iecommended Training :lasses
PAGE 32 of 46
JP-001 'assPoit Jccounts 'ayable
4P-001 'assPoit 4ccounts 'ayable
'ASSPORT 4ccounts 'ayable
Jraining Certification Required for Production Region Access?
Yes
Yes
Yes
:BT (Computer 3ased Training) 're-Requisite to Ibtain Access
jystem Basics %tal197 CBT
jystems Basics 'orta1/97 CBT
jystems Basics 'orta1/97 CBT
Functional Business Owner POC:
Brent Wagner (accounts payable) Kim Schultz (purchasing & contract mgt.) Bob Allen (vendors)
Brent Wagner (accounts payable) Kim Schultz (purchasing & contract mgt.) Bob Allen (vendors)
Brent Wagner (accounts payable) Kim Schultz (purchasing & contract mgt.) Bob Allen (vendors)
4pproval Level Designation Required for Profile?
NO
Yes Dollar signature level
Yes Dollar signature level
![Page 35: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/35.jpg)
iANDI 2000 IOC ITEM: Security Administration Plan HNF- 2713, Rev.0
Passport Training Recommended Certification Training Required for Classes Production
Region Access?
PASSPORT Yes Accounts Payable
PASSPORT Yes Accounts Payable
)ATE: CBT (Computer Based Training) Pre-Requisite to Obtain Access
Systems Basics Portall97 CBT
Systems Basics Portall97 CBT
)/I 5/98 Jser ?ole/PassPort jecurity Profile
User Responsibiljty Description
Accounting personnel responsible for administering ED1 freight bills
I P ED1
Passport Access/ Functions
cash receipts performing contract & PO invoice overrides manageall ED1 transactions
4P Checks Accounting personnel responsible for running check processing
Accounting personnel responsible for administering 1099 reporting
Purchasing and Accounts Payable personnel responsible for entering initial vendor
AP 1099
execute check batch for prelim payment register process immediate payments cancel checks update1099 info. run 1099 reports launch 1099 processings
enter vendors in Passport only
Vendor Input PUR003 Course No. 085020 Passport Purchasing Workshop for Buyers
PUR-003 Systems Basics Passport PortaV97 CBT Purchasing Workshop for Buyers
PASSPORT Accounts Payable
PortaV97 CBT
Functional Business Owner poc:
Brent Wagner (accounts payable) Kim Schultz (purchasing & contract mgt.) Bob Allen (vendors) Brent Wagner (accounts . payable) Kim Schultz (purchasing & contract mgt.) Bob Allen (vendors)
Brent Wagner (accounts payable) Kim Schultz (purchasing & contract mgt.) Bob Allen (vendors) Kim Schultz (purchasing & contract mgt.) Brent Wagner (accounts payable) Bob Allen
Yes Dollar signature level
Yes Dollar signature level
No
No
Approval Level Designation Required for Profile?
![Page 36: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/36.jpg)
)ATE: 09/15/98
Role/PassPort Security Profile
INV-001 Course No. 085040 Pass P o rt Inventory Mgt. fOl Inventory Mgt. Specialists.
iANDI 2000 )OC ITEM: Security Administration Plan HNF- 2713, Rev.0
Recommended
E 34 Of 46 rraining :ertification iequired for Droduction Qegion Access:
Administrator
PUR-003 Pass P o rt Purchasing Workshop for Buyers
I Kim Schultz I NO (purchasing 8, contract mgt.) Brent Wagner (account'
Inventory Manager t- Proficient
knowledge of the Passport MSDS product Product specs. Documenting end user requirements Ad Hoc reporting Security setup and maint. MS Access Crystal
esponsible for naintaining rendor nforrnation in 'assPort.
ulanager of the 'roject personnel who are esponsible for naintaining 3. de q u a t e stocking levels for general supplies, spare parts, convenience storage, special tools, and equipment financial and non-financial controlled
rraining :lasses
Electronic approvals Cycle counting Replenish- ments Standards and procedures Purchase requisitions Inventory mgt. analysis
.
