Versions Compared

Old Version 86

changes.mady.by.user Andrea Boehm

Saved on

compared with

New Version Current

changes.mady.by.user Andrea Boehm

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Panel

Table of Contents

...

Note

When creating roles you cannot use an underscore in the role id.  Underscores are reserved for SSDT created roles.  You cannot edit or delete roles that contain underscores (the SSDT standard roles).

...

...

SSDT

...

Roles

...

 

...


Redesign RoleClassic USPS IdentifierDefinitionGranted
N/AOECN_SYSMANClass Sysman Manager RoleGROUP_MANAGEROECN_USPS_
CUSTOM_FIELD_MANAGERN/A

Grants you access to the System / Custom Field Definitions view and the Core / Date Code view:

  • Create
  • Update
  • Delete
  • Report on any custom field definition / date code

MODULE_CUSTOMFIELD

MODULE_CUSTOMFIELD_CREATE

MODULE_CUSTOMFIELD_DELETE

MODULE_CUSTOMFIELD_REPORT

MODULE_CUSTOMFIELD_UPDATE

MODULE_CUSTOMFIELD_VIEW

N/AOECN_SYSMANClass Sysman Manager Role
GROUP_MANAGEROECN_USPS_GMClassic USPS Group Manager Role

ADMIN_MASSCHANGE_EXECUTE

ADMIN_REPORTS

MODULE_ADMIN_VIEW

MODULE_AUDIT_VIEW

MODULE_CONFIG_ORGANIZATION

MODULE_CUSTOMFIELD_VIEW

MODULE_FILE_

OTHER

AUDITREPORT_

CREATE

UPDATE

MODULE_FILE_

OTHER

AUDITREPORT_

UPDATE

VIEW

MODULE_FILE_

VIEW

OTHER_CREATE

MODULE_FILE_OTHER_UPDATE

MODULE_FILE_VIEW

MODULE_FILE_PAYFORM_CREATE

MODULE_FILE_PAYFORM_UPDATE

MODULE_FILE_PAYFORM_VIEW

MODULE_FILE_PAYROLLARCHIVE_CREATE

MODULE_FILE_PAYROLLARCHIVE_UPDATE

MODULE_FILE_PAYROLLARCHIVE_VIEW

MODULE_FILE_W2ARCHIVE_CREATE

MODULE_FILE_W2ARCHIVE_UPDATE

MODULE_FILE_W2ARCHIVE_VIEW

MODULE_IMPORT

MODULE_RULES_VIEW

MODULE_MANAGER

USPS_MANAGER

USPS_STANDARD

STANDARD_USEROECN_USPSClassic USPS Standard Role

MODULE_FILE_AUDITREPORT_VIEW

MODULE_FILE_OTHER_VIEW

MODULE_FILE_PAYFORM_VIEW

MODULE_FILE_PAYROLLARCHIVE_VIEW

MODULE_FILE_W2ARCHIVE_VIEW

USPS_STANDARD

STANDARD_READONLY_USEROECN_USPS_ROClassic USPS Read-Only Role

USPS_STANDARD_ABSENCE_VIEW

USPS_STANDARD_ADJUSTMENTJOURNAL_REPORT

USPS_STANDARD_ADJUSTMENTJOURNAL_VIEW

USPS_STANDARD_AOS_REPORT

USPS_STANDARD_ATTENDANCE_REPORT

USPS_STANDARD_ATTENDANCE_VIEW

USPS_STANDARD_BENEFITOBLIGATION_REPORT

USPS_STANDARD_CODE_REPORT

USPS_STANDARD_CODE_VIEW

USPS_STANDARD_COMPENSATION_REPORTS

USPS_STANDARD_COMPENSATION_VIEW

USPS_STANDARD_CONTRACTEDSERVICE_REPORT

USPS_STANDARD_CONTRACTEDSERVICE_VIEW

USPS_STANDARD_EMISCONTRACTOR_REPORT

USPS_STANDARD_EMISCONTRACTOR_VIEW

USPS_STANDARD_EMISENTRY_REPORT

USPS_STANDARD_EMISENTRY_VIEW

USPS_STANDARD_EMPLOYEE_REPORT

USPS_STANDARD_EMPLOYEE_VIEW

