Financial Aid Self-Service Web Snapshot

Security Enhancements

Todd Emo, Senior Programmer/Analyst - ITS

Jeurell Smith, Data Manager - SFS

May 24, 2016

Attendee Q & A

• Administrative areas represented?

• Currently using? / Would like to use?

– Financial Aid only?

– Others?

• Handling of Personal Identifiable Information

• Other security concerns?

Overview • Designed and developed by Western Governors University • Incorporated into Baseline through the Community Source Initiative

(Release 8.12) • Self-Service tool intended for Financial Aid Advisors and other

customer facing staff on an individual student basis • Security Model – Uses Web Tailor User Roles

– Financial Aid Staff • Allows a user to create custom Web Snapshot layouts and view

data for any defined Snapshot Pane for any ID entered – Financial Aid Snapshot Admin

• Allows a user to create custom Snapshot Panes, which are defined by entering an SQL query which is executed when a user views the Snapshot Pane on their Web Snapshot layout

Limitations

• All users with snapshot access can view all created views and all population selection sets.

• Reduced the amount of users we wanted due to the sensitivity of information displayed in the views.

• Only developed to be used by Financial Aid. • Security

– Financial Aid Staff • Can enter and view data associated with any ID in the system • No built-in security restricting user access to certain IDs

– Financial Aid Snapshot Admin • Can enter SQL that accesses any table in the database • Access needs to be carefully controlled by the institution • No limit on number of users with this access level • Potential for inconsistent content in layouts and panes

• No ID or Name Search capability • No security enforced on Population Selections

BASELINE SECURITY

OFFICES

ADMISSIONS

FINANCIAL AID

STUDENT ACCOUNTS

STUDENT WORKERS

VIEWS

STUDENT WORKER

STUDENT ACCOUNTS

ADMISSIONS

FINANCIAL AID

The Vision

Offices

ADMISSIONS

FINANCIAL AID

STUDENT ACCOUNTS

STUDENT WORKERS

Views

STUDENT WORKER

STUDENT ACCOUNTS

ADMISSIONS

FINANCIAL AID

Layout Information Differences Structure

• Various between needs of the offices and policies for viewing personal data

True Balance

Estimate Amt Due

Scholarships

PYMT Plan Est.

TGRP,PGRP,BGRP

Admissions NO YES YES YES YES

SFS YES YES YES YES YES

Work-Study Student

NO NO NO NO YES

Current Submitted Ideas • IDEA-12273-Add Role Level Security to Web Snapshot Layers

– Submitted: 4/3/12 Status: Open Promotion Points: 110 – The usage of the web snapshot product can be greatly increased by allowing the creation of role-based

security at the layer level. This additional layer of security would allow the expansion and use of Banner information in new ways, including the ability to create dashboards that could be accessed by other departments, management, etc.

• IDEA-25270-Web Snapshot - Ability to Share Layouts – Submitted: 12/6/13 Status: Open Promotion Points: 70 – We need the web snapshot to facilitate consistent and well informed customer service interactions. It is a

challenge to train staff to ensure that all with web snapshot access are looking at the same tool.

• IDEA-25271-Web Snapshot - Ability to Modify/Delete Layout Names – Submitted: 12/6/13 Status: Open Promotion Points: 50 – We want to use web snapshot functionality across campus, and need to ensure that the snapshots will

persist as our campus changes leadership, reorganizes, etc. The naming of the layout should not be so final.

• IDEA-25272-Web Snapshot - Update Pane List to Include Code – Submitted: 12/6/13 Status: Open Promotion Points: 20 – This will facilitate easier development of Snapshot Layouts for administrators and users alike.