Purchasing Workshop for Buyers
Yes Systems Basics Portal/97 CBT
Obtain Access
Systems Basics PortaV97 CBT
DOC: Required for Profile?
payable)
(vendors) Bob Allen
Shari Bultena (inventory mgt.) Kim Schultz (purchasing) Bob Allen (vendors)
4pprove new Master Catalog IDS Cycle Count Variance Approval
![Page 37: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/37.jpg)
IANDI 2000 )OC ITEM: Security Administration Plan HNF- 2713, Rev.0
Functional Business Owner poc:
)ATE: 0911 5/98 User User Passport Role/PassPort Responsibility Access1 Security profile Description Functions
Approval Level Designation Required for Profile?
Maint. of users guides
rules
:BT (computer 3ased Training) >rere-Requisite to 9btain Access
3 SDS system Person jministrator responsible for
managing, verifying, and maintaining the preferences. simple, and complex code tables for the PassPort MSDS module. Administrator is also responsible for reviewing and approving security access forms for user access to the PassPort MSDS module.
I ABEND log Routing lists
Proficient knowledge c the PassPor Accounts Payable, inventory mgt, purchasing, contract mgt., and financial integration products . Product specs. . Documentii end user requiremer
reporting . Security setup and maint.
AdHOC
MSAcces! Crystal Report Wr . Maint. of users guid . Business
PAGE 35 of 46
rraining Required for :lasses Production
Administrator
MSDS-001 assport MSDS
?S
![Page 38: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/38.jpg)
+AND1 2000 )OC ITEM: Security Administration Plan HNF- 2713, Rev.0
)/I 5/98 %er RoleIPassPort Security Profile
.~
)ATE: assPort ccesd unctions
rules Monitor ABEND log Routing lists
proficient knowledge of the Passport Accounts Payable, inventory mgt., purchasing, contact mgt., and financial integration, MSDS products . Proficient in knowledge of the PeopleSoft financial product m o d u I e s . Proficient in knowledge of the Hanford Business Structure ( H W
specs. Product
Documenting , enduser
Passport Recommended Training Classes
Passport System Administrator AP-001 Passport Accounts Payable
P System dministrator
Tim Stokes (training coordinator) Brent Wagner
iccounts
!esponsibiliiy jescription
wson ssponsible for ianaging, erifying. and naintaining the ,references, ;imple, and :omplex code ables for the JassPort MSDS nodule. 4dministrator is dso responsible for reviewing and approving security access forms for user access to the Passport MSDS module.
sining I cBr (Computer ised Training)
requirements
reporting AdHOC
rtifica tion !quired for 1 aduction ?gion Access?
e-Requisite to btain Access
poc: Required for Profile?
I
0
ayable)
lo
![Page 39: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/39.jpg)
iANDI IOC I1 DATE: -
0 Security Administration Plan HNF- 2713, Rev.0
15/98 ~
;er ,le/PassPort xur i fy Profile
inance rtegration ,ystem ,dministrator
lser I ?esponsibilify Iescription
Person responsible for managing. verifying, and maintaining the preferences, simple, and complex code tables for the PassPort MSDS module. Administrator is also responsible for reviewing and approving security access forms for user access to the PassPort MSDS module.
