Banner Access Request

The purpose of this page is to explain how to create and maintain user account access in Banner. Banner Access requests are generated by an Access Request Form and are submitted to UTS via a Footprints ticket.

Who is Eligible?

Active Faculty or Staff

Signatures and Routing

All Banner access requests require approval from the applicant's supervisor as listed on the form. An exception can be made if a department director approves the form in place of the supervisor.

Forms also require Data Steward approval. The Data Steward can vary depending on the type of access requested. The Data Steward is also listed on the form.

• If the supervisor or data steward has not approved the form you may route the form to the supervisor or data steward and request the supervisor or data steward approve the form and route the form back to you.
  • The forms operate in such a way that they cannot be routed to uts@oakland.edu more than once because doing so would create a duplicate ticket.
• This is done by entering the email of the supervisor or data steward into the "Route To" field on the form and listing an accompanying message in the comments section. An appropriate message would be:

I am routing this form to the listed supervisor (or data steward if applicable). Supervisor/Data Steward Mr./Mrs. Supervior/Data Steward, if you approve, please enter (use your email address here) into the "Route To" field and click the Approve button

• In the case that an approval is missing, you can place the Footprints ticket status on "Need More Information" and list in the message section that the form is awaiting approval

Terms of Use

Some forms require the applicant to agree to take Shared Data training before getting access to certain classes. An example would be requesting access to the class BAN_GENPERS_MAINT_SD_C on the Banner Student Access form.

In this case the user must agree to Terms of Use by clicking the "Accept Agreement" check box. If this is not done then the form may be subject to disapproval.

Also, the Data Steward needs to enter their initials in the "Data Steward Initials" field as well as the date in the "Date" field. If this is not done then the form can be routed to the Data Steward for entering that information, and routed back to you (and not UTS).

Creating the Account

• Open the Footprints ticket that was generated by the form submission
• Note in the form title if this request is for TEST or PROD
• Note if this request is for an OU Employee, Student Employee or Temporary Employee
• Note at the top of the form if the request is to:
  • Create New Account
  • Modify Existing Account
  • Delete Account
• Navigate to the Signatures page by clicking the Next Page buttons
  • Be sure all necessary approvals are met
  • If not, the form can be routed to the appropriate individuals or disapproved
• If the approvals have all been met, lock the form by clicking the Lock button
• Reopen the form from the link in the Footprints ticket
• Navigate to the last page and click the Process button
• The form should automatically create the account close

Adding Classes

• To add classes to the account log into INB TEST or PROD with the BANSECR credentials
• Under My Banner, double click the Banner Security Maintenance Form [GSASECR]
• Enter the User ID in the User ID field and click enter
• Under the Permissions field click the Modify button
• Click the User Classes button
• On the left there is a Show Classes field. In this field is an All and Enrolled radio button
  • Clicking All will show all available classe ssystem wide
  • Clicking Enrolled will show only those classes that the user has permission to
• Too add a class, just click on it and you will see YES in the User in Class field
• To remove a class, just click on it
• When all classes have been added you may close the form. It will save the settings upon closing

Adding Roles

• Log into the OEM software as BANSECR by expanding either TEST or PROD Databases
• Expand Security by clicking on the plus sign by the Security folder
• Click on the Users folder. A list of available users should appear in the pane to the right
• Double click a user to edit that user
• Click the Role tab
• Highlight a role from the top pane and click the down arrow key to add it to the user's account
• To remove a role, highlight the role form the bottom pane and click the up arrow

Modify Existing Account

Users can add and remove classes and roles as requested via form submission. The approvals process is the same as account creation, with approvals coming from the applicant's supervisor and the relative data steward(s).

• Open the ticket that was generated by the form submission
• Note at the top of the form if the request is to:
  • Create New Account
  • Modify Existing Account
  • Delete Account
• Navigate to the last page to be sure all approvals have been met
  • If not, the form can be routed to the appropriate individuals or disapproved
• Use either one of the above chapters for adding a class or role

Banner for Temp Employees

Temporary employees are not able to use the online utility to set their passwords. In this case you should:

• Log into Banner as BANSECR
• Open the form GSASECR
• Enter the user ID in the User ID field and hit your enter key
• Click the Alter button
• Enter a password in the Password filed
• Re-enter the password in the Verify Password field
• Click the Expire Password button (this is done so that the user is forced to change their password at the next log on)
• Paste that same password in the (Password) Office Use Only filed
• Click the Print button (this will open a separate tab for the PDF)
• Print the form for pick up
• In the Footprints ticket, use the BannerForTemps Quick Message and resolve the ticket
  • If the applicant is not listed as the contact of the ticket, copy and paste the applicant's email address in the CC field of the Footprints ticket
• Resolve the ticket

Reset or Unlock Banner Account Password

Users can now reset and unlock their passwords online here: https://wwwp.oakland.edu/uts/student-services/ban-reset. If the user cannot use the online utility then they may submit a form. This process details how to reset a password via the form.