USPS_STANDARD_EXPENDITUREACCOUNT_REPORT

USPS_STANDARD_EXPENDITUREACCOUNT_VIEW

USPS_STANDARD_FEDERAL_REPORT

USPS_STANDARD_HISTORICAL_POSITION_REPORT

USPS_STANDARD_HISTORICAL_POSITON_VIEW

USPS_STANDARD_JOBCALENDAR_REPORT

USPS_STANDARD_JOBCALENDAR_VIEW

USPS_STANDARD_LEAVES_REPORT

USPS_STANDARD_LEAVES_VIEW

USPS_STANDARD_LEAVETRANSACTION_REPORT

USPS_STANDARD_LEAVESTRANSACTION_VIEW

USPS_STANDARD_NEWCONTRACT_REPORT

USPS_STANDARD_NEWCONTRACT_VIEW

USPS_STANDARD_OHIO_REPORT

USPS_STANDARD_ORGANIZATION_REPORT

USPS_STANDARD_ORGANIZATION_VIEW

USPS_STANDARD_PAYDISTRIBUTIONS_REPORT

USPS_STANDARD_PAYDISTRIBUTIONS_VIEW

USPS_STANDARD_PAYEE_REPORT

USPS_STANDARD_PAYEE_VIEW

USPS_STANDARD_PAYGROUP_REPORT

USPS_STANDARD_PAYGROUP_VIEW

USPS_STANDARD_PAYLEDGER_REPORT

USPS_STANDARD_PAYLEDGER_VIEW

USPS_STANDARD_PAYMENTTRANSACTION_REPORT

USPS_STANDARD_PAYMENTTRASANCTION_VIEW

USPS_STANDARD_PAYMENT_REPORT

USPS_STANDARD_PAYMENT_VIEW

USPS_STANDARD_PAYROLLACCOUNTS_REPORT

USPS_STANDARD_PAYROLLACCOUNTS_VIEW

USPS_STANDARD_PAYROLLITEMCONFIG_REPORT

USPS_STANDARD_PAYROLLITEMCONFIG_VEW

USPS_STANDARD_PAYROLLITEM_REPORT

USPS_STANDARD_PAYROLLITEM_VIEW

USPS_STANDARD_PAYROLL_REPORT

USPS_STANDARD_PAYROLL_VIEW

USPS_STANDARD_POSITION_REPORT

USPS_STANDARD_POSITION_VIEW

USPS_STANDARD_POSTINGPERIOD_REPORT

USPS_STANDARD_POSTINGPERIOD_VIEW

USPS_STANDARD_REPORT

USPS_STANDARD_RETIREMENT_REPORT

USPS_STANDARD_STATEREPORTINGCODES_REPORT

USPS_STANDARD_STATEREPORTINGCODES_VIEW

USPS_STANDARD_USAS_INTEGRATOIN_VIEW

USPS_STANDARD_W2CITYOVERRIDE_REPORT

USPS_STANDARD_W2CITYOVERRIDE_VIEW

USPS_STANDARD_AGEOBLIGATION_REPORT

USPS_LEGACY-ATTENDANCE-USEROECN_USPS_ATTENDClassic USPS_ATTEND Standard Role
LEGACY_DATES_USEROECN_USPS_DATESClassic USPS_DATES Standard Role

USPS_PERSONNEL_EMPLOYEE_REPORT

USPS_PERSONNEL_EMPLOYEE_UPDATE

USPS_PERSONNEL_EMPLOYEE_VIEW

LEGACY-DATES-READONLY-USEROECN_USPS_DATES_ROClassic USPS_DATES Read-Only Role
LEGACY-EMIS-USEROECN_USPS_EMISClassic USPS_EMIS Standard Role
LEGACY-EMIS-READONLY-USEROECN_USPS_EMIS_ROClassic USPS_EMIS Read-only Role
PERSONNEL_USEROECN_PPSClassic PPS Standard Role
PERSONNEL_READONLY_USEROECN_PPS_ROClassic PPS Read-Only Role

USPS_PERSONNEL_EMPLOYEE_REPORT

USPS_PERSONNEL_EMPLOYEE_VIEW

USPS_PERSONNEL_POSITION_REPORT

USPS_PERSONNEL_POSITION_VIEW

USPS_STANDARD_ABSENCE_VIEW

USPS_STANDARD_ATTENDANCE_REPORT

USPS_STANDARD_ATTENDANCE_VIEW

USPS_STANDARD_LEAVES_VIEW

USPS_STANDARD_LEAVETRANSACTION_REPORT

USPS_STANDARD_LEAVETRANSACTION_VIEW

USPS_STANDARD_NEWCONTRACT_VIEW

USPS_STANDARD_STATEREPORTINGCODES_VIEW


The following Roles can not be modified or added to:

...

