Payroll Personnel Data Warehouse

Security/Access Restriction

Security for the Data Warehouse is similar to the access to the On-line EDB Inquiry at Office of the President (UCOP), both in how you gain access as well as the employee data you can access. Security on the Data Warehouse, like EDB Inquiry, has two parts - one identifies the group of employees or "who" that you can access while the second part (the Screen Group) identifies the data fields or "what" can be accessed.

First, the usercodes will be requested and established in the same manner as these other systems.  The applications must pass through the Security Committee at UC Davis.  If you already have access to EDB Inquiry or are requesting new access to both EDB Inquiry and the Data Warehouse, your access will be first established by the Office of the President staff in the Security Tables at UCOP.  These same Security Tables are copied and used to control your access to the Data Warehouse. If you do not have a usercode to access EDB Inquiry, a special Data Warehouse-only usercode will be created to mimic what your access would have been at Office of the President.

The Data Warehouse usercodes can see the same population (group of employees) as they would be allowed through EDB Inquiry.  The population or "who" that a usercode can see is controlled by the Home Department Code.  For example, a department-level usercode can access all their departmental personnel records while a dean's office usercode will be allowed to access all the employees' records within their division. Central administrative units have campus-wide access to all or portions of the population as their need and prior approval dictate.  If an employee is "split-funded" because they work for multiple departments, each department that currently is paying that employee will be able to see the employee's full personnel record (EDB tables) but will be limited to just the portion of the payroll compute (PAR tables), expense (ETH, EDW tables) and lien (CSE table) data that is funded by their department.

The original access to specific data fields was based on screen groups used by EDB Inquiry and EDB Entry/Update screens which grouped by screens (and data) by the types of data that was accessible on each screen. These old views have been replaced by a more straight-forward naming convention "TABLENAME_V" for most tables and "TABLENAME_V_FY_yyyy" for date-sensitive data such as payroll expenses. Please see Explanation of View Tables for more information on the naming convensions used for accessing the tables controlled by Security (CSE, EDB, EDW, ETH, PAR and STF).

The population or record access rules have not been changed with the new view names. Basically if your usercode has been given access to a department number 123456, you have access in the personnel reports to any employee who currently has that department number as a) their primary administrative department, b) their optional work or alternate department or c) has one or more pay distributions that are funded from accounts owned by that department number. The payroll expense records are also driven by department numbers however even if the employee has left the department they still have access to the expenses paid from the accounts associated with their department number.

Access to the data tables that do not contain employee-related information rather just contain code translations and general account information which do not have to be controlled, do not have the screen group prefix. For example when accessing the control table which contains the job title code translations (CTLTCI), all data warehouse users will use its original name "CTLTCI".

Send Comments to PPS Data Warehouse Support at: paysys-support@ucdavis.edu
Last Updated: June 20, 2006