Annual Security Access RecertificationEach year, Northwestern University conducts a review of user access for the NUFinancials and Cognos systems as part of the University’s larger effort to comply with industry standards for information security. Approvers review active users for their department/unit and provide feedback for any updates to the Financial Operations IT Security team.
Instructions for Performing the Recertification Review
Background and resources
The 2022 Annual Security Access Recertification includes three categories in the worksheet for review.
Employee Self Service
Approval for assigned Tree Nodes, Departments and or Project IDs
Assigned chartstrings, including Tree Nodes, DeptIDs and/or Project IDs
This role provides basic user inquiry access to accounting information, asset management, billing, budget details, travel and expense transactions, journal entries, vouchers, grants, and project costing. This view-only access is limited by row level (chartfield) security. This role allows for creation of Payments Requests, Vendor Requests, Portal Actuals Journals, and Expense Reports. It also includes iBuyNU Shopper access. Standard workflow procedures are in effect.
GE007 Report Reference
Review PeopleSoft Roles section
Review Workflow Approvals section
Review Data Security Access (RLS) section
N/A – Review of the GE007 for these users is NOT required
You still must indicate whether user should remain active or be inactivated.
For each user on the Recertification form (as applicable), verify that the following sections in GE007 report are correct:
- PeopleSoft Roles – roles that dictate the functions a user can perform in NUFinancials
- Workflow Approvals - level(s) of approval assigned to a user for Tree Nodes and chart string values
- Data Security Access (RLS)
- Nodes and chart string values limit the data viewable online and in Cognos reports
- Note the extra column “Access Managed By” at the end of the Department Values section. If field lists “Chartfield Manager Module” then access was granted because the individual is identified as the ChartField Manager for the DeptID value. If field is empty, then access was granted by submission of a FFRA security form.
The data for this review is a snapshot as of February 28, 2022 and is static data. This means that employees that have terminated or transferred after this date may display as having access, even though it has been removed automatically by the system. Please do not add new users to the spreadsheet. The review is performed on an annual basis, and additional staff hired after February 28, 2022 will be on next year's review.
Finalization and submission of User Access Recertification
- For each user, the reviewer must indicate their status. Mark an X in the column under Status that matches the user’s current employment standing within your department/unit. All users must have at least one Status column marked.
- Active – Mark an X in this column under Status if the user’s access is correct and no change is needed.
- Active but Incorrect Access – Mark an X in this column under To correct the user’s access, use a new Security Form and submit via email to Financial Operations IT Security.
- Not in Unit / School – Mark an X in this column under Status if the user is does not belong to your department/unit.
- No longer @ NU – Mark an X in this column under FOIT Security will remove all FFRA Systems access for the user with the exception of the Basic Expense and Shopper roles.
- Terminate Date – Indicate the Date the user was (or will be) terminated from the department/unit. FOIT Security will remove all FFRA Systems access with the exception of the Basic Expense and Shopper roles for the user according to the date provided.
- Transfer Date – Indicate the Date the user moved to another department/unit. FOIT Security will remove all FFRA Systems access to your department/unit with the exception of the Basic Expense and Shopper roles according to the date provided.
- On Leave or Emeritus – Mark an X in this column under User’s NUFinancials profile will remain active unless otherwise noted by reviewer.
- After access for each user is verified, the reviewer must type their name and date of review at the top of the spreadsheet:
- Submit the completed and signed (by typing name and date of review as described above) spreadsheet via email to FOIT Security.
Instructions for Running the GE007 Report
The GE007 report is best supported in the Mozilla Firefox browser. If you prefer Internet Explorer, refer to additional steps in the Running the GE007 Report section below.
Navigation to the GE007 Report
- Login to Cognos Reporting
- Click Team content on the left menu
- Click Finance Facilities and Research Administration
- Click School
- Click either Budget/COA or Monthly Financial (either selection works)
- Click GE007 – User Security Profile
Running the GE007 Report
The GE007 Report can run reports for multiple users or departments. The report for users will be used to review individual information. The report for departments will be used to identify any new additions or unexpected users who do not belong to your department.
To look-up multiple users:
- Select the entire column of NetIDs from your departmental excel spreadsheet.
- Click “copy”
- Under Report Run Control select “NetID – Name”
- Under the “Keywords” field, right click and select “paste”
- Click “Search”
- Click “Select All” to highlight all the NetIDs in the Results field and click “Insert”
- Click “Finish”
Additional look-up steps for Internet Explorer method:
- Select the list of NetIDs and right click copy
- Use an empty excel cell and right click “Paste Special”
- Choose the “Transpose” option
- Copy the row of NetIDs and paste into the GE007 search box.
To look-up a Department:
- Under Report Run Control select “FASIS Department Search & Select”
- Type in the name of the department (if you do not know the exact name of the DeptID, under “Options” click “Contains any of these keywords”)
- Click “Search”
- Click on the DeptID and click “Insert”
- Click “Finish”