Procedure
This procedure covers guidance for requesting and reviewing financial security access to the following systems:
- PeopleSoft - Finance 
 a. This is the University's core ERP system and includes the production database and reporting database.
- Web Applications
 a. Used for front end data entry and reporting
- Workday Planning
 a. The University's budget and planning system
Requests for Finance Security Access
When a new employee is hired or an employee changes positions within the University, their finance security must be reviewed and requests for new access or changes are to be submitted through the appropriate channels. The table below can be used to determine how to request and/or change access to the finance systems.
| PeopleSoft Finance | Web Applications | Workday Planning | |
|---|---|---|---|
| Basis | Role | Application and Access Level | |
| How to Add/Change | PARS Request | Security App within Web Applications | |
| Processing Office | Business/Fiscal Officer or Shared Services | Business/Fiscal Officer or Shared Services | Campus Budget Officer | 
| Approval Office | Campus Finance or Sponsored Programs | Campus Finance | Campus Budget Office | 
Note: access to CRR/ARR is separate from the Web Applications security request and is completed in the CRR Maintenance APP within Web Applications.
Employees should only be granted access to financial systems, roles, and levels if it is necessary to execute their job duties. A request for finance access may not be required for all employees. Additionally, some roles are automatically given to all active employees. These are called 鈥渄ynamic roles鈥, which includes access to certain roles and applications. Examples include the ability to enter employee expense reports, use of the trip optimizer tool, access to the grant searchable database, and certain other read only web application access.
Business Finance Mangers, Fiscal Officers, or equivalent roles are responsible for initiating requests for access through the means listed above and will be routed for approval to the authorized central office. If your campus utilizes the University Shared Services function, then Shared Services will initiate the request as requested from the 鈥渞esponsible鈥 individual in level 3 of FIN Structure in WebApplications. Descriptions of the roles in PeopleSoft Finance can be found in the PARS application while more information on the Web Application levels can be found at this .
Some roles and access levels require the completion of training courses before access will be granted. Business Finance Managers, Fiscal Officers, or the equivalent finance role should work with employees to ensure that the required courses are completed, and a certificate of completion is included with the security request. Common roles and access levels requiring the completion of a training course include but are not limited to: purchasing/payment request roles, ARBI billing, cash receipts, and journal entry access.
Common PeopleSoft - Finance Roles
Common finance roles are listed below. Not all job duties will include every role listed.
| Role | Description | 
|---|---|
| ePro Req-Receiving User | Campus eProcurement (non-catalog requests/Show me Shop purchases) | 
| ePro-H Req-Receiving User | Hospital/CMED eProcurement (same as above plus item master) | 
| APPO-End User-Payment Request | Creation of Payment Requests and ability to update unapproved vouchers | 
| ARBI-End User | Creation of customer invoices | 
| UPG_RPTQUERY | Run queries in FSPRD, create/edit/run queries in FSRPT. Requires overnight processing to run queries in FSRPT. | 
| CCM Change User | Add budget to clear/prevent BCM errors on non-grant funds | 
Common Dynamic PeopleSoft Finance Roles include the following:
| Role | Description | 
|---|---|
| EPEX-Expense-Manager | Allows fiscal approvers, project managers, supervisors or approver delegates access to T&E approval pages | 
| APPO-Voucher Approval | Allows fiscal approvers, project managers, or approver delegates access to voucher approval pages | 
| EPRO_APPROVER | Allows fiscal approvers, project managers, or approver delegates access to eProcurement approval pages | 
| GM-PI | Eligible PI (often added automatically for academic job titles) or dean/chair/fiscal approver on grant proposals | 
| GM-Electronic EVR | Granted for unapproved Effort Verification Reports | 
Journal Entry Access
Journal entry creation occurs by three different methods, including Web Applications Journal Entry, PeopleSoft 鈥 Finance Panel Journals, and PeopleSoft 鈥 Finance Journal Entry Upload. Access to each is a separate request and has different considerations for granting access. Only the minimum level of access necessary for the position should be granted. The recommended access for each is listed below.
- Web Applications Journal Entry
- There are 5 security levels within Web Applications and will meet the needs of most entry users. See .
- Level 5 - limits users to entry of correction entries and internal service entries only.
- This is typically granted to department fiscal staff and/or recharge centers.
 
- Level 4 - has the same entry as level 5 with the addition of payroll correction entries. 
- This level is typically granted to business and department managers or directors.
 
- Level 3 - has the same entry as level 4 with the addition of transfer journals and new journal creates.
- At the discretion of each campus finance office, this level can be granted to department fiscal staff, business and department managers or directors as appropriate for the need and knowledge necessary for creating such transactions.
 
- Level 2 - is designated for core Sponsored Programs Offices only.
- Level 1 - is designated for UM System and central Campus Accounting Offices.
 
 
- Level 5 - limits users to entry of correction entries and internal service entries only.
- PeopleSoft - Finance Panel Journals
- Should be limited to central finance offices only
 
- PeopleSoft - Finance Journal Entry Upload
- Must be limited to employees who require access for the processing journal entries with a large number of lines. It is at the discretion of each campus finance office on the access granted for journal entry uploads. However, careful consideration must be given to the need of the unit and knowledge necessary for creating the entries for whether access should be granted for uploads.
Budget
Campus budget offices review access on an as needed basis which aligns with the budget season. Budget entry occurs through Workday Planning during the formal budget process and through PeopleSoft for adjustments during the fiscal year. For grants, budget is added in PeopleSoft. Aside from determining the software the employee will need for the security role, there must also be a role (in PeopleSoft) or security access level (Workday) assigned to define the level within the campus for which the employee can add budget. Careful consideration should be given for these roles and levels in each system as the budget journals impact budget to actual reporting provided to leadership.
Security Reviews
Each month, the UM System Controller's Office runs reports for PeopleSoft- Finance and Web Application access and disseminates the reports to the campus central finance office. It is the responsibility of the central finance offices, which may include University Shared Services, to provide the reports to departments for their review. Departments are to review the reports for the employees within their department to determine if the access granted is appropriate and that all applicable policies are being followed, including but not limited to, University Policy 21301 - Internal Controls and 21302 - Segregation of Duties.
During the monthly review, access areas of high risk should be reviewed with more scrutiny than low risk access areas. Roles that authorize the expenditure of funds and central campus finance roles are the areas of highest risk. High risk areas include roles and levels that grant the ability to create new transactions while low risk areas are view only roles. Dynamic roles generally do not require review.
Central campus offices should review security of finance users and journal entry level security on a quarterly basis. This review should include considerations for compliance with policies on internal control and segregation of duties. Journal entry level reviews should take into consideration the expertise and need at the department level for making entries.
Employees that moved between departments or have changed roles should be reviewed for necessary changes to their security roles and levels that are appropriate for the new department and role. Information may be pulled from PeopleSoft-HR to determine which employees have had a change in their job role to aid in the review.
Changes to an employee's security can be requested using the methods listed in this procedure. Security is automatically removed after an employee terminates. However, the monthly security reviews should also include employees who have terminated in case of timing delays between HR processing and updates in the applicable finance system.
In addition to the monthly reports listed above. The authorization to department approvers and viewers within Web Applications must be reviewed on a regular basis. This is part of the FIN Authorization application, which allows users to view transactions and related attachments based on the deptID or deptnode in which authorization is granted.
Reviewed 2025-03-04