Access to information in Ohio SACWIS is carefully controlled by the user ID, user groups, and security profiles. A regular review of SACWIS user access and security roles is required by each agency.
Each user, or worker, an InfoSec ID, which allows the worker to log in to the system. As a State security administrator, you assign this ID and associate it with the worker's employee record(s) in Ohio SACWIS. You also indicate the date from which access allowed. (See Assign an InfoSec ID.) While this ID provides initial access to the system, a worker cannot do anything in the system until he or she has been assigned at least one user group.
User groups are assigned to workers in order to give them access to
specific functions in Ohio SACWIS. User groups consist of security profiles,
which define the type of access allowed within a business process, that
is, a particular system function. For example, an intake screener is assigned
a user group that let's him or her record intakes in Ohio SACWIS but not
access case records.
In addition, the user groups determine what tabs and screens a user sees
in Ohio SACWIS. So information one user sees in the system may be different
from what his or her coworkers see, because different workers are assigned
different user groups.
After an InfoSec ID has been assigned, you select the user groups to assign to the worker, based on the worker's job duties. User groups are associated with the worker's name, ID, and agency. Therefore, if a worker works for more than one agency, his or her access may be different for each agency. (See Assign a user group to a worker.)
Each agency (PCSA, PCPA, and PNA) identifies a number of user groups, which categorize types of workers according to the work they do in the system. In addition, there may be State-level or State-exclusive user groups. As a State security administrator, you can update these user groups for State and agency use. As an agency security administrator, you update the user groups defined by your own agency. You can refer to the Knowledge Base article, Admin_Security Matrix to see each user group and the user group description; and/or see Record a user group.)
The user group consist of one or more security profiles. A security profile defines the tabs and screens to which access is allowed. Security profiles may be established for State or agency use. Security profiles are established first, then selected on the user group record. (See Update security profiles for business processes.)
A regular review of SACWIS user access and security roles is required by each agency. To assist in the review of SACWIS user accounts and security roles, two online reports exist in SACWIS detailing this information. The reports are the SACWIS User Report, and the SACWIS Employee User Group Report. Agencies should ensure all users identified on the reports are current/active employees and have the appropriate security profile. (See the Knowledge Base Video: JFS SACWIS User Reconciliation.) The IV-E Juvenile courts should ensure the PCSA user access to their profiles are terminated during this user reconciliation. If the IV-E Court maintains an ongoing contract with the PCSA staff to complete a business function, then a new JFS7078 Code of Responsibility needs to be filled out for the PCSA employee and signed by the IV-E Court agency. The new JFS7078 should be sent to SACWIS_Access@jfs.ohio.gov (do not send the request to INFOSEC).