Skip to main content

Facilities and
Campus Services

Facilities Inventory System Security

07/10/2015 jcc

Access is created by assigning NetIDs to Kuali Financial System, KFS, orgs. 

For example, 

We grant all users access to the following systems:

  • Production: All users are given access to the production facilities inventory system at https://facilitiesinventory.cornell.edu.
  • Training: All users are also given access to the training facilities inventory system at https://.  This system is used during training workshops and for practicing complex changes before 
  • university floor plans:
  • Oracle Analytics: 

Access to the transactional system (current year and historical years) and reports is based the org presence start date.

The Facilities Inventory data snapshot from the previous day establishes the current org presence in the room, and interprets that into user privileges.  This is applied to data in the current fiscal year as well as historical look ups.

Org presence in a single room allows access to all the rooms in a building, with write privileges to rooms with that org presence and read access to the rest.

End dating an org presence in a room changes the privileges for that room:

·         If this is the only room in the building with your org presence, and that org presence is end dated you will no longer have access to rooms in this building

·         If you continue to have org presence in other rooms in the building, these rooms will still be accessible to you, but the end dated presence will become read only as of the next day after the end date.

Categories of security:

  • FIG – Facilities Information Group (Application Managers) – Highest level of access in the system with full editing capabilities for all aspects of the facilities inventory data.
  • Organization Administrators - the name ‘Org Admin’ is based on the legacy concept of an ‘org’. In the legacy system, ‘orgs’ are the highest level and are colleges or administrative units (e.g. Vet College, OHR, etc). The KFS equivalents are the C type college/division orgs. Org admins have the following access:
    • Editing capabilities for rooms assigned to departments and sections that fall under their domain. A domain will typically be one or more colleges or divisions
    • Ability to add any department/section, even if not in their domain, to a room where they have an existing department/section presence within their domain
    • Ability to change an existing department/section presence within their domain to any department/section, even if not in their domain
    • Read-only capability for all rooms and departments/sections in facilities in which they have a presence within their domain
    • Read-only capability for complexes which contain facilities in which they have a presence within their domain
    • Editing capabilities for complexes which they own (based on the "Complex Ownership" field);

o   They will have read-only access to facility detail, but have access to the link “show all rooms in a facility” this returns the room search results page.

Note that not all org admins are issued COGs access. See “COG Read-Only” details below.

  • Department users – the name ‘Department user’ is based on the legacy concept of a ‘department’, which was the only level below the legacy org admin. In KFS, these users can be assigned security to departments, sections, or subsections (D or S types). A Department User’s domain will be all orgs that roll up to the department or section they are assigned. Their access will be as follows:
    • Editing capabilities for rooms with department/section (D and S types) presences that fall under their domain;
    • Ability to change an existing department/section presence within their domain to another department/section within their domain.
    • Read-only capability for all rooms and departments/sections in facilities in which they have a presence within their domain.
    • The facilities above will include complexes that contain buildings with rooms where their departments/sections have a presence.
      • They will see the complete list of members in the complex.
      • They will have read-only access to facility detail, but have access to the link “show all rooms in a facility” this returns the room search results page.
      • For rooms displayed on the rooms search results page, they have editing capabilities for rooms with department/section (D and S types) presences that fall under their domain, and read-only access to all other rooms and departments.  (This is the same access they have for all facilities, room, department/sections in their domain.)
  • Read-only ALL – provides view, but not edit, access to all rooms in all facilities.  This access is for staff who work for central university services such as Facilities and Campus Services or Cornell Information Technologies.
  • COG Read-Only - Users assigned to this group have read only access to buildings occupied by the C level orgs that are members of the College Officers Group (COG).  COG members made an agreement (referred to as the Statler Accord) that stated it was desirable for the members to share read access to each other’s space.  In the future if the Statler Accord is modified to include other organizations, then security will be updated accordingly.  COG is ONLY issued to academic org admins that have their orgs represented at the College Officers Group meetings.