Security for Banner is granted based on the business need for an individual to be able to complete an essential job function. All requests are vetted by multiple approvers and are granted only on an 'as-needed' basis. All security objects are granted through security class and roles. Security classes are comprised of Pages that are accessible through Banner 9 Admin Pages. Roles are comprised of tables and views that are accessible through a SQL interface, such as Microsoft Access.
To submit a request to grant, elevate, or reduce access within Banner (including Finance), please follow the instructions in the appropriate article in the Banner Security Knowledge Base Category.
Security Structure
Banner is made up of a large amount of data that is organized into tables using an Oracle Database. This data is accessed via Admin Pages or other methods like Open Database Connectivity (ODBC) for use in reporting.
Some methods for accessing data allow for updating the data, while others allow only querying. If a user accesses data via ODBC, they can only query the data while using Admin Pages they can update or query the data.
Banner Security starts with the Oracle Username. Oracle is the underlying database which houses all Banner data. Admin Pages facilitate single sign-on (SSO) access using Drake Username and passwords, so a user doesn't generally need to know their Oracle ID. ODBC users will need to know their Oracle ID to access Banner data.
Within Banner, privileges that specify whether a user can access particular data via a particular method are granted to an Oracle Username. These are granted in groups called security classes. For ODBC, these are called roles. Both roles and security classes are collections of privileges that can be granted to a user.
Users are never granted access to a single Admin Page or table/view directly. Access is granted only through a security class or role. Additionally, security classes and roles are set up and owned by the Data Stewards for each Banner Module. The Banner Modules are:
Banner Modules
Module |
Abbreviation
|
Admission and Recruiting |
RAC |
Finance |
FIN |
Financial Aid |
AID |
General |
GEN or JOB |
Human Resources |
HRS |
Institutional Advancement |
ALU |
Non-Student Accounts |
ARN |
Payroll |
PAY |
Student Accounts |
ARS |
Student Life/Housing |
SLH |
Student Records |
STU |
A single user may be assigned security classes and roles from multiple modules. The security classes and roles assigned to a user will depend on their job function.
Banner Security Roles
There are several roles involved in granting a user access to a Banner security class or role.
Data Owner - The individual who has ownership of a set of Banner data, contained within the various Banner Modules. The Data Owner is the final decision maker for any Banner data related decisions within their module. Data Owners may delegate certain powers to Data Stewards.
Data Steward - The person(s) who have been delegated jurisdiction over a set of Banner data. The Data Steward is responsible for approving access to data requested. Data Stewards also define security classes and roles in correlation with job functions of users. There is a Data Steward for each Banner Module.
Trainer - The trainer is responsible for ensuring users understand how to access data for approved requests. The trainer must sign off on each user's training. Drake policy states that all users must be trained prior to being given access to Banner and Banner data.
Data Custodian/Security Administrator - This is the ITS staff member that creates or modifies the Banner user based on the request and the Data Steward's approval. The Security Administrator also oversees the overall security process to ensure Drake policy is followed. The Data Custodian ensures that the data within each module is accessible on demand from the end user.