UBIS Data Warehouse Access Process

Figure 1 (below) illustrates the general process flow for Data Warehouse Data Access Requests. Each process step is annotated with a reference number at the top of the figure. Corresponding detail, with process step reference number, is included in the body of this document.

Figure 1

DataAccessRequestProcess

Process Description

Work Instructions

(1.10)
The UConn Data Governance Council provides leadership, vision and ensures that important data assets are formally and consistently managed throughout the University in alignment with the University of Connecticut data access and acceptable usage policies.
(1.20) 
It is the responsibility of the UConn Data Governance Council to see that University access to data assets are managed in alignment with the requirements of the UConn Data Governance Policies and Guidelines as well as prevailing regulations related to privacy and University business confidentiality.  Data Stewards operate in functional areas and are intimately aware of acceptable data usage within their operational domain.
(1.30)
The customer initiates a request by submitting a completed and approved Data Access Request form to the ServiceIT system for processing. https://serviceit.uconn.edu. The customer (end-user) must fill out a Data Warehouse Request Form.  The form is available from the UConn Data Warehouse website at http://datawarehouse.uconn.edu.The Data Access Request form must include appropriate approval[1] from a Director, Department Head or Dean of the requestor’s organizational unit. 

The customer (end-user) initiates a request by creating a ServiceIT request ticket and then attaching a scanned image of the signed Data Access Request form to the request.

 

Process Description

Work Instructions

(1.40)
The request is routed to the Data Warehouse Services team and is assigned to a team member. Upon receiving the scanned image of the Data Access Request form from , a request ticket is initiated with the designated Data Access Request template. The template pre-fills default information for the request including: standard summary line, working instructions in the description field, category (‘Problem Area’), Status, Priority, Severity,  Ticket Type, Root Cause and Group. The Requestor’s name is entered in the ‘Affected User Field’. The scanned image of the signed request form is uploaded to the request ticket as an attachment. 
(1.50)
The Data Access Request is routed to appropriate data steward(s) for business justification review and approval consideration. The Reporting Services agent determines which data steward(s) are required to authorize access for a given request. The Reporting Services agent will assign the ticket to the appropriate data steward(s), prompting for review and authorization/modification/denial of the request. Additionally, a manual notification email is sent  to the data stewards outside of the Footprints/ServiceIT system.   The ticket is not transferred. Ownership of the request is retained by the Reporting Services group. Status and aging of open tickets is managed via ServiceIT reports and queries on the system.
(1.60)
The Data Access Request is advanced to appropriate Data Steward(s)[2] to be evaluated for business justification. This may include external processes (e.g. Student Administration data compliance statement) required to be completed prior to approval for requested data access Data Stewards receive notification of a pending data access request via email. The email message includes an embedded URL that is directly linked to the request ticket containing the attached scanned image of the signed data access request form. The scanned image of the request form may be opened from the ticket by the steward.

 

 

Process Description

Work Instructions

(1.65)
The Data Access Request is evaluated by the Data Steward(s) for business justification. The Data Steward(s) may approve or deny access to data based on business justification. (e.g. access  to data may be denied if the requestor is asking for access to data outside of their operational unit without sufficient business justification. Once Data Stewards evaluate business justification of the request, their approval / denial for data access is recorded in the request ticket.
(1.67)
Add approval and/or any Data Steward comments to the request ticket. Add ‘Log Comment’ record to the ticket using the word ‘Approved’ and the data source name in the record. Data Access Requests may include multiple data sources. There may be scenarios where access to one data source is denied and access to another data source is approved. 
(1.69)
If the access to an individual data source is not approved by all relevant Data Stewards, a Data Steward ensures that the Customer is informed that the request for data access has been denied.  Data Access Requests may include multiple data sources. (e.g. access to financial data requires approvals from Finance and Human Resources Data Stewards – other data sources may only need approval from a single Data Steward) It is the responsibility of the Data Steward to ensure that the customer (end-user) is informed that their request for access has been denied. The Data Steward must inform the requestor of the access request denial by an appropriate communication method. All changes to the disposition of the request must be recorded in the ticket. The access request denial must be recorded in the request ticket as a ‘Log Comment’ record added to the ticket. The word ‘Denied’ should appear in the comment log. If there are multiple data sources being requested, the data source name must also be indicated in the comment log.
(1.70)
Multiple data stewards’ approval may be required for one data access; and or multiple data stewards’ approvals may be requested because access have been requested of multiple data sources.  Must wait until approval and or denials have been received from all notified data source stewards. It is the Administrative responsibility to ensure all relevant multiple or single data steward approvals have been received before enabling access to any data sources.
(1.80)
If the Data Access Request is approved by all relevant Data Stewards, the Reporting Services Administrator enables customer (end-user) access to the requested data source. (e.g. access to financial data requires approvals from Finance and Human Resources Data Stewards – other data sources may only need approval from a single Data Steward). The Reporting Services Admin group manages all outstanding (active) Request tickets from a ServiceIT scoreboard query. Once the Reporting Services administrator receives approval from all solicited data stewards, access to the requested data is enabled.   Multiple data accesses will be enabled as approved. 

 

 

(1.90)
The customer (end-user) is informed the Data Access Request has been fulfilled. Update the “Problem Resolution” field. It is the responsibility of the Reporting Services administrator to inform the customer (end-user) that their request has been approved and enabled for specific data access having “activity log” approval records by adding a ‘Manual Notify’ activity record to the ticket creating a system generated  email message informing the requestor that their request for data access has been approved and enabled. The ‘Manual Notify’ activity is logged as a permanent activity in the ticket record.The Reporting Services administrator updates the ‘Problem Resolution’ field indicating that the request was approved and access to the requested data has been enabled. The word ‘Approved’ should appear in the ‘Problem Resolution’ field. When there are multiple data sources being requested, the data source name must additionally be indicated. 
(1.95)
Update the ‘Problem Resolution’ field indicating that access has been denied to the requested data. For all specific data accesses denied by Data Stewards, update the ‘Problem Resolution‘ field of the ticket indicating the specific data accesses  requests have been denied. The word ‘Denied’ should appear in the comment log. When there are multiple data sources being requested, the data source name must also be indicated.
(1.97)
Close the request ticket. The Reporting Services administrator closes the ticket as the last step to this process.

[1] Approval

  • May be in the form of ‘wet’ signature from the approver in the form or an email initiated from the account of the approver.
  • If ‘wet’ signature is on the request form, a scanned image of the form must be attached to the submitted email.
  • If the approval is in the form of an email, the request form and a copy of the approval email must accompany the Data Access Request form.

 

[2] Data Stewards are responsible for ensuring access and usage of data assets are managed in alignment with prevailing regulations related to privacy as well as University business confidentiality requirements.