Banner Security Review and Reauthorization FAQs

Frequently Asked Questions

What is Banner?

What is Banner Security Review and Reauthorization?

What is the Banner Security Review report?

Who is included in the Employee section of the report?

Who is included in the Other User section of the report?

What permissions are included in the Employee Section of the report?

What permissions are included in the Other User Section of the report?

Why are employees without Banner permissions listed on the report?

Why are terminated employees listed on the report?

What if the report lists an employee or user who has transferred jobs at the College?

What happens to Banner Security when an employee separates from the College?

What is a Home Department?

Why are some employees listed even though they do not report to me?

Why do Organizations not assigned to me appear in some employee permissions?

What is a Financial Manager?

What is an Organizational Hierarchy?

Why did my session timeout before I certified the report or marked the report as in process?

What is the difference between the ‘Hrml’ and ‘CSV’ options when downloading a report?

What factors might I consider when analyzing the report?

How do I ask questions about this information or report changes needed to this information?

What might the report look like?

What is Banner?

Banner is the College’s Enterprise Resource Planning (ERP) business management software. It is an integrated information system with modules to handle core functions. Modules include Student, Finance, Human Resources, Financial Aid, and General. The report includes Banner Security Classes which are used to grant object access to these modules. Object access generally refers to the pages, forms, and reports that a user has access to. This access may only be granted if it is required to perform responsibilities.

What is the Banner Security Review and Reauthorization?

Access to information in Banner is requested via the Banner Security Access Request which routes to the Supervisor and Module Owners for approval before being processed by Banner Security. Although access is approved at the time of processing, continued access must be reauthorized annually to ensure that it is still appropriate and necessary for the user to meet current responsibilities. Generally, the Module Owner Banner Review is performed after Spring Semester Rush before this Banner Security Review and Reauthorization is launched. This part of the process focuses on Budget Unit Leader review of their department(s). Responsible managers review detailed reports; submit appropriate changes; and reauthorize permissions by certifying their report.

What is the Banner Security Review report?

The Banner Security Review report is the report provided to Budget Unit Leaders to facilitate their validation of Banner permissions for departmental employees and other budget users so that we can comply with the annual reauthorization process. This information is presented in two sections on the report: Employee section and Other Users section. See also FAQ on Sample Report.

Who is included in the Employee section of the report?

Employees and non-employees assigned to a Home Department (Organization) on the Employee page (PEAEMPL) will be included on the report for the respective Organization Financial Manager. Budget Unit Leaders should not be final approvers for their own access, so they may also appear on the report of their next Higher Budget Unit Leader. Active employees who do not have Banner permissions will still be listed on the report for completeness, but there will not be any permissions listed below their names--this is for comparison purposes to counterparts to aid in the review. Users will be grouped by Home Department (Organization) if the Budget Unit Leader manages more than one Organization. Note that non-employees (e.g. temporary agency workers, volunteer, partner instructors, etc…) who are tracked in the Banner Non-Employee Group will also appear in this section.

Who is included in the Other User section of the report?

Users who are not in the Employee section but who have been granted access to the manager’ s Organization(s) will be included in this separate section at the end of the report. This section will not list all permissions that the user has, but it will indicate if they have read/write permission to Organization(s) that are assigned to the manager. This section may not appear if there are no Organization permissions assigned outside of the Employee section.

Note that there may be other users who have access via a predecessor summary Organization (e.g. the next higher level Budget Unit Leader) or from Master Organization access (e.g. District Administration).

What permissions are included in the Employee Section of the report?

Permissions that the report will pick up are included in the below table.

Permission Type Permission Permission Description General Permissions to Modules Banner Security Class:

Access required for using Banner Forms, Processes and Reports in a particular module.
Classes usually are designed for a particular module so multiple classes may be assigned to users depending on how many modules are required for their role.
Objects associated with a class can be found by searching for the class name in K:\Administration\Technology Systems & Resources\User Services\BANNER\SECURITY\Banner Security Objects by Class - All.xls when logged into the network.
Value is the cryptic class name followed by a comment describing the class usage, if any.

Finance Permissions to Modules/Features
Finance Self-Service Authorization:

Access required for viewing the Finance Menu in Self-Service Banner which includes Budget Queries, Budget Transfer, Approve Documents, etc…
Most finance users will have this permission since additional permissions are required to utilize items in the menu.
Value is ’Y’ (Yes) or ‘N’ (No).

Payroll Expense Detail Access:

Access required for viewing payroll charge detail for authorized budgets.
Usually limited to Budget Unit Leaders or their designees because this permission grants access to detail for all budgets that the individual can query.
Additional permission to orgns/funds for Budget Planner is required in order to use this permission.
Value is ’Y’ (Yes) or ‘N’ (No).

