Authority Manager:
Spring 2009 Enhancement Overview
Two significant changes are being made to Authority Manager automated processes this spring to improve the security of Stanford's computing systems. The changes involve auto-revocation and auto-reinstatement of system authority.
Auto-Revocation of Authority
Historically, all system authority was automatically revoked when an individual departed the University. Beginning March 2009, Authority Manager will also automatically revoke all of an individual's authority any time there is a change in his/her University or department affiliation (e.g. change to organization or department, leave of absence, etc.)
IMPORTANT NOTE: When individuals are affiliated with multiple departments and their affiliation with one department changes, their authority will be automatically revoked for ALL their departments. Authority grantors in those departments with which the individual retains an affiliation will need to go in to Authority Manager to manually reinstate their authority.
Auto-Reinstatement of Authority
Historically, if an individual officially left Stanford and experienced auto-revocation of all authority, Authority Manager kept a snapshot of their authority records for a period of 7 days. If the person returned to Stanford within the "7-day grace period", regardless of the nature of his/her new affiliation, all of his/her previous authority was automatically reinstated. This 7-day auto-reinstatement is being removed. Now, any time a person "returns" to Stanford, regardless of the amount of time that has passed, Authority Grantors must use the Authority Manager application to reinstate their authority (if revoked within the last 60 days) or grant new authority privileges. The new Recently Revoked page described below facilitates this process for returning affiliates.
Changes to User Interface and New Features
Summary descriptions of the changes are described below. For detailed information about the new features please see the updated Authority Manager tutorial.
Preview by clicking the eyeglasses icon.
New Features |
||
|---|---|---|
View - Drop down Pick List |
|
A new drop down pick list provides a quick way to select and view a person's current authority, recently revoked authority, or proxy view. |
|
This new page displays authority that has been revoked within the last 60 days. Authority granters have the ability to Restore individual assignments or Restore All from this page. Notes:
|
|
Revoke All |
|
Revoke All provides a quick and efficient mechanism to rescind all privileges for a given system (e.g., Enterprise Reporting, Financial System GL, Human Resources, etc.) at once rather than having to revoke them one by one. Notes:
|
Current Authority Page |
|
The new view drop down list and Revoke All button are now available. |
Proxy Page |
|
Reformatted and now includes the new drop down pick list. |
New and revised wizards |
The new processes (Restore All and Revoke) have new wizard pages. Existing pages have been updated where needed. |
|
Questions and Answers Related to
Authority Revocation and Reinstatement:
- If I am re-organizing my department and changing people’s assignment org codes, will I have to restore all their authority?
If you are only moving a few people around the Restore All feature should allow you to easily reinstate their authority. However, if you are moving a large number of people we can help restore them for you. Submit a HelpSU ticket describing your planned changes before you make the changes in PeopleSoft. Request Category - Administrative Applications, Request Type - Authority Manager, you will need to provide a list of the effected SUNet IDs and the planned date for the change.
- I have an employee who has more than one job (multiple assignments). What happens if the assignment org or status changes on the other job?
Any change will trigger the revocation of all authority. You, or someone with granting ability, will need to go to the person’s “recently revoked authority” screen and click “Restore All”. All the authority for which you have granting ability will be restored.
- What happens to someone who is on disability or maternity leave - is their authority automatically revoked?
Yes, when a staff member goes on disability or maternity leave their affiliation changes to "staff: onleave". This new status will cause their existing authority to be revoked. In order to retain their authority, someone with appropriate granting ability should review their "recently revoked page" and "restore all" authority. This must be done within 60 days of them going on leave, as the recently revoked authority retains the information for only 60 days. When the individual returns, their status will again change, and the same process must be done.
- When someone is laid off is their authority automatically revoked?
No, under our current policy, employees who are laid off receive 60 days of notice pay during which time they remain on payroll. Neither the severance period or terminal vacation constitute a change in status, therefore their authority must be manually revoked.
- If someone has an authority limit with more than one value (say two specific projects) and I only have one of them, can I restore or revoke that authority assignment limit?
Currently, this is not possible. You must have grantable authority that matches completely the limits on the other person's authority assignment. You cannot revoke or restore the authority assignment if you do not match. If it was revoked by someone else you can make a new authority grant for the one you have, but not for the other. If the authority needs to be revoked you will need to request someone with sufficient grantable authority to do it.
- How does someone know his/her authority has been revoked due to a department or status change?
An email notification is sent to the individual indicating that authority assignments have been revoked due to an affiliation change.