  • MODULE_FILE_PAYROLLARCHIVE_VIEW
  • MODULE_FILE_PAYROLLARCHIVE_REPORT

Compensation Permission

To give access to only Compensation, grant them USPS_STANDARD_COMPENSATION. This will give them access to View, Update, Create and Delete (Archive).  Have the option to only grant them certain ones by using:

  • _VIEW
  • _UPDATE
  • _CREATE
  • _DELETE

District Audit Job and SOC1 Audit Job

User must have the required permission, USPS_STANDARD_AOS and MODULE_FILE_AUDITREPORT ,  to schedule SOC1AuditJob or DistrictAuditJob in Job Scheduler.

Standard and GM roles will include the following below: (This will be on the 6.27 Release 08/12/2022)

  • STANDARD_USER
    • MODULE_FILE_AUDITREPORT_VIEW
  • GROUP_MANAGER
    • MODULE_FILE_AUDITREPORT_VIEW
    • MODULE_FILE_AUDITREPORT_CREATE
    • MODULE_FILE_AUDITREPORT_UPDATE

Earnings Register 

USPS_STANDARD_PAYROLL_VIEW is the role needed to run Employee Earnings Register.

Home Page - Highest Check Number(s)

User must have USPS_MANAGER_BANKACCOUNT_VIEW & USPS_STANDARD_PAYMENTTRANSACTION_VIEW to see the grid below:

Image Removed

Kiosk User Permissions

User must be granted USPS_STANDARD_PAYMENTTRANSACTION_VIEW which is included in the STANDARD_READONLY_USER role. But if the user doesn't have this role, then they will need granted to the USPS_STANDARD_PAYMENTTRANSACTION_VIEW.

Mass Change 

The permissions below may be granted to other roles as desired by the school district.  

  • ADMIN_MASSCHANGE
  • ADMIN_MASSCHANGE_CREATE
  • ADMIN_MASSCHANGE_DELETE 
  • ADMIN_MASSCHANGE_EXECUTE - able to run/execute any pre-existing Mass Change definitions but cannot create new

Single-Object Audit Report

To see the Single-Object Audit report, listed under many of the Core objects, it is visible to users with GROUP_MANAGER role or higher.  Can be granted to STANDARD_USER using the permission MODULE_AUDIT (this will also grant them to Reports/Audit Report)

Permissions to Change User Password

Currently a custom USPS Password role would require these three permissions:

USPS_ADMIN_USER_PASSWORD

USPS_ADMIN_USER_VIEW

Position permission 

...

Codes

Added to Roles:

  • STANDARD_READONLY_USER
    • USPS_STANDARD_CODE_VIEW
    • USPS_STANDARD_CODE_REPORT
  • STANDARD_USER
    • USPS_STANDARD 
  • GROUP_MANAGER
    • USPS_STANDARD

Any other Role will need to add USPS_STANDARD_CODE

  • _CREATE
  • _DELETE
  • _REPORT
  • _UPDATE
  • _VIEW

Compensation Permission

To give access to only Compensation, grant them USPS_STANDARD_COMPENSATION. This will give them access to View, Update, Create and Delete (Archive).  Have the option to only grant them certain ones by using:

  • _VIEW
  • _UPDATE
  • _CREATE
  • _DELETE

District Audit Job and SOC1 Audit Job

User must have the required permission, USPS_STANDARD_AOS and MODULE_FILE_AUDITREPORT ,  to schedule SOC1AuditJob or DistrictAuditJob in Job Scheduler.

Standard and GM roles will include the following below: (This will be on the 6.27 Release 08/12/2022)

  • STANDARD_USER
    • MODULE_FILE_AUDITREPORT_VIEW
  • GROUP_MANAGER
    • MODULE_FILE_AUDITREPORT_VIEW
    • MODULE_FILE_AUDITREPORT_CREATE
    • MODULE_FILE_AUDITREPORT_UPDATE

Earnings Register 

USPS_STANDARD_PAYROLL_VIEW is the role needed to run Employee Earnings Register.

