OLIN OASIS Access Review

OLIN OASIS Instructions for Service Account

USF is in the process of migrating Banner/OASIS to a new Linux platform. Among the benefits is increased security for our databases. During this process all legacy access is being reviewed.

If your college, department or organization currently accesses PROD, PPRD, or PPRDUPG with a service or interface (generic) account to query and/or verify information for a separate system or application, you will be required to follow the steps outlined below to maintain the access.  

IN ORDER TO MAINTAIN ACCESS, YOU MUST SUBMIT THE REQUESTED INFORMATION BY AUGUST 19th.

IT-Security is available to assist you with this process. If at any time you have questions, please contact Kay Svendgard, kricca@usf.edu, and she would be happy to help.

______________________________________________________________________________

To continue to access Banner databases directly with a service/interface account, please follow the instructions below. In an effort to streamline this process, we ask that requests be submitted in batch if you have more than one service account being used in your area.  A spreadsheet template (Service Account Access Request service account access request) is attached for your use.

Please note, this process is NOT for new service accounts, only those accounts that currently exist within the Banner database.

Please send the completed spreadsheet template to: IT-Security@usf.edu with the subject “Request to retain oracle level access for Banner service account”.

  1. Receive approval for direct database access

List the following for each service account in need of access on the spreadsheet (each service account should have a separate row on the spreadsheet):

  1. “Owner” Name (person who will be responsible for the account)
  2. Telephone number
  3. Employee ID or USF ID
  4. Service Account being utilized
  5. The server name and IP address that houses the application that uses this account
  6. Ports that need to be opened on the Banner database server
  7. The reason for the access. (If a justification is not included in the request, it will not be processed.)
  8. The tables being accessed and/or the APIs or webservice(s) being used.
  1. Request an entry in the firewall be created to allow the application to access the database server

Once we have reviewed your request we may contact you to gather more information. When we have everything we need, IT-Security will submit a request to allow your server access to the database server via a set of rules added to the firewall.

NOTE: It is very important that IT-Security be notified if the application/system using the service account is no longer being used so that that account can be deleted and the firewall rules removed.

A final change to your current process –

In an effort to maintain an optimal performance level in the production database, IT has recently implemented real-time data replication for all Banner/OASIS databases. What this means is we now have a real-time copy of every Banner database that can be used for your reporting needs, therefore the name of the database you will be connecting to will change. To help you out, we have listed the name of the new Banner Read Only (RO) databases below, so be sure to configure your application/system to connect to correct instance as you will not have access to the servers that house the primary databases.

NOTE: If your service account makes changes or updates to the Banner/OASIS data then you will need to continue to connect to the primary database as you do today. Please be sure to acknowledge that in the spreadsheet.