2ssPort ,ccess/ unctions
Security setup and maint. MS Access Crystal Report Writer Maint. of users guides
I Business rules
t Monitor ABEND log Routing lists
B Proficient knowledge of the PassPort Accounts Payable, inventory mgt., purchasing, contact mgt., and financial integration, MSDS products Proficient in knowledge 0 the PeopleSoft financial product modules Proficient in knowledge 0 the Hanford Business
PAGE 37 of 46
raining Rewired for
'assport System tdministrator (P-001 'assPort kcounts 'ayable
.o'ducfion ?gion Access?
es
ased Training) re-Requisite to bfain Access
40
miness Owner
im Stokes .raining oordinator) 'erry Main financial 7tegration)
Jprova/ Level 1 ?signation squired for yofile?
lo
![Page 40: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/40.jpg)
iANDI 2000 IOC ITEM: Security Administration Plan HNF- 2713, Rev.0
Functional Business Owner poc:
>ATE: '1 5/98 ser ole/PassPort ecurity Profile
Gchasing and :ontract Mgt. System 4dministrator
k e r tesponsibility )escription
Person responsible for managing, verifying, and maintaining the preferences, simple, and complex code tables for the Pass P o rt Purchasing and Contract Mgt. Modules. Administrator is also responsible
assport ccessl unctions
I
Structure (HBS) Product specs. Documenting end user requirements Ad Hoc reporting Security setup and maint. MS Access Crystal Report Writer
b Maint. of users guides
t Business rules
w Monitor
1 Routing lists
Proficient knowledge of the PassPort Accounts Payable, inventory mgt.. purchasing, contract mgt., and financial integration, MSDS products Proficient in
ABEND log
PAGE 38 of 46
iaining :lasses Production Obtain Access
PassPort System Administrator
PUR-003 Course No. 085020 PassPorl Purchasing Workshop for Buyers CON-004 Course No. 085025 Pass P o rt Contract
Yes NO Tim Stokes (training coordinator) Kim Schultz (purchasing and contract mgt.)
lpproval Level )esignation fequired for 'rofile?
No
![Page 41: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/41.jpg)
DOC I1 DATE:
User Responsibility Description
HAND1 2000 Securitv Administration Plan HNF- 2713, Rev.0 P.l
for reviewing and approving security access forms for user access to the Passport MSDS module.
15198 ier ,lefPassPort xurity Profile
nventory Mgt. System Idministrator managing,
verifying, and
JassPort PassPort 4ccesd Recommended
Training Classes
Contract PeopleSofl financial product modules Proficient in knowledge of the Hanford Business Structure (HBS) Product specs. Documenting end user requirements AdHoc reporting Security setup and maint. MSAccess Crystal Report Writer Maint. of users guides Business rules Monitor ABEND log Routing lists
Proficient knowledge 0 the PassPort Accounts Payable,
dministrators
PassPort System Administrator
INV-001 Course No.
E 39 of 46 raining ertification 'equired for 'roduction legion Access?
Yes
ased Training) re-Requisite to btain Access
lusiness Owner 'oc:
Csignation 'equired for 'rofile?
Tim Stokes (training coordinator) Shari Bultena
No
I
![Page 42: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/42.jpg)
)OC I1 )ATE: __ CBT (Computer
Based Training) Pre-Requisite to Obtain Access
IANDI 2000 Securitv Administration Plan HNF- 2713, Rev.0
User Responsibility Description
15/98 ier ilefPassPort icurity Profile
preferences, simple, and complex code tables for the Passport Inventory Mgt. module. Administrator is also responsible for reviewing and approving security access forms for user access to the PassPort MSDS module.
085040 Pass P o rt
iventory Mgt. for iventory Mgt. pecialists
'assport iccessf 'unctions
inventory mgt., purchasing, contract mgt., and fin an c i a I integration, MSDS products
t Proficient in knowledge c the Peoplesoft financial product modules
B Proficient in knowledge ( the Hanford Business Structure ( H W Product specs. Documentin end user requiremeni AdHoc reporting Security setup and maint. MSAccess
Report Writ
users guide
Crystal
Maint. of
Business
~
unctional iusiness Owner 'oc:
White (inventory
,pproval Level lesignation !equired for 'rofile?
![Page 43: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/43.jpg)
Passport Training Recommended Certification Training Required for Classes Production
Region Access?
