Usage of Functional IDs/Accounts
Departments who determine that they have a need for a Functional ID/Account
to access an Enterprise system (e.g., PeopleSoft) are expected to adhere
to standards regarding the usage of their Functional IDs.
Important News - A new standard for Functional ID usage
Effective immediately OIT Data Security will be applying a new standard as new Functional IDs are requested. Anyone who will work for your department for more than 1 week must request access under their own X.500 ID (generic X.500 Sponsored Accounts i.e., FUNCT%%% cannot be used by anyone working longer than 1 week). To get these employees into the X.500 your Department must request a Sponsored X.500 account. The following standards apply:
- The Sponsored X.500 account should be setup using the new temporary hire's name, not something generic (i.e., FUNCT%%%, GRAD%%% etc.)
- The Access Request Form (ARF) and appropriate attachments must be submitted to OIT Data Security in order to request access for the new temporary hire.
- This Sponsored Account, access and the M Key assigned are for the use of this specific person and cannot be transered to another person for use.
- The new temporary hire's Supervisor is responsible for notifying OIT Data Security when this person is no longer employed with their department via the "Change of Employment Status" form.
Some of the common uses of Functional IDs are:
- Access for Functional IDs can be restricted enabling the department
to prevent access outside of normal business hours.
- Can be used by temporary employees (i.e., Adecco, contractors) who will work for your department for 1 week or less.
- Functional IDs are often used as "training IDs" by departments
that train staff on how to use Enterprise Systems.
Standards Relating to Functional IDs:
- An X.500 Sponsored Account must be established and maintained for each Functional ID.
- Functional IDs must go through the standard Access Request form and authorization process.
- Data Custodians determine the type/level (view vs. update) to be associated with a Functional ID accessing their data.
- The Department must select a person who will be responsible for the Functional ID. This person signs as Requester on the Access Request Form.
- If the Functional ID is used by more than one person, the 'owner' or department person is responsible for maintaining the security of the password by either:
- Log in/authenticating into the application with the ID/Password, or
- Ensuring that the password for the Functional ID is changed whenever anyone who knows the password leaves your department.
How to Request an X.500 Sponsored Internet