NWEUG

2017

Session Rules of Etiquette

Please turn off or silence your cell phone

If you must leave the session early, please do so discreetly as

possible

Please avoid side conversations during the session

NWEUG

2017

A bit about Lewis & Clark

• Kathy Tymoczko, Senior Developer/Analyst

• Lewis and Clark College, Portland, Oregon

• College of Arts and Sciences - ~2000 undergraduates, 166 faculty, 29 majors

• Graduate School of Education and Counseling - graduate degrees, certificates,

licensure and endorsement preparation, and continuing education

• Law School – JD and LLM programs, ~600 students

• Using Colleague since 1986, ST and CF, but no longer HR

• Customization – probably too much, ~130 screens (some of these are WebAdvisor)

• Colleague users - ~210

NWEUG

2017

Introduction

Thanks to Jean Ryan at Luther College who did a session like

this at Ellucian Live 2017

How long has it been since you took the Colleague

Administrator training?

What’s new in Colleague administration?

What do you need to do to keep your Colleague system

humming?

NWEUG

2017

System Maintenance

• Locking out users

• Clearing inactive Colleague sessions

• Software updates

• System security

• Cloning environments

• Changing “datatel” password

• Purging files

NWEUG

2017

Locking users out of Colleague

• Use UIEC (Environment Connection Management) to prevent most

users from using Colleague

• Environment-specific – you can lock users out of your production

environment but still leave the test environment available

• User with UI_NO_LIMITS security class on their OPERS record will

still have access. Be sure you have at least one of these.

NWEUG

2017

Locking users out of Colleague - UIEC

NWEUG

2017

Locking users out of Colleague –

UI_NO_LIMITS

• User with UI_NO_LIMITS security class on their OPERS record will

still have access. Be sure you have at least one of these.

• Your “datatel” or “colleague” user should have this

• Your admin users in IT should probably have this

NWEUG

2017

Locking users out of Colleague – UI_NO_LIMITS

NWEUG

2017

Locking users out of other Colleague-

related systems

• WebAdvisor – you can stop the DMI listener if it has a separate

one or stop the WebAdvisor service (Tomcat, IIS)

• Colleague Studio – change password on CSPA, if necessary (we

don’t do this)

• Self Service

• Other systems such as eTranscripts, Touchnet, TMS, Perceptive

Content

NWEUG

2017

Clearing inactive Colleague sessions

• MUSI (Mark UI Session Inactive) – clear all operators or just one:

NWEUG

2017

Killing Colleague sessions

• Be very, very careful with this

• Why do this?

• For UniData on Unix, use “kill -9”

• For UniData on Windows, use Unidata Extensible

Administration Tool

NWEUG

2017

Software Updates – Issues to Consider

• Frequency of installation – biweekly, monthly, quarterly, on a random

basis?

• Scheduling downtime (for DMI updates especially, since stopping listeners

will kick out users)

• User testing/sign-off before installing in LIVE environment

• Notifying users

• Installing updates out of sequence

• Managing update groups (MSUG, SUGS)

• Cleaning up an environment if installation fails (AEPR)

NWEUG

2017

Software Updates - Types

• Envision (Colleague) updates

• DMI updates

• Installers

• Download all of these with SAValet

NWEUG

2017

Envision Updates and Installer Packages

NWEUG

2017

DMI Updates

• Install in each environment separately

• Stops all listeners (kicks out users)

• Use SAValet to install

NWEUG

2017

DMI Updates – install using SAValet

• Choose which updates you want to install

• Must install in chronological order

• Pay attention to pre- and post-installs if any

NWEUG

2017

Colleague Updates Custom Impact

• For each group of updates, on MSUG, run the “custom impact”

report

• Review any items shown on custom impact report and make

needed changes

• Review any other custom items for necessary changes

• Keep track!

NWEUG

2017

Researching Software Updates - SUSE

NWEUG

2017

Researching Software Updates – SUSE, etc.

• Detail from SOUP to SOUI, SUSI, SUII, SUGI, and down the rabbit hole

NWEUG

2017

Researching installed items - RPIF

• Use RPIF (Release Package Item Finder) for information about a specific

screen, process, data element

NWEUG

2017

Researching installed items – RPIF, RPIO

• Detail from RPIF to see detailed information about the item

NWEUG

2017

Reporting on Software Update - SUPR

• Use SUPR (Software Update Reporting) for detailed reports about

software updates

NWEUG

2017

Software Updates at Lewis & Clark

• Month 1 – download and install all Envision/Colleague updates from the

previous month in DEV environment, create a Google sheet with

information about the updates, IT to review for custom impact, needed

testing, etc.

• Month 2 – install group in TEST environment and notify end users so they

can test

• Month 3 – install group in LIVE environment and notify end users

• This is a “rolling” process, with all three of the above tasks done each

month (on a different group)

• Exceptions – year end regulatory updates and FA updates, follow same

procedure but accelerated

NWEUG

2017

Cloning Environments

• Why clone?

• How often to clone – monthly, quarterly, semi-annually, on demand?

• Clone procedure is documented in “Colleague by Ellucian Installation

Procedures”

• We have a step-by-step document with screen shots

NWEUG

2017

Steps in Clone Process

• Make a note of which software update groups have NOT been installed in the

environment which will be replaced by the new clone

• Remove application environment (and database for SQL)

• Copy apphome directory (and database for SQL)

• Run the clone wizard in SAValet

• Add authentication providers (LDAP, Registry) in SAValet

• Run BECU in the new Colleague environment

• Make necessary changes on any Colleague parameter screens (e.g. PID5, UIWP,

servlets and hyperlinks, UWPR, UIPM, WSPD, maybe others)

• Reinstall all software update groups except those noted on the first step

• Test to make sure things are working

NWEUG

2017

What to do if clone fails

• Start over and try again?

