HCM: HR-BAIRS Security

Introduction

HR-BAIRS is secured in several ways:

  • You must supply a userid and password to access BAIRS.
  • Your assignment to "subject areas" governs which reports (and underlying database views) you can access through BAIRS.
  • The OrgNode(s) on which you are allowed to report govern which rows in the database can appear in your reports.

See Obtaining HR-BAIRS Access.

For details about HR-BAIRS subject areas, please see HR-BAIRS Subject Areas.

For details about OrgNode security, see below. 

OrgNode Restricted Access (Row Security)

Because Human Resources data is of a sensitive nature, the HR-BAIRS security model is designed to protect the privacy of UC Berkeley's employees while allowing administrative staff access to the data they need to perform their jobs. Therefore, the OrgNode(s) you are allowed to report on are generally determined by your location within the Organizational Tree.

  • If you work in a department (e.g., English), you will usually be able to report only on your departmental OrgNode (HENGL) and its subsidiaries on the Organizational Tree.
  • If you work in the administrative office for a division, such as Letters and Science, you will probably be able to report on data for all the departments within L&S.
  • Employees in some units, such as the Central Offices, can report on all OrgNodes. Other units may have special access lists that allow them to see selected OrgNodes in discontiguous branches of the campus hierarchy.

Organization tree reports that list the OrgNode codes and their hierarchical relationship are available and are updated monthly.

Subject Area Plus OrgNode Security

The data warehouse "views" (analogous to database "tables") that make up the environment from which report data is drawn have different security models. This enables appropriate access of data, based on the OrgNode associated with a person's job record.  For example, in the Administer Workforce subject area, there are several categories of view-sets from which reports in this subject area are generated:

  • Job View -- Views of job data and its "child" tables (Compensation and Job Earnings Distribution data) are restricted based on the Org_Node associated with each row of Job data.
  • Distribution View -- Views of job data and its "child" tables (Compensation and Job Earnings Distribution data) are restricted based on the Org_Node(s) to which the Organization (Org_Code) in each of a Job row's Job Earnings Distribution child-row chartstrings roll up.
  • Employee View -- Views of job data and its "child" tables (Compensation and Job Earnings Distribution data) are restricted based on the Empl_ID (Employee ID) associated with each current or future-dated job whose OrgNode is among the set a user is allowed to report on.

Here's an example to illustrate the above:

PersonJob # (Empl_Rcd_No)Org Node on Job RowAt least one J.E.D. Chartstring Belongs To OrgNode
A. Smith 0 AAA AAA
      BBB
      CCC
       
  1 BBB BBB
       
  2 DDD EEE
      FFF
  • In reports based on the Job View (JB), HR-BAIRS users allowed to report on
    • OrgNode AAA can see Job#0
    • OrgNode BBB can see Job#1
    • OrgNode DDD can see Job#2
    • OrgNodes CCC, EEE, and FFF can't see any data for A. Smith in this view.
  • In reports based on the Distribution View (DN), HR-BAIRS users allowed to report on
    • OrgNode AAA can see Job#0
    • OrgNode BBB can see Job#0 and Job #1
    • OrgNode CCC can see Job #0
    • OrgNode EEE can see Job#2
    • OrgNode FFF can see Job#2
    • OrgNode DDD can't see any job data for A. Smith in this view (because DDD doesn't "pay" for any part of any of Smith's jobs)
  • In reports based on the Employee View (EE), HR-BAIRS users allowed to report on
    • OrgNode AAA, BBB, or DDD can see all data for A. Smith
    • OrgNode CCC, EEE, or FFF cannot see any data for A. Smith in this view.