Banner Fine-Grained Access Audit (GZRFGAA)

Many Banner classes and roles contain access to privileged information, such as SSN. Our Banner access request forms require persons who apply for access to such classes to also request access to a Banner "business profile" which corresponds to the privileged information. For example, many Financial Aid forms display a SSN, so most of their Banner classes require persons to also request the SSN_ACCESS business profile.

Current practice is to deny requests for such classes and roles when no access has been granted to the corresponding business profile. However, before we used business profiles, this access was granted. GZRFGAA was created to assist UTS with auditing this access, reporting which persons have been granted access to a given Banner class or role without the corresponding business profile.

Dependencies

To run GZRFGAA, you need:

  • access to Banner, and
  • access to the Banner class BAN_UTS_SECURITY_C.

Instructions

GZRFGAA can be started from within Banner forms, or it can be run from a UNIX command prompt.

To run from within Banner forms, GZRFGAA is started like any other Banner job. Enter the parameters (name of class/role and business profile) and submit the job using normal procedures. If the job output was submitted to the database, use GJIREVO to review the output.

To run from a UNIX command prompt, sign on to the database server. At the command prompt, type "gzrfgaa.shl" (without the quotes). You will be prompted for your Banner password, the output disposition, and the parameters (name of class/role and business profile). The output will be displayed on your terminal, and will also be sent to the printer you specify, if any.

Anthony Becker 1/29/2008