In early spring 2022, a group led by Mechelle Clayton, Interim AVC of Enterprise Applications, met to discuss ways to simplify the access request process. They started by asking for feedback from campus users, central offices, ARCs, and others so they could understand the pain points and used that feedback to identify requirements and set priorities for changes to the current process and tools. Some of the pain points raised are:
Security Roles: There are too many security roles, and descriptions are unclear. Combine roles into groups for easier selection and maintenance.
Manual Processes: Current processes are manual. Paper forms and keying data into the system is time-consuming and often lead to errors and missing or conflicting information. Automating the assignment of security access for new employees, employee terminations, and employee transfers into new positions would speed up the processes and result in cleaner role assignments.
Documentation and Training: There is confusion about how to sign up for training and where to find help documentation.
Navigation and Tracking: Access Resource Coordinators (ARCs)across Finance, HR/Payroll, Student Administration, and departments use different approaches for managing access requests. It’s difficult to track when an employee has completed the mandatory training, and it isn’t easy for a manager or employee to review an employee’s access.
Auditing: We run security audits every 6 months. This process is highly manual, difficult to navigate, and very time consuming. Automating the auditing process would allow for more timely auditing and easier online functionality for reviewers.
What’s an ARC? Access Request Coordinators (ARCs) are people who process requests for access to ConnectCarolina, InfoPorte and some companion systems such as TIM or LawLogix. They help keep those systems and information secure and ensure that faculty and staff have the access they need to do their jobs, but not more access than they need. In most cases, the ARC also serves in the role of InfoPorte Administrator and processes access requests to HR/Payroll and Finance reports, TarHeel Reports and specific Business Unit or All Department access. List of ARCs and InfoPorte Administrators
Accessing Information
What type of information do you see in ConnectCarolina? The answer depends, in part, on your role at the University. You may only see information about you, like your paycheck and benefits information. If you are an HR representative, though, you may need access to other employees’ information; if you’re an accountant, you may need access to finance data and reporting tools; if you are a student administrator you may need access to students’ records; and students need to register for classes and check their financial aid.
Employees and students need access to ConnectCarolina, but no one person needs access to all the information there. Currently there are hundreds of identified security roles. The roles determine what information you can view or change and what options you can use to work with that information. For example, you might be able to see reports that show University-wide information, but not have any options in the system to change the information. You might have options to enter an employee action for the School of Education, but not for another school or division. One employee, depending on their job, may have 5-10 security roles, each providing access to specific types of information and system options.
The Current ConnectCarolina Access Request Process
The access request process provides answers to the questions, “Are you who you say you are?” and “Do you need access to the information and system options you are requesting? There are multiple steps, people and departments involved in requesting and granting access, and the steps vary across different ConnectCarolina pillars and departments. Several of the steps are manual including downloading the Access Request Form PDF, getting it signed and manually keying in information.
- Completing a training class does not automatically trigger access to ConnectCarolina — multiple people still need to act, one after the other.
- This process can take days or, depending on the complexity of the request, weeks for access requests to complete.
- Paper forms that require signatures, manual data entry, and approvals involving several people can lead to delays, errors and confusion for the person trying to get system access.
Short Term Fixes and Future State
Reengineering the access request process means looking for centralized system tools, automating steps, and creating documentation to make it easier for employees and departments to figure out what access they need and how to get it. The group plans to take a phased approach to implementing changes and Phase I work will focus on the following tasks:
- Review the security roles in ConnectCarolina Student Administration, group where appropriate, clean up unused roles, and adjust the paper form and ARC system to match. Work on the HR/Payroll and Finance security roles will happen in future phases.
- Update the InfoPorte data entry system:
- Adjust validation and display messages so it’s easier to see when an employee has a department assigned and can request access.
- Remove the “Data Level Access” section.
- Update the order of the roles to match the order they’re in on the PDF form.
- Improve Audit reporting and process.
- Add the ability to request some specialized Finance roles from the Finance PDF form and data entry system.
- Update the ARC and other access training materials and make it easier to find them.
Future phases will continue to address the following long term goals:
- Eliminating paper forms
- Streamlining and standardizing the process where possible, including security auditing
- Building in automation where possible
- Building flexible workflow so that an individual department can customize the approval steps needed
- Creating documentation to support the process
- Being flexible and scalable enough to accommodate security requests for applications outside of ConnectCarolina.
Check future ConnectCarolina newsletters for updates to this story. If you have questions, want to provide feedback, or be involved in testing, please contact:
Project Manager: Gina Fogelsonger
Email: gina_fogelsonger@unc.edu