I
CB T (Computer Functional Approval Level Based Training) Business Owner Designation Pie-Requisite to POC: Required for Obtain Access Profile?
User Role/PassPort Security Profile
User Passport Responsibility Access/ Description Functions
rules Monitor ABEND log Routing lists
![Page 44: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/44.jpg)
iANDI 2000 )OC ITEM: Security Administration Plan HNF- 2713, Rev.0
lser Role/HRIS Jser ?esponsibi/ity
HR/S Access/ Functions :ecurity Profile
Jescription
Jpdate employee and job change nformation. Jpdate hires, .erminations, department Zhanges.
'ersonnel !ecords Update lser
Personal Data Employment Job Data Emergency Contact Jobcode. grade and salary tables Department table Education Applicant Hire
3enefits User
COBRA - Inactive Employee Insurance Maintenance
employee insurance eligibility and options.
Base Benefits Personal Data Employment Job Data Dependent/ Beneficiary COBRA Data
Maintain the insurance coverage of inactive Billing employees.
NlNG SECUF fR/S ?ecommended rraining :lasses
t lntro to HR b Into to
Benefits b Crystal
Reporting 1 Query n PS/nVision t Process
n Recruitment Position Managemen
Scheduler
lntro to HR lntro to Benefits lntro to Payroll Crystal Reporting
lntro to HR lntro to Benefits
e lntro to Payroll Crystal Reporting
,GE 42 of 46 Y PROFILES rraining :ertification Pequired for Droduction Region Access? Uone
None
None
CBT (Computer Based Training) Pre-Requisite to Obtain Access
None
None
None
Wnctional Business Owner poc:
Becky Calapristi
Becky Calapristi
Becky Calapristi
9pproval Level 3esignation Pequired for Drofile?
i R Security 4ccess 4dministrator 4pproval and/or HR Management
HR Security Access Administrator Approval and/or HR Management
HR Security Access Administrator Approval and/or HR Management
![Page 45: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/45.jpg)
HAND1 2000 DOC DA'I -
EM: Securitv Administration Plan HNF- 2713, Rev.0 0911 5/98 User RoleIHRlS Security Profile
Pension 8, Savings User
EEO User
i R Sewice 'rovider
User Responsibility Description
Identify pension and retirement eligibility and benefit for employee.
Report EEO and Affirmative Action goals and status.
View and report employee job history, compensation and disability. Update and maintain recruiting activity. Provide update
direction to HR personnel records update users.
HRlS Access/ Functions
0 Personal Data Employment Job Data
EEO Status Personal Data Employment Job Data Competency Managemeni Career/ Succession Planning
w Applicants, job requisitions, recruiting
v Personal Data
B Employment B Job B Salary
Planning B Base
Benefits B SetupHGET
training v Competency
Management e Position
Management
HRlS Recommended Training Classes
lntro to HR Crystal Reporting
lntro to HR Crystal
Career/ Reporting
Succession Planning Competency Managemen
lntro to HR lntro to Benefits Crystal Reporting Planning Compensatic n Position Managemeni PS/n Vision Recruitment
None
None
\lone
CB J (Computer Based Training) Pre-Requisite to Obtain Access
None
None
None
Functional Business Owner poc:
Becky Calapristi
Becky Calapristi
3ecky Calapristi
Approval Level Designation Required for Profile?
HR Security Access Administrator Approval andlor HR Management
HR Security Access Administrator Approval andlor HR Management
i R Security 4ccess 4dministrator lpproval andlor i R Management
![Page 46: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/46.jpg)
iANDI 2000
Functional Business Owner Poc:
. , . ' 1 .
