GMAS security ensures appropriate access to secure information and allows users to perform functions applicable to their job. For example, it restricts the creation of accounts to users in central roles, and limits observer roles to view only access.
Security can be added through Standing teams and/or Administrative teams (also known as fund based access). Standing team security designates permissions by role and assigned by org or org/PI combination. Administrative team security is comprised of roles managed on a segment by segment basis.
Standing Team Security
Standing teams assign user permissions based on roles, orgs, and PIs. These permissions are managed by GMAS authorized requestors. Standing team owners can add and remove team members, and edit team assignments at any time.
Individuals on standing teams automatically get access based on the defined scope (a combination of role, org, and PI).
Permissions can be configured so individuals are automatically added to segment administrative teams (based on scope) at the time new segments are created. This configuration can be set for particular roles (such as Observer) or signatories (such as Sponsored Programs Approver) for specific orgs.
Who should request/apply security changes?
The GMAS Authorized Requestors who own the standing teams will determine who can request changes, and will make those changes when appropriate. A list of GMAS Authorized Requestors by tub can be found here: http://cs.fss.finance.harvard.edu/ar-lists
How do I see what Standing Teams someone is on?
A person’s standing teams are listed in their Person Profile under the Team section (as shown below). The owner of the team will be listed here as well. Clicking on the team name will redirect to a page where a list of all of the team members will show, as well as the owner and back-up owner for the team.
Administrative Team Security
Administrative team security is specific to a single segment. This is often times referred to as fund based access. Individuals can be added and removed from roles on that segment at any time. An individual does not need to be on a standing team in order to be added to an administrative team (they just need to be a GMAS user). Administrative team security does not carry from segment to segment (only standing team security does this).
Who should request/apply security changes?
GMAS Authorized Requestors, users in the Department Administrator role, and OSP, HMS SPA, or SPH SPA representatives will determine who can request changes, and can make those changes to the administrative team on a segment when appropriate.
How do I see who is on the administrative team?
While in a segment, click on the "Administrative team" link on the project snapshot.
How can someone be added to the administrative team?
Those in the “Department administrator” role, or any of the central roles can add individuals to an administrative team by doing the following:
- Navigate to the sponsored project.
- From the segment homepage, select “Administrative team” in the project snapshot (see example in the question “How do I see who is on the Administrative Team?” question above).
Select <Edit> from the “Project administrative team” screen.
- The button will be disabled if you do not have the appropriate security to manage administrative teams.
At the bottom of the “Edit project administrative team” screen, select <+Add another administrative team member> to add someone to the administrative team.
- If someone needs to be removed from the administrative team, find their role and name combination in the list and select the trash can icon to the right of their name to remove them.
- If a row was deleted incidentally, select <Cancel> from the bottom of the screen so that the changes are not saved.
In the new row created after selecting the button, use the drop-down menu to select the appropriate role the individual should play on the sponsored project.
- For a list of role definitions, visit the Authorized Requestor Job Aids page on the Client Services website and expand the “GMAS Job Aids” section. Open the “Department User Roles” document for the full list of department roles.
- Once the role is selected, look up the individuals name in the “Team member” field.
Once the role and person are identified, the <+Add another administrative team member> button can be selected to add more individuals, or the <Done> button at the bottom of the screen can be selected.
- Individuals added will be able to access the project once the data on the edit screen is saved.
How can I find all of the administrative teams a person is on?
Navigate to the person profile of the individual.
- Select “People” from the top navigation bar in GMAS and look-up the person's name. Select the correct profile name from the results.
From the persons profile, select <Portfolio> from the left menu options.
- The portfolio page gives a full listing of active and pending projects where the individual is on the administrative team.
- If you have navigated to your own portfolio page, you can reassign or end date any roles that you play on projects from here by selecting <Reassign project roles>.
For more information about GMAS security, visit the GMAS section of the Clients Services site. This site houses documentation on what Central and Department roles give users security to do in GMAS, end dating items in a portfolio, and much more.
If you have any additional questions about GMAS security, please email email@example.com or firstname.lastname@example.org.