SSO role assignments to the web applications take place on this page.
Establishing Manager roles is a result of an employee being identified as a manager for another employee(s). This structure is managed on the Employee’s Managers page for each employee that reports to that manager.
There are two general levels of role assignment:
- Departmental or ADLOC Roles – Assigned by Application Central Admins
- Central Admin or Workstation Roles – Assigned by the Business Computing Services (BCS) Department
Granting Central Admin Roles
To have a Central Admin role granted to an employee, the SSO Statement of Responsibility form must be completed and submitted to the BCS Department. The workstation(s) listed on the form identify which employees may be accessed based on the workstation that is stored in BPP for each employee. For example, SSO Central Admin for workstation “S” will allow the admin to manage all employees who have “S” listed in BPP (Screen 101) as their primary workstation.
Granting Departmental Roles
To be able to assign any Department Role, the employee must first have the SSO Central Admin role in order to access this page. Again, the workstation associated with this role(s) will determine which employees the Admin may manage.
Secondly, the employee must have the application’s Central Admin role in order to grant departmental roles for that application. The workstation associated with these roles will determine which ADLOCs the Admin may grant access to.
Most of the time, the workstation the employee belongs to is also the workstation in which they are working or need access. When this is not the case (for example often in the Colleges of Ag and Engineering at A&M), the SSO Central Admin for the employee likely doesn’t have the Application Central Admin for the workstation the employee needs to access or vice versa. If this occurs, contact the BCS Department to grant the cross-workstation roles.
Click the “Add Role” link to grant a new role. When an application and role have been chosen, the page will request additional information needed based on the role being added. Look at the two examples below, one needs information on resetting passwords where the second needs information about read/update rights.
The “Access Type” option will only appear when the application for the role being added implements read vs. update views.