Contact: Teresa B. Thomas

The purpose of this document is to define the key activities required for implementing security in the Development, Test and Productions instances of the Student Information System.

The following activities are associated with the Development (DVLPMNT) data base instance:

1. Request the four logon ids that are to be assigned to each college to support SIS setup activities.  These logons will have access to all panels except security and the developers.
2. Request logon ids, if required, for testing web access.  Provide all the customer information for the records selected.  The information must include the customer’s emplid and their status  (student, instructor, and/or advisor). 
3. Request logon ids, if required, for testing IVR access.  Provide all the customer information for the records selected.  The information must include the customer’s emplid and their status  (student, instructor, and/or advisor). 

The following activities are associated with the Test (TEST) data base instance:

1. Request the four logon ids that are to be assigned to each college to support SIS setup activities.  These logons will have access to all panels except security and the developers.
2. Review the existing SIS security classes to determine which classes may be applicable for the college.  This work should be performed by someone at the college familiar with the roles/responsibilities for each individual requiring SIS security access.
3. If new classes are required, prepare the SIS Security Class form.  This work should be performed by someone at the college familiar with the roles/responsibilities for each individual requiring SIS security access. All new classes will be created in the TEST and PROD database and be made available for use by all colleges.
4. Prepare the SIS Model Operator Id forms.   This work should be performed by someone at the college familiar with the roles/responsibilities for each individual requiring SIS security access.
5. Submit all requests for model operator ids and security classes to the VCCS Information Security Officer.  The model operator id forms cannot be processed by the VCCS Information Security Officer until migration into TEST is complete (all the migration steps are finished for the TEST database).
6. Identify those individuals that will require access to the Directory Manager (DM) and send a request to the Utility Help Desk.  In this request, specify the emplid and name of the people to be Directory Manager Administrator.  This request will be forwarded to the VCCS Information Security Officer.
7. Once notified that the Directory Manager Administrator access has been granted, use the CAAM (Customer Account Administrator Manager) to create the customer id and pin number.  This customer id and pin number should be used to access the Directory Manager.
8. Test the functions and services provided by the Directory Services using both the Directory Manager (DM) and the Customer Account Administration Manager (CAAM).  
9. Testing can be done by logging into SIS as the various types of customers at your college.   Before you can test the DM and CAAM, the customer emplids must be in the Directory.  Below is details on how emplids get from the SIS database into the Directory.

Getting records into the Directory 

• Student records from the legacy SIS get added into the Directory from the step in the Migration Cookbook to notify the Utility to run the Directory Services Flag.  In this step, provide a 'start' and 'end' term which cannot be more than 3 years older than current term.  Whatever terms supplied, when students are term activated for that term, their emplids get pushed into the Directory.  Students must  also have the required fields of name and birthdate in their Bio/Demo records.
• Instructor/advisor records from the legacy SIS get added into the Directory from the migration step to load (run) Instructors/Advisors.  All instructors/advisors who are active in the SIS instructor_advisor table are added to the Directory.  Instructors/Advisors must also have the required fields of name and birthdate in their Bio/Demo records.
• If employees (staff) did not meet the criteria of students/instructors/advisors above, then determine whether the employee has a record in SIS Bio/Demo.  If they do not have a record in Bio/Demo, then add the employee to SIS making sure to include name and birthdate.  If they already have a record in Bio/Demo and it did not get added to the Directory, submit an incident report to the Utility Help Desk for the emplid to be added from SIS into the Directory.  This incident should be forwarded to the Utility.  The employee (staff) must have the required fields of name and birthdate to be in the Directory.

NOTE:  Any records added to SIS Bio/Demo are automatically inserted into the Directory.

Students/Instructors/Advisors Getting a SIS Logon id and pin number automatically (emplids must be in Directory)

• Student records from the legacy SIS get a SIS logon id automatically from the from the step in the Migration Cookbook to send a notice to the Utility Help Desk and copy the VCCS Information Security Officer that the college is ready to run/load Instructor/Advisor data.  The VCCS Information Security Officer will contact you to obtain your college enrollment security as well as a term value to automatically give your students a SIS logon id.  Whatever term value you supply, when the students are term activated for that term and any term greater, they will automatically get a default SIS logon id and pin number.   
• Students enrolling for future terms get a SIS logon id automatically when they are term activated for any term greater than the term supplied above.
• The default student model operator id is the one letter college code followed by 'WEB'.

NOTE:  If  a student is term activated from the above step, but is not in the Directory, this process will insert the emplid into the Directory prior to creating the SIS logon id.

• Instructors/advisors get a SIS logon id automatically from the migration step to load (run) Instructors/Advisors.  If for some reason the emplid is not in the Directory already, then this process will push them into the Directory automatically before giving them the SIS logon id.
• Instructors/advisors who become "active" in the future,  get a SIS logon id automatically when they are active in the SIS instructor_advisor table.
• The default instructor/advisor model operator id is the one letter college code followed by 'WEB'.

Employees (Staff) Getting a SIS logon id:

• Employees (staff) are not given a SIS logon id automatically unless they meet the criteria of being a student and/or instructor/advisor from above.
• If the employee does'nt have a SIS logon id already (created from being a student, instructor and/or advisor), then use the Directory Manager (DM) to authorize the emplid to have access to SIS.  Be sure to supply the correct model operator id. All college model operator ids created from the SIS model operator id form also have access to the web.
• If the employee already has a SIS logon id, then use the DM to change their default model operator id to a new model operator id that matches their job function. 

10. Submit all changes to the model operator ids or security classes to the VCCS Information Security Officer.
11. Notify the VCCS Security Officer when all testing is completed and the model operator ids validated.  The model operator ids will then be created in the PROD database.

The following activities are associated with the Production (PROD) data base instance:

1. Request the four logon ids that are to be assigned to each college to support SIS setup activities.  These logons will have access to all panels except security and the developers.
2. Review and confirm that all model operator ids validated in TEST are correct in PROD.
3. Submit all requests for any new model operator ids and security classes to the VCCS Information Security Officer.  Any new classes and/or model operator ids will be created in TEST and PROD.
4. Identify those individuals that will require access to the Directory Manager (DM) and notify the Utility Help Desk.  In this request, specify the emplid and name of the person to be Directory Manager Administrator.  This request will be forwarded to the VCCS Information Security Officer.
5. Once notified that the Directory Manager Administrator access has been granted, use the CAAM (Customer Account Administrator Manager) to create the customer id and pin number.  This customer id and pin number should be used to enter the Directory Manager.
6. Validate the functions and services provided by the Directory Services using both the Directory Manager (DM) and the Customer Account Administration Manager (CAAM).
7. All emplids get inserted from SIS into the Directory as stated above for the TEST database and all students/instructors/advisors/employees obtain their SIS logon ids as stated above for the TEST database.
8. Submit all changes to the model operator ids or security classes to the VCCS Information Security Officer.  Please note that any changes at this stage will be made to both PROD and TEST.