...
EAH users who need access to department data beyond the default access outlined above to perform their job must fill out a Request Form specifying the additional departmental access needed.
How to Request Access
Access forms to use are based on the type of access you need. You may need to submit more than one request:
- Running an EAH based report that has been built by your local report developer: ask your developer what Active Directory (AD) group your DSA should add you to in order to gain access to the report.
- Running HR/Payroll reports found at bah.ucsd.edu: fill out the UCPath Reports Access Request form to request:
- Access to HR/Payroll reports. Repeat for each group.
- DOPE and UCPath-Oracle Salary Reconciliation access.
- Additional departmental access.
- Building reports in Cognos or Tableau using EAH: complete the Employee Activity Hub Report Developer Access Request.
- EAH Report Developers can request additional departmental access via this form.
- Requesting access to employee data from additional departments: fill ou out the Employee Activity Hub Row Level Access Request.
- Developing data integration: read this page and follow the steps: https://collab.ucsd.edu/display/AH/How+to+Get+Activity+Hub+Data. You will also need to fill out the Employee Activity Hub Row Level Access Request in order to see departmental data.
Questions
What is the outcome of reports blended with EAH data?
If you use EAH data in your report, the type of join used in the report will drive what the consumer will see.
...
If your report uses a row-level secured view, the consumer will need to complete a Reports Access Request specifying which additional departmental access they need.
Where do I request access?
When was this security implemented?
November 16, 2020
What EAH views do not require row-level security?
The EAH Quick Start Guide summary page has a table with a column that indicates if the view has row-level security.
Will I be able to see people who are not 100% in my requested department?
EAH view without row-level security: Yes, you will see all people.
...
Note: In order to maintain one row per person for specific views, such as EAH-AbsenseDetail-View, only the primary position for the employee will be seen. It may appear that you are seeing employees outside of your department, but if you look at those employees in EAH-Workforce-View you will see your approved department listed as non-primary for those specific employees.
How will this impact the data integration processes?
It will not. The existing scenarios will remain the same.
- Scenario: I use Cognos / Tableau to preview the data that will be in my data integration. What will I see?
- If you are not a transactor or do not have a UCPath inquiry role, your reports – new or old - will not return data on July 20, 2020. You will need to request access to the data via the forms (links) so that you can see the data in Cognos/Tableau. We recommend that you request access to ITS only - access to all of UCSD is not necessary to test most UCPath scenarios. Please work with Continuity Planning to fill out the form in order to gain more than ITS access.
- Scenario: I have a data integration that is currently working.
- The current column groups are machine to machine using Nifi and therefore will continue to point at non-secured views and therefore your data integration will continue to see all of the rows. The assumptions is that your end application implements appropriate security.
- Scenario: Machine to machine using API.
- An API can use the generic AD account, but one of the parameters passed should be the AD account of the person physically using the application and this parameter will engage the security. When the API pulls data there needs to be a WHERE clause to identify the person physically using the application in order to engage the EAH security.
- Scenario: Machine to machine using Nifi.
- Nifi can use the generic account and target application is expected to set the appropriate security. Example: Batch Jobs
What is my EAH Access?
Run this report to see what departments you have access to in EAH and UCPath: EAH Security report.
...
- You have EAH Report Developer access if you are a member of EAH-Developers AD group.
- You have access to a group of HR/Payroll reports from bah.ucsd.edu if you are a member of an AD group that starts with EAH-Cognos
Do you have further questions about your data integration processes?
Email busintel@ucsd.edu.
Do you have further questions about the Employee Activity Hub security policy?
Email UCPathReports@ucsd.edu
...