How are approval requests routed?
The following table identifies all the University administrators involved in approving your Federated Authorization Community requests:
|
Scenario Name
|
Initiated
by
|
Pre-
Submission
|
1st Level
Approver
|
2nd Level
Approver
|
3rd Level
Approver
|
4th Level
Approver
|
Notes
|
PeopleSoft
|
Select 1 diamond/restricted role
or
Select 2 diamond/restricted
(different data stewards) roles
|
User or Security
Contact
|
User Agreement (if
Security Contact), Send
Supervisor Notification
|
Security Contact
(RC of requestee)
|
Data Steward* (one approver)
|
Pitt IT Security
|
Student Systems
|
* indicates optional step if the approval component is a diamond/restricted role |
PeopleSoft
|
Select no approval components
or
Do not select diamond/restricted role
|
User or Security Contact
|
User Agreement (if Security Contact), Send Supervisor Notification
|
Security Contact (RC of requestee)
|
(skipped)
|
Pitt IT Security
|
Student Systems
|
|
GL Mart
|
User Submits
or
Supervisor submits
|
User or Supervisor or RC Financial Approver
|
|
Supervisor
|
RC Financial Approver
|
Financial Data Steward
|
Pitt IT Analytics*
|
* indicates implementation rather than approval |
GL Mart Group
|
User submits
|
User or Supervisor or RC Financial Approver
|
|
Supervisor
|
RC Financial Approver
|
Financial Data Steward
|
Pitt IT Analytics*
|
* indicates implementation rather than approval |
Student Mart
|
|
User or Security Contact
|
User Agreement (if Security Contact), Send Supervisor Notification
|
Security Contact (RC of requestee)
|
Data Steward*
|
Privacy Officer*
|
Pitt IT Analytics
|
* indicates optional step if the approval component is diamond or restricted role
|
RC Admin
|
|
RC Admin
|
Send Supervisor Notification
|
RC Admin
|
Pitt IT Security
|
|
|
|
Employee Mart
|
No Highly Restricted Data or Additional RCs Selected |
User or Supervisor
|
User Agreement
|
Supervisor Approval
|
RC Authorized Approver (RC HR Approver for the RC of the Requestee)
|
Pitt IT Analytics |
|
|
Employee Mart
|
Restricted Data Selected |
User or Supervisor
|
User Agreement
|
Supervisor Approval
|
RC Authorized Approver (RC HR Approver for the RC of the Requestee AND Any Additional RCs)
|
*HR Data Steward and/or Privacy Officer |
Pitt IT Analytics |
*Any Highly Restricted Data selected will lead to additional approvals |
What happens to a request when there are multiple approvers?
The request goes in to a queue and any approver can review, then accept or reject the request.
Are there steps that I can take as an approver to add information to my approvals?
In addition to adding comments, a site feature lets you post notes to the request using the Notes section.
How will I be notified about pending requests that require my approval?
You will get an automated email when the request is submitted and receive reminder messages containing the links to each approval request that is pending every Tuesday and Thursday.
How do I request access to Fiscal Panther and Grants Approval?
GL Mart Access, by default, also grants access to two budgetary management tools—Fiscal Panther (Tableau) and Grants Forecasting (Oracle Planning & Budgeting Cloud Solution or Oracle PBCS)— which are now available for grants administrators, financial approvers, department administrators, and responsibility center business managers.
As a Data Steward or other Approver, can I approve a portion of a request and deny another part?
No, to remain compliant with audits, requests cannot be partially approved and processed. If any portion of the request is not appropriate, you must reject the request. Please include comments to the Requestor on what to change in the new request, so that the new request can be fully approved.
What steps can I take if I wish to resolve a request that was not approved?
You can submit a new request making sure that you address the specific reason(s) for its rejection.
If my request is not approved at any stage of the approval process, will I be contacted?
Yes, you will receive an email with information about why the request was not approved.
Are there situations in which the use of adding additional documentation to an approval request is necessary?
Yes, additional documentation, including the use of comments and notes, is needed if an approval request for information is made outside the Requestee's own RC.
Both All-Temps approval requests and Financial Data approval requests outside of your area fall under this category.