Current Submitted Ideas • IDEA-25281-Enhancement to Web Snapshot

– Submitted: 12/9/13 Status: Open Promotion Points: 70 – Villanova University has modified the Financial Aid Web Snapshot process to include TERM both as

a selection and dynamic parameter. This is very helpful in creating panes. – Enables the Bursar's Office to develop panes that integrate bot AR and Financial Aid Data

• IDEA-27371-Web Snapshot - Student Accessible Version – Submitted: 4/8/14 Status: Open Promotion Points: 50 – To complement the idea of the Web Snapshot, please consider creating a student accessible

version of it via Self-Service that is tied directly to the student accessing it. – Make available on the main SSB menu on the Financial Aid tab for all students if functionality is

turned on (thinking of a check box on web processing tab) – When the student accesses their “Student Snapshot" it would be specific to their PIDM (i.e. No

searching for other students) – The idea is that we would create a snapshot view for staff to access that would mirror the "Student

Snapshot“ – This would help to normalize the conversation between students and customer service staff, and

lead staff and students through a more meaningful interaction, based on how the panes are organized and the data displayed...a visual one stop shop for both parties.

• IDEA-27867-Need Delete option for RORWSPA – Submitted: 5/1/14 Status: Open Promotion Points: 10 – Would like an option to Delete for the SQL code behind the FA Snapshot Panes.

Otterbein Enhancements • Primary Objective

– Address most critical needs based on “Top Promoted Ideas”

– IDEA-12273-Add Role Level Security to Web Snapshot Layers

– IDEA-25270-Web Snapshot - Ability to Share Layouts

– Security

– Layout Sharing/Distribution

– Consistent Layout Content

Current Releases / Environment *NOTE* Proxy Access is not currently utilized in SSB

Enhancement Summary

• Create General Person record for Financial Aid Web Snapshot Administrator with minimum information required to allow SSB access

• Granted the “Financial Aid Snapshot Administrator” User Role to the Financial Aid Web Snapshot Administrator

• Limited the number of users assigned the “Financial Aid Snapshot Administrator” User Role to 1.

• Created custom Web Tailor User Roles for “View Layout Only” purposes – Standardized naming convention (Limited to 30 characters)

• ‘OU_FA_SNAPSHOT_<Layout_Name/Administrative_Role>'

• Utilize custom Web Tailor User Roles instead of the baseline “Financial Aid Staff” User Role to allow access by non-Financial Aid personnel

• Created Snapshot Layouts using the Financial Aid Web Snapshot Administrator account – Standardized naming convention (Limited to 15 characters)

• ‘OU_FA_SNAPSHOT_’ (15 characters), RORWSUL_LAYOUT (30 characters) • ‘<Layout_Name/Administrative_Role>’

• Created Custom Local version of BANINST1.BWRKSNAP • Created Local Information Text for BWRKSNAP procedures

Web Tailor - User Roles

Web Tailor – Web Menus/Procedures

Web Tailor – Information Text

Security Role Options

Security Role Options

Web Tailor Page Access Auditing

Argos Report / SQL Query SELECT (SELECT f_format_name(spriden_pidm, 'LFMI') FROM spriden WHERE spriden_change_ind IS NULL AND spriden_id = twgraces_ssb_logon_id) "Name", twgraces_audit_time, twgraces_ssb_logon_id, twgraces_ssb_page, twgraces_ipaddr, twgraces_activity_date, twgraces_user_id FROM twgraces WHERE UPPER(twgraces_ssb_page) LIKE 'BWRKSNAP%' AND NVL(UPPER(:SSB_PAGE) || '%', '%') AND TRUNC(twgraces_audit_time) >= TRUNC(NVL(TO_DATE(:AUDIT_TIME_DATE, 'DD-MON-YYYY'), SYSDATE)) AND TWGRACES_SSB_LOGON_ID IN (:ID) ORDER BY twgraces_audit_time DESC;

Argos Report

Benefits

• More users • Multiple offices can access information outside of

Banner • Greater control of information accessed by varying

offices • Admissions can access while traveling • Custom views for specific job tasks • Current User Role assignments

– Student Financial Services Staff – 11 – Financial Aid Student Employees – 12 – Admissions - 22

Thank you!

Open Discussion

Contact Information

Jeurell Smith, Data Manager

jrsmith@otterbein.edu

Todd Emo, Senior Programmer/Analyst

temo@otterbein.edu