This policy ensures that university employees and offices understand the rules that affect the creation, use and termination of a Banner Admin, formerly known as Internet Native Banner (INB), account and abide by the policy on appropriate usage of Banner Admin, FERPA regulations and WM policy on confidentiality of data. Objectives of this standard and its dissemination include:
- awareness of how Banner Admin accounts are created and terminated;
- services included with an Banner Admin account;
- and responsibilities of the Banner Admin account holder.
Banner Admin Account Definition
An Banner Admin account allows access to the Elucian HE enterprise systems of the College. Specifically, the Banner Admin PROD instance. Access to Banner Self Service is granted based on a user’s role in the WM Account for Student or Employee Self Service. Users who need access to Finance Self Service must submit a request to the IT Security Administrator for Banner. All Banner Admin accounts use the WMuserid and a secret Banner Admin Password.
Banner Admin Password
The initial Banner Admin password issued is created by the IT Security Administrator and is set to expire upon the first login. Users must change their password to a unique password following specific rules:
- must be between 6 and 15 change characters long;
- must include at least one letter and one numerical digit;
- may NOT include special characters except the underscore (“_”);
- may NOT include the user’s WMuserid or any of the simple words that Oracle recognizes; and
- cannot be reused for 10 changes.
Passwords must be changed every 90 days. Users are given a grace period of 8 days to change the password before the password expires. Users may log into Banner Admin with an expired password but must change it immediately before proceeding further into the system. Users who attempt to login to Banner Admin with an incorrect password receive an error message. After three unsuccessful attempts, the user’s account will be locked. The user must contact the Technology Support Center to have the password reset and account unlocked.
Banner Admin Account Creation
FACULTY AND STAFF
Departments may request an Banner Admin account for faculty and staff via the Banner Access Request form on Request IT. Faculty and staff must also read and sign the Banner Confidentiality Agreement and complete required awareness training before an account or access is granted. The request must be approved by the Department Head or designee and sent to the IT Security Administrator (if the request is for Finance access and limited to grant budgets, then the Office of Grants and Research Administration (WM) or the Office of Sponsored Programs (VIMS) may approve the request). Upon receipt of the request,
- the IT Security Administrator reviews the requested access and seeks clarification as needed. Requests and clarifications are stored for audit purposes.
- The IT Security Administrator forwards the request to the appropriate data stewards for approval based on the access requested.
- Data stewards email the IT Security Administrator their approval for access for the requestee.
- The IT Security Administrator contacts the requestee upon access approval with instructions on completing the required Banner Admin Navigation training in the Banner TEST instance.
- Requestee completes Banner Admin Navigation Online Training in Banner TEST and notifies the training instructor of completion. The training instructor reviews test scores and records completion date in the Training database. If completed with an 80% or higher, IT Security Administrator is contacted with the information on successful completion. If the scores are less than 80%, the training instructor notifies the requestee to retake.
- The IT Security Administrator contacts both the user and functional lead for additional functional training after successful completion of the Banner Admin Navigational training.
- Functional lead(s) conducts training with the Requestee and emails the IT Security Administrator when training is completed.
- The IT Security Administrator notifies the user of access to Banner PROD account after all training has been completed and communicated.
Students may also be granted access to Banner Admin; however, access is governed by the preceding steps, must be work-related access and is generally more restrictive, i.e., query only. These requests must contain an expiration date. In addition, approval for undergraduate student workers must be obtained from the Director of Software Systems. The Director of Software Systems has the authority to supersede a Data Steward’s approval.
Student Banner Admin access is normally only allowed Monday thru Friday 8:00 a.m. thru 5:00 p.m. Exceptions to this policy can be requested.
Access to Banner Admin may also be granted to third party users. A third party may be a contractor, state auditor, etc. The same request and approval process is followed as described above. In addition, approval must be obtained from the Director of Software Systems. The Director of Software Systems has the authority to supersede a Data Steward’s approval. These requests are considered temporary and must contain an expiration date. Volunteers are NOT granted access to Banner Admin.
Banner Admin Account De-provisioning
De-provisioning allows an Banner Admin account to be "re-serviced" on security classes based on job role changes. The IT Security Administrator normally receives notification of department changes from the user’s current department. The new department sends a Banner request for revised access to the IT Security Administrator. The IT Security Administrator reviews the person’s total access. Data stewards must approve any new access and access related to the user’s old position is removed.
Banner Admin Account Termination
Banner Admin accounts are terminated upon the end of employment with WM. Because of the unique employment agreements between the College and some of its faculty, the process is not automated. The process begins with an employee giving notice of their intent to leave their job. Employee supervisors are responsible for notifying HR of the employee’s termination and provide a termination date. Employees that are planning to leave the College are required to submit a clearance form to IT that verifies the employee has no outstanding fees or other obligations to the College. At the beginning of each pay period, HR provides a list of terminations to the IT Security Administrator. The IT Security Administrator then terminates the accounts on the list. Additionally, the IT Security Administrator periodically runs a series of queries to identify people who have left employment at the College but were not included on the termination list from HR.
Banner Admin Account Extensions
Banner Admin accounts may be extended based on approval of the Director of Software Systems and Department Chair/Director.
Banner Admin Account Audits
Data stewards will be sent a report each year illustrating the security classes and forms within their responsibility along with the user accounts having access to them. Data stewards will be required to review the report and respond via email to the Director of Information Security and the IT Security Administrator with any changes to the security profiles and access rights. The IT Security Administrator will make the necessary changes in the Banner Security application. All correspondence will be saved as evidence of the audit and any changes made.