• Log in to Internet Native Banner as BANSECR
• Open the form GSASECR
• Enter the user ID to be reset and hit your enter key
• Enter a password in the Password field and also the Verify Password field
• Click "Expires Password" button, this will force the user to change the password at the next log in
• Click Save
• Print the paperwork with the password for the user to pick up
• Use the BannerReset Quick Message in Footprints and resolve the ticket
• If the user is not the contact on the ticket be sure to add them as CC
• Lock and close the form

Unlocking the Account

• Log in to Internet Native Banner as BANSECR
• Open the form GSASECR
• Enter the user ID to be locked or unlocked and hit your enter key
• Under the user field click the Alter button
• To the right you will see Lock and Unlock buttons
• Click Save

Resolving the Ticket

• If the request is to create a new account, use the BannerNew Quick Description and resolve the ticket
• If the request is to add classes or roles to the account
  • Use BannerModulesProd for PROD requests and resolve ticket
  • Use BannerModulesTest for TEST requests and resolve ticket
• If the request is for unlocking a Banner account use the BannerReset Quick Description and resolve the ticket
• If the request is for resetting a Banner account use the BannerUnlock Quick Description and resolve the ticket
• If the applicant is not the contact on the Footprints ticket then add the applicant as a CC on the Staff Assignments and Notifications tab of the ticket

Server Accounts

As of November 2015, managers of server accounts outside of UTS may request a Banner account whose password expires only once per year, rather than once every 90 days. In such a case, all of the following is needed:

• The manager of the server account must provide the IP address of the computer where the account will be used. It must be a static IP address. We need the numeric address (e.g. 141.210.x.x), so if you are given a named address (e.g. sample.reg.oakland.edu), you can obtain the numeric address with the nslookup command.
• Using a Banner account with DBA privileges (such as bansecr), you must run the following SQL statements, substituting the account name and IP address into the values clause (single quotes are required as shown):
  • insert into sys.login_ip_restrictions (username, terminal, action_name) values (account name, IP address, 'ONLYHERE');
  • commit;
• You must assign the BANNER_USER_1YEAR user profile to the account.

Deleting Banner Accounts

• Log in to INB with BANSECR credentials
• Double click on the Banner Security Maintenance Form (GSASECR)
• Add the user you wish to delete in the User ID field
• Click the Delete button
• Note: if you get the error "user cannot be deleted since it is a proxy for users on NTRPROX" then do the following:
  • Open the GZPDPRX (Delete Proxy Entries) form from the main page
  • Next block down to the Parameter Values
  • Enter the user name in the "User to Delete" field
  • Enter "D" for deletion in the run mode field
  • Block down to the Submission block and save
• Note: if you get the error "user cannot be deleted since it is defined on FOMPROF" then do the following
  • Open the form FOMPROF
  • Enter the user ID in the USER ID field
  • Click the Next Block button
  • Click the Remove Record button
  • Click the Remove Record button again
  • You should see a message stating "Would you like to remove the record from the Enterprise Access Control table" then Click "Yes"
  • Now the user should be available for deletion

Renaming Banner Accounts

• Create the new account
• Use the Copy Privileges function to copy privileges from old account
• Go to form GOAEACC
• Find user using query
• Remove record

Business Profiles

• Log into Banner as BANSECR
• Enter GOAFBPR into the AppNavigator (SQL Note: the Oracle table is GORFBPR)

• Enter GOAFBPR into the AppNavigator (SQL Note: the Oracle table is GORFBPR)

• Search for the business profile you wish to add by clicking the "..." button

• Choose the Business Profile and click "OK:

• Click "Go". This will bring up a list of users in this Business Profile

• Click "Insert"

• Add the user name form the form
• Click "Save" in the lower right corner of the form

• You should see a successful message

Macomb Account

• Given the location of OU Macomb it is acceptable to have OU Macomb fax credentials over and for the Account credentials to be faxed back to them.

Groups

• Users can be added to groups on this web page: https://netid.oakland.edu/oucagrpmgt/index.php
• Select a group you wish to administer from the "Groups you can administrate" drop down box and click "Administrate"
• From here you may:
  • Remove users
  • Remove administrators
  • Add users
  • Add administrators
  • Delete the group

Unix Accounts

• Add Lee to ticket to create LDAP attributes
• When that is done, launch Putty
• Log in to TEST (banjobs6.dev.oakland.edu) or PROD (banjobs5.sys.oakland.edu)
• Log in with your NetID credentials
• At the Oracle SID press enter
• At prompt run the command sudo /usr/local/bin/mkldaphomes <userID> and press Enter
• If you wish to verify the user run the command ls -la ~<userID>
• Update and close ticket

Monthly Staffing Reports

Each month we get a staffing report via Footprints ticket by University Human Resources (see ticket 54179 as an example). This report contains information about new hires, departmental moves and terminations. The goal is to focus on departmental transfers so that we may obtain new access requests forms reflecting the new departmental change.

• Open the ticket and review the report.
• The first section, Additions - New Hires, can be skipped
• In the next section, Promotions, look to find employees who have been promoted to a different department. The current department is listed on the left and the new promotion department is listed on the right.
  • If an employee's new department is different form their old department then open a Footprints ticket for tracking the new access request forms. Use Category Account request and Level 2 Banner Module Request. This ticket will be used to track the incoming requests.
  • Send an email to the user in question using this template: /OutboundMessage
  • Copy Becker and Kondek on the email.
• Generate a report of the user access to attach to the outgoing email
  • Open the Banner Data Dictionary
  • Click the "List Database Security Structures" button
  • Select the "List All Oracle Users" radio button and click "Execute"
  • Select the user from the "Select the user whose privileges you wish to see (summary):" drop down list and click "Execute". This will list all classes and roles for that user
  • To save this file click "File" ... "Save As" to save the html page
  • Save the page as the user name (i.e. smithuseraccess.html or similar) to include in the ticket

Additional Support

• OU Technology Center
• 44 Oakland Center
• Rochester, MI 48309-4479
• (248) 370-4357
• Office Hours: M-F 8:00am - 5:00pm