Ad Hoc Runtime Security Report

Tool Search: Ad Hoc Runtime Security

The Ad Hoc Runtime Security Report identifies filters which are assigned to users and/or user groups in which the user or group does not have proper tool rights for accessing information (fields) contained within the filter.

This issue is most commonly created when a user with proper tool rights creates a filter and assigns it to a group that does not have proper tool rights to view all the fields contained within the filter (or rights were later removed from the group). This issue can also occur when a user has created a filter and later has tool rights removed from them which correlate to fields contained within the previously created filter. See the Understanding Report Results section for more information.

Screenshot of the Ad Hoc Runtime Security Report editor.Ad Hoc Runtime Security Report Editor

Generating the Ad Hoc Runtime Security Report

  1. Select the Filter Type
  2. Select a Sort By option.
  3. Select the Format
  4. The Refresh, Show Top and corresponding date fields are used for defining which previously or currently generated reports appear in the Batch Queue List. The Show Top dropdown list will display the amount of tasks selected between the dates entered in the two date fields. 
  5. Select the Generate Report button to generate the report in a separate window.
  6. Select the Submit to Batch button to send the extract to the Batch Queue List. Batch Queue functionality provides the ability to schedule when the extract is generated and what priority is given to the extract among other queued reports. This option is useful for scheduling reports to build in off-peak hours or in sequence with other reports being generated within the system.
  7. If the Submit to Batch button was selected, the report will appear within the Batch Queue List. Once the report has been generated, the Status will report as Completed and the report can be accessed by selecting the Get the Report hyperlink appearing in the Download column. Completed batch reports will also display a notification in the Process Alerts (formerly Process Inbox), providing a link to the report.

Understanding Report Results

The Ad Hoc Runtime Security Report was designed to indicate all users who are assigned a filter containing data they do not have proper rights to, as well indicate what right(s) are needed in order to resolve this issue. Oftentimes, a single field within a filter or a person in the wrong group will trigger many results. By removing the field or the person from the group, the amount of filter issues go down significantly.

Social Security Number fields are not taken into account when determining Ad hoc security compliance as they are controlled independently through SSN tool rights. Users who run filters containing SSN fields without proper SSN tool rights will receive an SSN value of NO ACCESS.

Screenshot of the report in HTML formatExample of Report Results

In the example above (Image 2), the same user (rmperez) is reported as not having rights to many of the filters assigned to the group (Census). This indicates one of the following actions should be performed:

  • Rmperez should be removed from the group (Census).
  • Have the Filters causing tool right issues removed from the group.
  • Rmperez should be given tool rights to one of the areas listed in Right 1, Right 2 or Right 3 for each filter. 

Sometimes, a tool within Campus can exist in multiple areas. For this reason, the filter with a security issue can be resolved by granting one of a number of tool rights. The Right 1, Right 2 and Right 3 columns indicate what tool right must be given to the user in order for the filter to work correctly. A user can be given any one of the three tool rights listed, they are not dependent upon one another. As long as the user receives one of the tool rights listed in the three Right columns, the filter will work.

Screenshot of the report with an incorrect field in a group Example of Incorrect Field in a Group

In the example above (Image 3), a single Group is producing a large number of results due to a single field within the Orange Team filter. By removing the Fees field from the filter or providing the Group with proper tool rights to this area, a large number of issues can be resolved by a single action.

Ad Hoc Runtime Security Report Fields

Column

Description

Group

The user group containing the filter (listed in the Filter column) in which it does not have proper tool rights in order to access field(s) contained within the filter. In order to resolve this issue (for all users within the group), the group needs to be given tool rights to one of the tools listed in the Right 1, Right 2 or Right 3 columns or the fields listed need to be removed from the filter.
 
If the report is run for a Filter Type of All, individual filter issues will be listed first and the Group column will appear blank as their issue is not group-related. If the report is run for a Filter Type of user, the Group column will report blank as individual filter issues are not tied to a specific group.

User

The username of the user identified as being assigned a filter they do not have rights to view/generate. The username is provided as a means of better identifying the user within Campus for cleanup.

Last Name

The last name of the user identified as being assigned a filter they do not have rights to view/generate.

First Name

The first name of the user identified as being assigned a filter they do not have rights to view/generate.

Filter

The filter assigned to the user that contains a field(s) the user does not have rights to view/generate.

Right 1

The tool right the user needs in order to use the identified Filter. If a group or user should not be given rights to view this information (or any tool right identified in Right 2 or Right 3), the field associated with this tool right needs to be removed from the filter in order for the user to be able to generate/use the filter.

Right 2

Another tool right the user (or group) could be assigned in order to use the identified Filter. This tool right is not a required addition to Right 1. If Right 1 should not be given to the user/group, this is an additional tool right that could be given in order to have the filter properly generate/run. If a group or user should not be given rights to view this information (or any tool right identified in Right 1 or Right 3), the field associated with this tool right needs to be removed from the filter in order for the user to be able to generate/use the filter. This field will report blank if no additional tool right (outside of Right 1) will provide access to the blocked information.
 
For example, in Image 2, a user could be given tool rights to Census > People > District Employment (Right 1) OR Census > People > District Assignment (Right 2) in order to properly generate the filter (Clerk Gate list).

Right 3

Another tool right the user (or group) could be assigned in order to use the identified Filter. This tool right is not a required addition to Right 1 or Right 2. If Right 1 or Right 2 should not be given to the user/group, this is an additional tool right that could be given in order to have the filter properly generate/run. If a group or user should not be given rights to view this information (or any tool right identified in Right 1 or Right 2), the field associated with this tool right needs to be removed from the filter in order for the user to be able to generate/use the filter. This field will report blank if no additional tool right (outside of Right 1 or Right 2) will provide access to the blocked information.