Budget Planner Authorization:

Access required for using Banner Planner module during Budget Development for authorized budgets. Budget Planner collects budget requests for annually appropriated funds such as General Fund, Auxiliary Funds, and Quasi-Auxiliary Funds. It is not used for Restricted Funds (Grants).
Additional permission to orgns/funds for Budget Planner is required in order to use this permission.
Value is ’Y’ (Yes) or ‘N’ (No).

Orgn Read/Write Permission:

Access required for regular business, such as monitoring budget or entering BCRs/requisitions.
Organization may be Leaf or Summary level; if Summary level, user will have access to all child Leaf and Summary Organizations.
Accompanying fund access is required.
Value is ‘Q’ (Query Authority), ‘P’ (Posting Authority) or ‘B’ (Query and Posting).

Orgn Budget Planner Permission:

Access required for using Budget Planner during Budget Development. Budget Planner collects budget requests for annually appropriated funds such as General Fund, Auxiliary Funds, and Quasi-Auxiliary Funds. It is not used for Restricted Funds (Grants).
Summary Organization level access is required in Budget Planner in order to perform an Organization Lock.
Accompanying fund access is required.
Value is ‘Q’ (Query Authority) or ‘B’ (Query and Posting).

Orgn Salary Planner Permission:

Access required for using Salary Planner during Budget Development. Salary Planner displays detailed employee and position labor information. This information is summarized and fed into Budget Planner during Budget Development for annually appropriated funds.
Permission is limited to Budget Unit Leaders and their designees.
Security evaluates the Organization attached to the Position Salary Budget which may differ from the employee’s labor distribution.
Accompanying fund access is required.
Value is ‘Q’ (Query) or ‘U’ (Update).

Finance Permissions to Funds Fund Read/Write Permission:

Access required for regular business, such as monitoring budget or entering BCRs/requisitions.
Accompanying organization access is required for operating budgets.
Value is ‘Q’ (Query Authority), ‘P’ (Posting Authority) or ‘B’ (Query and Posting).

Fund Budget Planner Permission:

Access required for using Budget Planner during Budget Development. Budget Planner collects budget requests for annually appropriated funds such as General Fund, Auxiliary Funds, and Quasi-Auxiliary Funds. It is not used for Restricted Funds (Grants).
Accompanying organization access is required for operating budgets.
Value is ‘Q’ (Query Authority) or ‘B’ (Query and Posting).

Fund Type Read/Write Permission:

Higher level access for regular business, such as monitoring budget or entering BCRs/requisitions for those users with greater responsibility.
Usually assigned to Budget Unit Leaders and their administrative staff who support multiple budgets.
Provides access to all Fund numbers within the Fund Type category.
1. An example of a fund category is Fund Type 20 which groups together all Restricted Funds; a user with this permission can access all Grants for authorized Organizations without each Fund being explicitly identified.
Accompanying organization access is required for operating budgets.
Specific Fund permissions override this setting.
Value is ‘Q’ (Query Authority), ‘P’ (Posting Authority) or ‘B’ (Query and Posting).

Fund Type Budget Planner Permission:

Higher level access for using Budget Planner during Budget Development for those users with greater responsibility. Budget Planner collects budget requests for annually appropriated funds such as General Fund, Auxiliary Funds, and Quasi-Auxiliary Funds. It is not used for Restricted Funds (Grants).
Usually assigned to Budget Unit Leaders and their administrative staff who support multiple budgets.
Provides access to all Fund numbers within the Fund Type.
1. An example of a fund category is Fund Type 11 which groups together all Unallocated Unrestricted Funds; a user with this permission can access General Fund and Quasi-Auxiliary Funds for authorized Organizations without each Fund being explicitly identified.
Accompanying organization access is required for operating budgets.
Specific Fund permissions override this setting.
Value is ‘Q’ (Query Authority) or ‘B’ (Query and Posting).

Other Finance Permissions: Master Fund Authority:

Access to all Fund numbers.
Usually reserved for district administration personnel or those responsible for central processing.
Value is ‘Q’ (Query Authority), ‘P’ (Posting Authority) or ‘B’ (Query and Posting).

Master Orgn Authority:

Access to all Organization codes.
Usually reserved for district administration personnel or those responsible for central processing.
Value is ‘Q’ (Query Authority), ‘P’ (Posting Authority) or ‘B’ (Query and Posting).

Budget Planner Master Fund:

Access to all Fund numbers in Budget Planner.
Reserved for district administration personnel.
Value is ‘Q’ (Query Authority) or ‘B’ (Query and Posting).

