This document is intended to provide information on the HR 9.2 custom decommissioning process.

This is a custom process that can be run against Business Unit in either Report Only or Update mode. The CO Information Security team manages this process on a monthly basis. Campuses are not granted access to run this process. This process is usually run for each campus once a month but campus can submit a ServiceNow ticket to request the CO Information Security team to run it adhoc. This customization is associated with GRP 210.

Navigation: Menu > CSU Central Security > Run Decommissioning Process

The process is setup to run one Business Unit at a time, with "Report Only" option selected on the run control.

Select the appropriate campus folder name in the Distribution details, and set the Distribution ID to the campus-specific security role.

When the process completes successfully, it will email those assigned to the campus-specific security roles, and the reports will be accessible in each member's Report Manager.

Navigation: Menu > Reporting Tools > Report Manager

The campus security administrators will need to review two reports within CSU_SEC_DCMR.

The first report is called AutoLastDayWorkedOrPlannedExitRoleReport_processinstance.csv

This report will list individuals with job data where the Last Date Worked has passed the report’s run date, or Person-of-Interest records where the Expected End Date has passed the run date.

Campuses should review these records to decide whether the roles should be removed from the OPRID. Roles can be removed manually, or campuses can submit a ServiceNow ticket to the CO Information Security team to have the Decommission Process run in Update mode. For the manual removal of roles, if user has one of the CO assigned roles, e.g. CSU ID Search (CHR_WA_CSU_ID_Search), Campus Security Administrator (CHR_PT_xx_Security_Admin), and etc., campus will need to submit a ServiceNow ticket through the CO Service Hub to have CO assigned roles removed from user’s profile.

When the Decommission Process is run in Update mode, it will remove all roles from every OPRID listed in the report. However, if the campus security administrator wishes to "protect" one or more OPRIDs from having their roles removed, they can assign the role ‘CHR_PT_NODEPROVISION’ to those OPRIDs. This will instruct the Decommission Process to skip those OPRIDs and not remove their roles. Please note that going forward, each campus will need to track and remove roles manually for any users granted with CHR_PT_NODEPROVISION role.

The second report is called ManualReviewMultipleJobsRoleReport_processinstance.csv.

When an employee holds two jobs at the same campus and terminates one of them, the process cannot determine which roles to delete for the terminated job. This report will highlight such cases for the distributed security administrators to review. The Decommission Process will not remove these roles, even when run in Update mode. Roles assigned to the OPRID in this report will need to be reviewed and manually adjusted if necessary.

End of Article