Security for Banner is granted based on the business need for an individual to be able to complete an essential job function. All requests are vetted by multiple approvers and are granted only on an 'as-needed' basis. All security objects are granted through security class and roles. Security classes are comprised of Pages that are accessible through Banner 9 Admin Pages. Roles are comprised of tables and views that are accessible through a SQL interface, such as Microsoft Access.
To submit a request to grant, elevate, or reduce access within Banner (including Finance), please follow the instructions in the appropriate article in the Banner Security Knowledge Base Category.
Security Structure
Banner is made up of a large amount of data that is organized into tables using an Oracle Database. This data is accessed via Admin Pages or other methods like Open Database Connectivity (ODBC) for use in reporting.
Some methods for accessing data allow for updating the data, while others allow only querying. If a user accesses data via ODBC, they can only query the data while using Admin Pages they can update or query the data.
Banner Security starts with the Oracle Username. Oracle is the underlying database which houses all Banner data. Admin Pages facilitate single sign-on (SSO) access using Drake ID and passwords, so a user doesn't generally need to know their Oracle ID. ODBC users will need to know their Oracle ID to access Banner data.
Within Banner, privileges that specify whether a user can access particular data via a particular method are granted to an Oracle Username. These are granted in groups called security classes. For ODBC, these are called roles. Both roles and security classes are collections of privileges that can be granted to a user.
Users are never granted access to a single Admin Page or table/view directly. Access is granted only through a security class or role. Additionally, security classes and roles are set up and owned by the Data Custodians for each Banner Module. The Banner Modules are:
Banner Modules
| Module |
Abbreviation
|
| Admission and Recruiting |
RAC |
| Finance |
FIN |
| Financial Aid |
AID |
| General |
GEN or JOB |
| Human Resources |
HRS |
| Institutional Advancement |
ALU |
| Non-Student Accounts |
ARN |
| Payroll |
PAY |
| Student Accounts |
ARS |
| Student Life/Housing |
SLH |
| Student Records |
STU |
A single user may be assigned security classes and roles from multiple modules. The security classes and roles assigned to a user will depend on their job function.
Banner Security Roles
There are several roles involved in granting a user access to a Banner security class or role.
Data Custodian - The person who has jurisdiction over a set of Banner data. The data custodian is responsible for approving access to data requested. Data Custodians also define security classes and roles in correlation with job functions of users. There is a data custodian for each Banner Module.
Trainer - The trainer is responsible for ensuring users understand how to access data for approved requests. The trainer must sign off on each user's training. Drake policy states that all users must be trained prior to being given access to Banner and Banner data.
Security Administrator - This is the ITS staff member that creates or modifies the Banner user based on the request and the Data Custodian's approval. The Security Administrator also oversees the overall security process to ensure Drake policy is followed.