Banner Admin Account Policy & Procedures
This policy defines the rules and procedures for issuing William & Mary faculty, staff, students, or affiliates a Banner Admin account. Specifically, this document ensures that university employees understand the rules that govern the creation, use and termination of a Banner Admin account and abide by the policies regarding the appropriate usage of Banner data.
Scope
This standard applies to all university faculty, staff, students and affiliates who are issued Banner Admin Accounts.
Definitions
- Banner Admin Account - A Banner Admin account allows access to the Ellucian Banner enterprise systems of the University. Specifically, the Banner Admin production instance. Access to Banner Self Service is granted based on a user’s role in the WM Account for Student or Employee Self Service. Users who need access to Finance Self Service must submit a request to the IT Security Administrator for Banner. All Banner Admin accounts use the W&M Username and password.
Policy
Banner admin accounts are only created for faculty, staff, affiliates and when absolutely necessary, students, that have a demonstrated need to access Banner for legitimate business purposes. Banner admin accounts will be assigned to security classes to limit access for everyone based on their specific job duties. Banner admin accounts must be requested, reviewed, and approved by appropriate staff with sufficient separation of duties between the individuals performing these functions. Prior to account activation, users will have to complete mandatory training. All accounts will have unique passwords that adhere to the university’s password policy. Accounts must be locked immediately upon the departure of an account holder from his/her employment or enrollment at W&M.
Procedures
Banner Admin Account Creation
- FACULTY AND STAFF - Departments may request a Banner Admin account for faculty and staff via the Banner Access Request form on Request IT. Faculty and staff must complete required navigation training before an account or access is granted. The request must be approved by the Department Head or designee and sent to the Information Technology Security Administrator (if the request is for Finance access and limited to grant budgets, then the Office of Grants and Research Administration (W&M) or the Office of Sponsored Programs (VIMS) may approve the request). Upon receipt of the request, the IT Security Administrator reviews the requested access and seeks clarification as needed. Requests and clarifications are stored for audit purposes. The IT Security Administrator forwards the request to the appropriate data stewards for approval based on the access requested. Data stewards email the IT Security Administrator their approval for access for the requestee. The IT Security Administrator contacts the requestee upon access approval with instructions on completing the required Banner Admin navigation training. Requestee completes Banner Admin Navigation Online Training in Banner USER and notifies the training instructor of completion. The training instructor reviews test scores and records completion date in the Training database. If completed with an 80% or higher, IT Security Administrator is contacted with the information on successful completion. If the scores are less than 80%, the training instructor notifies the requestee to retake. The IT Security Administrator contacts both the user and functional lead for additional functional training after successful completion of the Banner Admin Navigational training. Functional lead(s) conducts training with the Requestee and emails the IT Security Administrator when training is completed. The IT Security Administrator notifies the user of access to Banner PROD account after all training has been completed and communicated.
- STUDENTS - Students may also be granted access to Banner Admin; however, access is governed by the preceding steps, must be work-related access and is generally more restrictive, i.e., query only. These requests must contain an expiration date. In addition, approval for undergraduate student workers must be obtained from the Chief Technology Officer. The Chief Technology Officer has the authority to supersede a Data Steward’s approval. Student Banner Admin account access is normally only allowed Monday thru Friday 8:00 a.m. thru 5:00 p.m. Exceptions to this policy can be requested.
- THIRD PARTY/AFFILIATES - Access to Banner Admin may also be granted to affiliates. A third party may be a contractor, state auditor, etc. The same request and approval process is followed as described above. In addition, approval must be obtained from the Chief Technology Officer. The Chief Technology Officer has the authority to supersede a Data Steward’s approval. These requests are considered temporary and must contain an expiration date. Volunteers are NOT granted access to Banner Admin.
Banner Admin Account Termination
Banner Admin accounts are terminated upon the end of employment with W&M. Because of the unique employment agreements between the university and some of its faculty, the process is not automated. The process begins with an employee giving notice of their intent to leave their job. Employee supervisors are responsible for notifying HR of the employee’s termination and providing a termination date. At the beginning of each pay period, HR provides a list of terminations to the IT Security administrator. HR also submits an employee clearance form for separating staff. The IT Security Administrator then terminates the accounts on the list. Additionally, the IT Security Administrator periodically runs a series of queries to identify people who have left employment at W&M but were not included on the termination list from HR.
Banner Admin Account Audits
Data stewards are required to review security classes and forms within their responsibility along with the user accounts having access to them via the Qlik Data Governance app. Data stewards will be required to review the report and respond via email to the Chief Security Information Officer and the IT Security Administrator with any changes to the security profiles and access rights. The IT Security Administrator will make the necessary changes in the Banner Security application. All correspondence will be saved as evidence of the audit and any changes made.
Oracle Account Password
The Oracle password is used to access Banner database tools such as Discoverer, TOAD, and SQL Developer. The initial Oracle account password issued is created by the IT Security Administrator and is set to expire upon the first login. Users must change their password to a unique password that adheres to these specific rules:
- must be between 8 and 15 change characters long;
- must include at least one upper and lower case letter and one numerical digit;
- must differ from your last password by at least 3 characters;
- may NOT include special characters except the underscore (“_”);
- may NOT include the user’s W&M Username or any of the simple words that Oracle recognizes; and
- cannot reuse any of your last 24 passwords and cannot reuse a password within 365 days of it's last use.
Oracle passwords must be changed every 90 days. Users may log into a Banner Admin database tool with an expired password but must change it immediately before proceeding further into the system.
Users who attempt to login to Banner Admin with an incorrect password receive an error message. After three unsuccessful attempts, the user’s account will be locked. A self-service password reset service is provided via our Banner self-service module. Instructions are on the Banner 9 FAQs page, under How do I change my Oracle Password?
Questions?
Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]] | Monday - Friday, 8:00 am - 5:00 pm