• Search in Ellucian Support Center

• Open a case with Ellucian Support Center

• No idea why it fails

• Main thing that fails for us is listeners not starting in new environment

NWEUG

2017

Changing “datatel” password

• Why do this? IT admin leaving, disgruntled former employee with lots of access,

good practice to do it on a regular basis?

• Document 5039: How to change the admin (ellucianadmin or datatel) password

• It’s a multi-step process and fraught with peril

NWEUG

2017

Purging System Files

• appl.PPROCESS files – use UTJR to produce a report, UTJP to purge

• UILP – User Interface Log Purge (view these files on UILR)

• UAPU – User Activity Purge (run USRA User Activity Report first?)

• _HOLD_, _PH_, SAVEDLISTS

• EDX files

EDEP – EDX Errors Purge

ELGP – EDX Log Purge

EDSP – EDX Status Purge

• ELF batch purge: EBPG for more than one batch, EPRG for one batch

• VOC file? – items with names like RUN…

NWEUG

2017

Colleague Security

• Security classes – role or process based, naming convention

• Security for detail forms

• Field-level security

• Directory security

• Record-level security

• Duplicating users and security classes

• Reporting on security

NWEUG

2017

Colleague Security Classes

• Naming conventions

If application is part of name, easier to deal with on SOD (e.g.

UT.UTMIN, ST.CASHIER) • Mnemonics should be in security classes in the application

e.g. NAE, BIO should be in CORE security class, not in ST, CF, or HR

If NAE is only in a user’s ST class, then must type CORE-NAE to access it

• For mnemonics in “all” applications (e.g. VAL), put them in a UT class and add to

the ADFS (Appl Dependent Form Setup) so that user will be prompted for the

application

• Document 114.16: Troubleshooting Security: Error Messages

NWEUG

2017

Role-based vs. Process-based security classes

• Role-based – all mnemonics for a user’s job in one class (e.g.

registrar, cashier)

• Process-based – set of mnemonics for a particular function (e.g.

process cash receipts, create vouchers and purchase orders)

• We have a mix of these

• Needs thought and testing

• Needs regular review

NWEUG

2017

Security for detail forms

• Access to a form allows the same access (maintenance, inquiry) to any

form that can be detailed to

• You have to use “never do” to exclude detail forms

• Lots of work to better manage detail forms

• Run PSCS for a form to find all the security classes that reference it

and all the forms that detail to it

• Watch for software updates that change or add detail screens

NWEUG

2017

Field Level Security

• Secure fields with sensitive data (e.g. SSN, birth date, GPA)

• Security levels (deny access, inquiry-only, modify data, privileged)

• Define on SCDF (detail from SCD)

NWEUG

2017

Directory Security

• Allow users to view contents of a directory (e.g. FINANCIAL.IMPORTS,

PAYROLL.EXPORTS, others)

• Define on SCDA (detail from SCD) (we’ve never used this)

• Allows access to one or more directories from forms such as FLUL,

FLDL, TCBE

• Use UTFA (BROWSE File Authorization) to control which directories

can be seen on UTFB

NWEUG

2017

Record Level Security

• Allows you to control which records individual users can access

• RSUC – Record Security User Characteristics

• UTMR – Record Security Specifications

• Envision Runtime Administration manual

• Possibly useful documents in the Ellucian Support Center

71.762: Record Level Security Setup Example

125.1328: HR: Record Level Security – Steps to setup

107.19: RSUC/UTMR: Record security for PO/REQ

210.433: Security for dept heads to see only their students

530.48: DSQL/ESQL: How to Limit Access to Queries

NWEUG

2017

Duplicating users and security classes

• Not recommended, but you can copy UT.OPERS and appl.SECLASS records

• If you copy a UT.OPERS record, be sure STAFF record on SVM has correct

operator ID and SOD has correct Org Entity ID

• If you copy appl.SECLASS records, be sure to run BSEC to update pointers in

appl.PRCS.CTL

NWEUG

2017

Reporting on Security

• SCOR – Operator Security Report

• SCPR – Process Security Report

• PSCS – Process Security Report

• The above delivered reports are helpful, but don’t report everything

• Lots of change requests on Ellucian Support Center requesting better security

reporting – follow these

• Do your own reporting with your favorite reporting tool

NWEUG

2017

Transaction Auditing

• Field-level transaction logging

• Full file transaction logging

• How to Envisionize the transaction log files

NWEUG

2017

Field transaction Logging

• DHST (Define Field History) – logs changes to specific fields in a file

• Changes are stored in files called filename.HIST and filename.HIST.LOG (e.g.

PERSON.HIST and PERSON.HIST.LOG

• Ellucian Support Center document 2971: Tracking Field History in Colleague

NWEUG

2017

Full File Transaction Logging

• UTML (Transaction Log Specification) – turns logging on or off for entire file

• Creates a file called TX_filename (e.g TX_PERSON)

• UTXL – report on transactions

• UTTP – purge data when file gets too big

• Ellucian Support Center document 1249: UTML: Transaction logging to track a

file’s activity

NWEUG

2017

How to Envisionize the transaction log files

• Because files are named for each file for which logging is turned on, you can’t

access them in Envision programs

• Document 3778: Envisioning .HIST and .HIST.LOG files

• Document 9218: Accessing HIST files from Envision

• Change request 11893.41 UTML transaction logging should be Envisionized

NWEUG

2017

Questions & Answers

NWEUG

2017

Thank you!

Kathy Tymoczko

kathyt@lclark.edu