Home Page - Highest Check Number(s)

User must have USPS_MANAGER_BANKACCOUNT_VIEW & USPS_STANDARD_PAYMENTTRANSACTION_VIEW to see the grid below:

Image Added

Kiosk User Permissions

User must be granted USPS_STANDARD_PAYMENTTRANSACTION_VIEW which is included in the STANDARD_READONLY_USER role. But if the user doesn't have this role, then they will need granted to the USPS_STANDARD_PAYMENTTRANSACTION_VIEW.

Mass Change 

The permissions below may be granted to other roles as desired by the school district.  

  • ADMIN_MASSCHANGE
  • ADMIN_MASSCHANGE_CREATE
  • ADMIN_MASSCHANGE_DELETE 
  • ADMIN_MASSCHANGE_EXECUTE - able to run/execute any pre-existing Mass Change definitions but cannot create new

Single-Object Audit Report

To see the Single-Object Audit report, listed under many of the Core objects, it is visible to users with GROUP_MANAGER role or higher.  Can be granted to STANDARD_USER using the permission MODULE_AUDIT (this will also grant them to Reports/Audit Report)

Permissions to Change User Password

Currently a custom USPS Password role would require these three permissions:

USPS_ADMIN_USER_PASSWORD

USPS_ADMIN_USER_VIEW

Position permission 

**NOTE** On the Role view, for any existing role that had USPS_STANDARD_POSITION_* assigned, the role should now also include the equivalent compensation role.  For example, if a role was assigned USPS_STANDARD_POSITION, it should now also have USPS_STANDARD_COMPENSATION.  If a role had USPS_STANDARD_POSITION_VIEW, it should now also have USPS_STANDARD_COMPENSATION_VIEW, etc.

To give full access to only Position, grant them USPS_STANDARD_POSITION.  This will give them access to View, Update, Create and Delete.  Have the option to only grant them certain ones by using:

...

Administrators (Admin) will automatically have this permission by default through the USPS permission they have.  Other employee's can be given the USPS_WORKFLOWS_ADMIN permission under Roles this includes USPS-GM employees.

...

If other employee's need access to the Workflow, USPS_STANDARD_EMPLOYEE role will give access to the Employee OnBoarding

...

employee's need access to the Workflow, USPS_STANDARD_EMPLOYEE role will give access to the Employee OnBoarding

  • USPS_STANDARD_EMPLOYEE_VIEW only allows to view Workflows (does not show the 'Start Onboard Process' button)
  • USPS_STANDARD_EMPLOYEE_CREATE and _VIEW will allow to view, create and delete new Employee OnBoarding
    • Users can edit other users created employees but CANNOT delete other users created employees

W2 Reports>W2 Archive Individual and W2 Mailable Forms

Employee's with only STANDARD_READONLY_USER privilege, will NOT be able to see/run W2 Archive Individual and W2 Mailable Forms.  The user will need granted, USPS_STANDARD_FEDERAL_CREATE privilege, to see/run all W2 Report Options. 

Menu Permissions List

Click here for a list of permissions for each menu option.

...

Permissions allow a user to perform certain functions within the software. Permissions are set up in a hierarchy. Granting access to the top level grants all the access below it.  For example, employee's granted the USPS_STANDARD role have the ability to access 'payroll' related modules and some reports.  Can create, delete, update and view: 

**Execute - Example - (ADMIN_MASSCHANGE_EXECUTE) you can execute any mass change definition that someone else has created or imported, including the SSDT.  This limits what you can do to a much safer 'subset'.

**Creator - Example -  (ADMIN_MASSCHANGE_CREATE or ADMIN_MASSCHANGE) can make up any mass change definition they want and execute it against the database.  Obviously, "with great power comes great responsibility", so this is a much more powerful, useful and potentially dangerous role.

In order to utilize the payroll software, your ITC must provide you with the necessary privileges to run the programs. You may have certain employees in your district who need to utilize the contract information and other employees that are only involved with reporting EMIS data on staff members, and should not be allowed to see contract information. USPS provides security mechanisms to allow your ITC to grant what is called an "identifier" to each user. In this system, the user can be granted a "USPS" identifier and/or a "Personnel" identifier. The "USPS" identifier allows the person access to all fields in the system pertaining to the contract information. The "Personnel" identifier would be granted to the person who should only see the fields which need to be maintained for reporting information for EMIS, which would exclude information pertaining to the contracts and other specific payroll data. An employee can also be granted identifiers to access both types of data, which is typical for the Treasurer in the district.

...