Budget Planner Master Orgn:

Access to all Organization codes in Budget Planner.
Reserved for district administration personnel.
Value is ‘Q’ (Query Authority) or ‘B’ (Query and Posting).

What permissions are included in the Other User Section of the report?

Authorizations to Organizations for Users other than departmental employees and non-employees will be included here:

Permission Type Permission Permission Description Finance Permissions to Organizations
Orgn Read/Write Permission:

Access required for regular business, such as monitoring budget or entering BCRs/requisitions.
Organization may be Leaf or Summary level; if Summary level, user will have access to all child Leaf and Summary Organizations.
Accompanying fund access is required.
Value is ‘Q’ (Query Authority), ‘P’ (Posting Authority) or ‘B’ (Query and Posting).

Orgn Budget Planner Permission:

Access required for using Budget Planner during Budget Development. Budget Planner collects budget requests for annually appropriated funds such as General Fund, Auxiliary Funds, and Quasi-Auxiliary Funds. It is not used for Restricted Funds (Grants).
Summary Organization level access is required in Budget Planner in order to perform an Organization Lock.
Accompanying fund access is required.
Value is ‘Q’ (Query Authority) or ‘B’ (Query and Posting).

Orgn Salary Planner Permission:

Access required for using Salary Planner during Budget Development. Salary Planner displays detailed employee and position labor information. This information is summarized and fed into Budget Planner during Budget Development for annually appropriated funds.
Permission is limited to Budget Unit Leaders and their designees.
Security evaluates the Organization attached to the Position Salary Budget which may differ from the employee’s labor distribution.
Accompanying fund access is required.
Value is ‘Q’ (Query) or ‘U’ (Update).

Why are employees without Banner permissions listed on the report?

Active employees and trackable non-employees without Banner permissions will be listed in the report to assist reviewers in analyzing differences between users who may have similar roles or responsibilities. Generally, users in similar roles should have similar privileges.

Why are terminated employees listed on the report?

Employees will appear on the report if the status of their Employee record in Banner Human Resources is set to Active (‘A’). If the individual was recently separated, their status may not yet have been changed pending final payouts. If an employee has transferred to another area in the College, their status will still be Active, but their permissions may need to be updated if no longer appropriate. If the employee is no longer working for the College, please be sure that the separation has been reported to Human Resources so that they can update records accordingly (this will also unencumber the budget, if needed).

What if the report lists an employee or user who has transferred jobs at the College?

If an employee has transferred jobs outside of the assigned Organization but is still associated with their old Home Department (Organization), then manager can contact Human Resources to initiate an update to the Home Department (Organization). Please be sure to still review that user's permissions and remove any unnecessary authorizations related to their previous job, including security classes and budgetary access. If other users have Organization access that is no longer necessary, then the manager should report this change so that access can be removed.

What happens to Banner Security when an employee separates from the College?

The College developed a user separation workflow to update and/or remove various permissions when an employee or trackable non-employee separates from the College. This process identifies separation from changes made to the Last Work Date and/or Status fields in the Employee record in Human Resources. In some cases, this process can be manually started when changes in Banner will be delayed. This process does not pick up transfers or terminations where the employee retains another job at the College (e.g. separated from full-time job but keeps secondary adjunct assignment). These situations require manual update to remove permissions so should be reported by the manager.

What is a Home Department?

The Employee record in Human Resources for each employee records one Home Department for the individual, regardless of the number of job assignments that the employee may have. Generally, the Home Department is the same as the Organization code in the labor distribution from their primary job. In cases where a labor distribution is split between Organizations, the Organization with the highest percentage is used as the Home Department Requests to update Home Departments can be submitted to Human Resources. Non-employees tracked in Banner will also be assigned to a Home Department. The Home Department is the Organization referenced when assigning users to Banner Security Review reports.

Why are some employees listed even though they do not report to me?

Only Budget Unit Leaders will receive reports, so subordinate supervisors who are not Budget Unit Leaders and their staff may appear on Budget Unit Leader's report. In these cases, the Budget Unit Leader should share relevant report information with the subordinate supervisors. Budget Unit Leaders should not have final approval for their own security, so their information may also appear on the report of the next higher level Budget Unit Leader. Also see the FAQs on terminations and transfers.

Why do Organizations not assigned to me appear in some employee permissions?

The employee section will list all Organization permissions even if the Organization is owned by another Budget Unit Leader (the other Budget Unit Leader is shown in brackets after the Organization Title.) These permissions are included so that they can be reviewed for continued appropriateness and removed if no longer necessary. In these cases, the permissions will also appear in the Other User section of the other Budget Unit Leader’s report.

What is a Financial Manager?

