About User Roles
User roles control the UCPath online screens you see, the information you can access, and the types of actions you can take. Because UCPath includes personal data, additional security has been implemented to keep your information safe and to protect against unauthorized access or changes to your information. These measures include the use of Duo multi-factor authentication, and security questions and answers.
Employee and Manager Access
Campus Roles for Funding Entry and Salary Cost Transfers
The following roles have been established in UCPath for campus departments to perform Funding Entry and Salary Cost Transfer functions. These roles do not apply to UCSF Health departments; UCSF Health departments will continue to include funding source chartstrings in PeopleConnect Management Action forms and will submit PeopleConnect Salary Cost Transfer Management Action Forms. UCSF Health Human Resources will enter the corresponding information into UCPath.
Campus Department Role | Responsibilities | Role Provisioning |
---|---|---|
Funding Entry Initiator |
|
|
Funding Entry Approver |
|
|
Salary Cost Transfer Initiator |
|
|
Salary Cost Transfer Approver |
|
|
Security Restrictions and Other Considerations for Funding Entry and Salary Cost Transfer Roles
For each of the campus Initiator and Approver roles, at least one person should be identified for each department within your organization. It is recommended that you identify a minimum of two users for each role to ensure adequate coverage of all tasks.
As you identify who should perform which roles in your department, note the following security restrictions:
- Row-level security controls whose data you can access, based on the department where each position is located.
- Generally, users with an Initiator role will be granted “open access” to initiate a funding entry update or salary cost transfer for any position across all position departments.
- When assigning users to an Approver role, you will be required to indicate one or more departments (by Dept ID) for which the user is authorized to approve. Granting Approver access to a department will grant the user access to all “child” Dept IDs under the department on the Dept ID tree .
- When granting the same user access to multiple roles in UCPath, only one row-level security can be assigned. The same row-level security restriction will be assigned across all roles.
For example, assigning Jane Smith the role of Funding Entry Initiator with open access and the role of Salary Cost Transfer Approver restricted to positions within Dept ID 408040 will result in the following:
- Jane can approve Salary Cost Transfers for all positions in Dept ID 408040 and positions in any child departments
- Jane can initiate Funding Entry transactions only for positions in Dept ID 408040 (and positions in any child departments)
- A user may be assigned both the Initiator and Approver role for the same function (e.g., both the Funding Entry Initiator and Funding Entry Approver role). However, UCPath will restrict an Approver from self-approving any transaction they initiated.
- In addition to the Salary Cost Transfer Approver role at the department level, high risk transfers will be flagged for exceptional review and routed automatically to Contracts & Grants Accounting.
- While there are no limits to the number of users you may assign, note that when a transaction has been submitted by an Initiator, notification will be sent by email to all Approvers authorized to approve transactions for positions within that department. Only one Approver is required to approve the transaction. Departments should develop local business processes to ensure that approval queues for pending transactions are monitored and timely action is taken.
Common Questions
How can I find my department Access Administrator?
Use the Department Functional Role Search on the Controller's Office website. You can search by Department ID or Name.
I do not have enough employees in my Department to cover all the roles, what should I do?
We recommend you discuss your situation with your Control Point leadership. In some cases, it may make sense to “partner” with other departments to cover all functions. In other cases, certain roles may be assigned at a “parent” Dept ID level to ensure role coverage across a group of departments.
How were users identified to fill these roles at UCPath go-live?
Control Point Financial Officers led the effort to identify Funding Entry and Salary Cost Transfer Initiators and Approvers for campus departments within their Control Point. Workbooks were used for role analysis and identification. These workbooks were distributed in January and were due back by March 2, 2020. The identified employees were notified on April 2 and assigned training in the UCLearning Center.
How do I make a change for an employee that I identified for an Initiator or Approver role at go-live?
Have your Department Access Administrator submit the change using the Access Management Application.
How will I request new users or role changes for existing users after go-live?
Department Access Administrators will use the Access Management Application to submit access requests for UCPath after go-live. Managers will need to contact their Department Access Administrator (or follow local business processes) to initiate an access request.
Is training required for all roles?
Yes. Training is required for any campus department user who will initiate or approve Funding Entry or Salary Cost Transfer transactions in UCPath. Department Access Administrators and Control Point Financial Officers are responsible for ensuring that users have completed their required training before allowing access to UCPath to enter or approve funding entry or salary cost transfer transactions.
Where can I look up who has been assigned a Funding Entry or Salary Cost Transfer role for my department?
You can use the Department Functional Role Search on the Controller’s Office website to review role assignments.
Can an Initiator direct a transaction to a specific Approver for action?
No. Unlike PeopleSoft Financials, where Journal Preparers and Journal Approvers are assigned in pairs, transactions submitted for approval by Funding Entry Initiators and Salary Cost Transfer Initiators are routed to all Approvers who are authorized to approve transactions for positions within the department.
Funding Entry Approvers and Salary Cost Transfer Approvers can add an additional “ad hoc” approver to route a transaction for additional approval prior to committing the transaction. However, in order to be assigned a transaction for ad hoc approval, the user must already be assigned the Approver role and must have row-level security for the department in which the position resides.
Is there a reviewer feature or the ability to send an “FYI” notification to someone?
Funding Entry Approvers and Salary Cost Transfer Approvers can add one or more reviewers during the approval process. However, reviewers must already be assigned the Approver role and must have row-level security for the position department. No action is required (or permitted) by the reviewer.