Login to the Systems as Sysadmin
Select System administrator responsibility
On the System administrator menu Security -> User -> Define
Password : Provide a password; the user will have to change the same on the initial login, unless the DBA has set otherwise.
Person : This field refers to the HR user that is created for the Employee. We shall take this up in a later session.
Password Expiration : Can be used as a security requirement. Can be controlled based on the number of access or on the number of days,
Effective date : Any date this user should be active from
Note : a USER once created cannot be deleted, it is only possible to end date the User.
Direct Responsibility : PAM General Ledger Super User
Effective date : Any date this responsibility should be available for the user.
Note : A Responsibility once assigned cannot be deleted, it is possible to end date the responsibility assignment. If the responsibility is end dated then the access is unavailable even if the responsibility is not end dated at the user end.
- As an effective control it should be practiced to end date all the responsibility at the end of the Financial Year. So this will force a revaluation of the responsibility provided.
- Temporary responsibility assignments should be end dated with a shorter duration so that a revaluation/deactivation happens even if the track is not maintained.
- Temporary Users like contract users should have an end date equivalent to the contract expiry date, so that the compliance is maintained.