The terms Financial Manager and Budget Unit Leader are frequently used interchangeably. The Budget Manual, which can be referenced for more information, defines the Budget Unit Leader as having the “primary responsibility for the development, administration, and maintenance of assigned organizational budgets within approved funding levels, regardless of funding source.” The Banner Security Review report is available to Budget Unit Leaders who are recorded as Financial Managers of Organizations in Banner. While both Funds and Organizations have Financial Managers, these might not be the same person for a given budget. Fund Financial Managers are often subordinates of Organization Financial Managers. Organization Financial Managers who receive the Banner Security Review should share relevant information with their Fund Financial Managers.

What is an Organizational Hierarchy?

This is the hierarchical structure of Organization codes in Banner. The Organizational hierarchy has eight levels which include seven levels of Summary codes and one bottom level Leaf code. The Summary codes are used for reporting purposes while the Leaf level is where budget activity occurs (i.e. budget, expenses, and encumbrances). The Leaf level Organization will roll-up to Summary level Organizations representing increasing levels of management. For example:

Level 1 Summary: College-Wide

Level 2 Summary: EVP/Division

Level 3 Summary: EVP/Major Operating Unit

Level 4 Summary: Vice President

Level 5 Summary: Executive Director/Dean

Level 6 Summary: Director/Associate Dean or Departmental use

Level 7 Summary: Departmental use

Level 8 Leaf: Department

A current Organizational Hierarchy can be found by clicking here. The highlighted rows are the level 4 Organizations (generally, Vice President Level).

Why did my session timeout before I certified the report or marked the report as in process?

The session will time out after thirty (30) minutes of inactivity for security reasons. It may be a good idea to Print or Export the report for analysis, then mark the report as In Process so you can log back in later to certify the report. Marking as in process is helpful to minimize follow-up requests to the Budget Unit Leader to begin the review.

What is the difference between the ‘Hrml’ and ‘CSV’ options for downloading a report?

Use the ‘Html’ option to review the formatted report in your brower and optionally print the report or save as a pdf (Ctrl-P) while keeping the formatting for easier viewing. Use the ‘CSV’ option to extract report information in csv format to manipulate the information in Excel for further analysis; however, report formatting will be lost.

What factors might I consider when analyzing the report?

Granted permissions must be both appropriate for the employee/user role and necessary in order for the employee/user to perform their job responsibilities. Please consider if the permission meets these criteria. Generally, employees in similar roles will have similar permissions; variances should be reviewed for appropriateness and necessity. Especially consider job transfers because residual permissions from prior positions may have not been properly removed and can inappropriately accumulate. Residual permissions should be reported for removal.

How do I ask questions about this information or report changes needed to this information?

Please click here to submit a question about this information or process. Changes during the Banner Security Review should be submitted through the Banner Security Review application so that participation in the reviewing activity is recorded. Changes outside of the annual review process can be requested by clicking here to submit through the regular Banner Security process (requests will route to Banner Security after the module owner has approved.)

What might the report look like?

Below is a sample report for a test account S01074217 Leo Kottke:

Leo’s Home Department is Organization 2T9999 which he is assigned to as Financial Manager. Therefore, he will also appear on the report generated for the next higher level Financial Manager (who typically would be his manager).
Leo has the typical Finance permissions that a Budget Unit Leader would have (Finance Self-Service, Payroll Expense Detail, Budget Planner w/Salary Planner), but only the Banner Security Class for Requisitioner, not Approver. Should he have permissions to approve financial transactions? Normally yes, but Leo should check with this manager and request changes, if appropriate.
Leo has Query and Posting privileges to his Organization 2T9999, but he also has Posting privilege to another Organization 2H3200 which another Financial Manager manages. Is this appropriate?
The Financial Manager for the other orgn is not Leo, so the name of the Financial Manager for this Organization will appear in brackets next to the Organization Title. Leo enters catering orders that are charged to this Organization for a joint project so this is found to be okay; he does not have Query since he should not have budget monitoring ability for this budget. Leo’s access to this orgn will also appear on the other Financial Manager’s report.
Instead of Fund specific access, Leo has been granted Fund Types 11/20 which means that he will have access to budgets such as General Fund, Quasi-Auxiliaries, and Grants without each fund being explicitly approved and added to his profile. This is appropriate for Leo since he is a Budget Unit Leader responsible for all the budgets rolling to his Organization. If he was a support staff member only working with one Grant rolling to his Organization, it might be more appropriate for him to have access to just that specific Fund (and Organization).
Leo will appear on the report generated for the other Financial Manager in the bottom section entitled ‘Other User section':

This Financial Manager should ensure that this access is appropriate; if not, changes should be submitted. Access could be Query, Posting, or both Query and Posting.
Since Leo only needs to order and should not have access to view budget, Posting is appropriate.