As an All-Temps employee, how is my Federated Authorization access request routed?
All Temps falls under RC 89 – Human Resources, so all Federated Authorization requests will be routed through the Security Contact(s) for RC 89. However, prior to officially submitting the request, the supervisor of an All Temps employee or the Security Contact of the department where the All Temps staff is assigned should discuss the access request details with the Security Contact for RC 89.
As a Security Contact, will I still receive a request to authorize a request that I have submitted?
Yes, the workflow determines that Security Contacts must authorize/digitally sign all requests in that portion of the workflow, even if you are the original requestor of the form.
I need to remove access from someone, and I got an error that reads “5. Create Approval_Request__c - Issue with the requestee data. Please contact support.” How can I proceed?
This error indicates that the requestee username is not a primary account. If you need to remove access for the account, submit a request through the Help Desk to have the account removed manually outside of the Federated Authorization Request Form.
I need to request access for someone, and I got an error that reads “5. Create Approval_Request__c - Issue with the requestee data. Please contact support.” How can I proceed?
This error indicates that the requestee username is not a primary account. If the account was recently converted to primary, you may need to wait up to 48 hours for the permissions to matriculate into the Federated Authorization Community.
Sponsored accounts generally will not have access to privileged data through the Federated Authorization process. If you believe that the requested account is a service account that is an exemption and entitled to data protected by the Federated Authorization process, please enter your own username as the requestee. In the Request Details and Justification section, list the name of the sponsored account and the owner of the account. Include any additional information that will be important to the approvers.
What tasks can a Responsibility Center Administrator (RC Admin) perform?
Responsibility Center Administrators can perform the following tasks:
- Add additional email addresses (called email aliases) to individual accounts and groups
- Create and modify Exchange resources (used to schedule rooms, equipment, and services)
- Restrict who can send email to a group
- Require authentication to be able to send email to a group
- Convert groups between “mail-enabled” and “not mail-enabled”
- Show or hide groups within the Global Address List
- Grant “full access” or “send-as” rights to Resource Account mailboxes
- Set a customized out-of-office message for a user in your responsibility center who is no longer with the University
Where can I learn additional information about RC Admins?
You can learn more here.
Who are the Financial Data Stewards?
Where can I find the list of Approvers for my Request?
- The Financial Data Approvers list is here.
- The Responsibility Center Administrators (RC Admin) list is here.
- The Security Contacts list is here.
- The Financial Data Stewards list is here.
- The Employee Mart Responsibility Center Authorized Approvers (RC HR Approvers) is here>.
How do I find a username?
To find usernames:
- Contact your RC Administrator or your department's IT Contact.
- Use Find Pitt to look up the email address of the user. Unless the person is using an alias, the username will appear before the @ symbol (for example jdoe if the email address is jdoe@pitt.edu). If the user is using an alias, it will be different from the username—aliases will be greater than eight characters or it will contain a period (.), dash (-) or underscore (_) and be greater than 4 characters.
Note: Requests to clone user access must include the username of the requestee. For PeopleSoft, only row level access can be cloned. Roles must be selected in the form, or outlined in the Request Details and Justification section if the roles are not selectable on the form.
Are there steps I can take if I need to make specific Federated Authorization access requests to specific departments, rather than an entire school?
Yes. When you submit your request, list any relevant details or specifications, including department or other row-level access.
May I submit a request to clone or duplicate the access of a user who has restricted roles or permissions?
All roles and permissions must be individually selected. All restricted roles and permissions must be justified to ensure proper routing through the Data Stewards. For PeopleSoft, to lookup the roles of an existing user, follow the instructions here: http://pi.tt/SISUserRole. By default, this lookup feature is restricted to Responsibility Center Security Contacts. To request access to this information, a user should contact their Responsibility Center Security Contact.
Are there steps I need to take if I need access to restricted data that is not part of my Responsibility Center (RC)?
Yes, use the following guidelines:
- Notify the RC Admin for your location. They should contact the appropriate RC approver in the area where the data resides.
- If you need access to restricted data, Data Stewards approval is part of the request workflow.