General Guidelines

Applicable or Related Code Sections

• N/A

Related Links

• Maintaining OAKS FIN User Security Roles
• OAKS Helpdesk

OAKS FIN Security Role

The Chief Fiscal Officer (CFO) or agency FIN security designee is responsible for reviewing and assigning security roles that ensure users of OAKS Financials (FIN)  have the access they need to perform their jobs and do not have access to unnecessary roles. All roles must be removed when an employee or contingent worker (i.e., certain contractors) is separated from service or their contract has expired. Appropriate internal controls, such as segregation of duties, must also be considered and implemented when FIN security roles are assigned.

Roles are granted by the CFO or agency designee in OAKS FIN, some roles are effective immediately and others are activated through an overnight batch process. Review the "Maintaining OAKS FIN User Security Roles" topic in the FIN Process Manual for guidance pertaining to changing or granting user's security access.

The following queries are available in OAKS FIN:

• OH_ROLE_HANDBOOK - provides a list of all OAKS FIN security roles and their descriptions.
• PT_SEC_USERS_ROLE - provides a list of security roles assigned to an employee.
• PT_SEC_ROLE_USERS - provides a list of security roles and the employees assigned to those roles.

Occasionally, workflow in OAKS FIN will route transactions to employees who are unavailable to process the transactions. When this happens, agencies must contact the OAKS Helpdesk who will initiate a helpdesk ticket to request the transaction be moved to the appropriate worklist.

Central Security Approval

The Office of Budget and Management shall serve as the central security approver to approve agency FIN security designee role additions, removals, and updates. OAKS FIN workflow directs the request to the central security approver(s).

Add, Change, or Delete an Agency FIN Security Designee

To add, change, or delete an agency-level security designee, when no one in the agency has the security designee role, the agency CFO or Director, must email the OAKS Helpdesk to request the update. The email must include:

• Employee name and State Of Ohio User ID of the person from who the role is being removed; and
• Employee name and State Of Ohio User ID  of the person for who the role is being added;

The OAKS Helpdesk will create an OAKS CRM case. Once the case is resolved, the requestor will receive an email with the case resolution.

OAKS Application Security Audit

Semi-annually, the OAKS Financials Service Assurance team sends out a report with an audit task to each agency security designee for review. The report, details the security assigned to all users within an agency, and must be reviewed for accuracy. Agencies must review their employee's assigned roles and corresponding attributes to verify employees have only the appropriate security roles in the OAKS FIN Application.