1 HR/SAccess/ I HRlS Training t e r 'ecommended Certification raining Required for
)OC I )ATE - CB T (Computer
Based Training) Pre-Requisite to
LM: Securitv Administration Plan HNF- 2713, Rev.0
Crystal Reporting Recruitment
lntro to HR lntro to Benefits
, lntro to Payroll
t Position Management
t Crystal Reporting Query
t PS/nVision B Manage
Competencie S
e Recruitment Planning Compensatio n PeopleTools Process Scheduler
lntroto HR lntro to Benefits lntro to Payroll Crystal Reporting
19/15/98 lser Role/HR/S :ecurity Profile
None
None
IR ;ubcontractor lser
dentify and naintain appropriate murity access or users. Map jata for system JpgradeS. Test joftware :hanges. Define Jser ~equirements. Provide training and help for database users. Set up and define new system functionality. Maintain production reports and system interfaces. Maintain payroll tables. For example, taxing, insurance, additional pay, earnings and deductions etC.
i R System :unctional Administrator
. Payroll User
'esponsibility I Functions I
I 1 lescription
ompensation, mployee job ,istory, disability lnd recruiting Ictivity.
Applicants, job requisitions, recruiting Personal Data Employment Job
All HR panels and tables Overall HR security access Manage database changes
Base Benefits Tax Tables Payroll Tables Personal Data
I
Production lbtain Access
one
.lone
Becky Calapristi
Becky Calapristi
I None I Didi Staudacher
Access Administrator Approval and/or Payroll Management
ipproval Level lesignation !equired for profile?
1R Security ccess idministrator rpproval and/or i R Management
-lR Security iccess jdministrator 4pproval and/or -IR Management
![Page 47: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/47.jpg)
HAND1 2000 DOC ITEM: Security Administration Plan HNF- 2713, Rev.0
Approval Level Designation Required for Profile?
DA1 - Functional Business Owne poc:
09/15/98 Yser RoldHRIS Security Profile
HRlS Recommended Training Classes
D lntro to HR n lntro to
Benefits v lntro to
Payroll Adv Payroll PeopleTools PSlnVision Payroll Year- End
'ayroll System Wctional idministrator
PAGE 45 of 46 Training Certification Required for Production Region Access;
None
-raining User
User Responsibility Description
Identify and maintain appropriate security access for users. Map data for system upgrades. Test software changes. Define user requirements. Provide training and help for database users. Set up and define new system functionality. Maintain production reports and system interfaces.
Schedule and register employees into training courses. Bill departments for classes taken. Update training requirements.
HRlS Access/ Functions
B Employment * Job
I All Payroll panels and tables
t Overall Payroll security access
1 Manage database changes
Scheduling and registration
Course Billing Completed Training
t TMX
CBT (Computer Based Training) Pre-Requisite to Obtain Access
Uone
Uone
Didi Staudacher
Lucy Reed
Payroll Security Access Administrator Approval and/or Payroll Management
Training Security Access Administrator Approval and/or Training vlanagement
![Page 48: I E,/67531/metadc685122/m2/1/high_res... · DOC ITEM: Security Administration Plan HNF- 2713, Rev.0 DATE 09/15/98 Acronym TEL TMS WAN PAGE 5 of 44 Definition Telecommunications Training](https://reader033.vdocument.in/reader033/viewer/2022042000/5e6d6fedeb985d4f171490dd/html5/thumbnails/48.jpg)
Approval Level Designation Required for Profile?
Security Profile
Training Security Access Administrator Approval andlor Training
I Management
t-- HRlS Access/ HRIS Training 1 User Role/HRIS User
Responsibility Functions Recommended Certification Description Training 'equired for
Classes roduction
Training System Functional Administrator
CBT (Computer Based Training) Pie-Requisite to Obtain Access
Run completed training reports.
Identify and maintain appropriate security access for users. Map data for system upgrades. Test software changes, Define user requirements. Provide training and help for database users. Set up and define new system functionality. Maintain production reports and system interfaces.
I
3mctional 3usiness Owner =oc:
~
Reports
All training lntro to HR panels and Crystal tables Reporting Overall PSlnVision training PeopleTools security access Manage database changes
Lucy Reed