Skip to main content

Cornell University

Facilities and
Campus Services

Facilities Inventory: FIS Security

Last updated: April 28, 2022

Back to the Facilities Inventory Documentation
 

Access is created by assigning NetIDs to orgs.  Access to the transactional system (current year and historical years) and reports is based the org presence start date.

The Facilities Inventory data snapshot from the previous day establishes the current org presence in the room, and interprets that into user privileges.  This is applied to data in the current fiscal year as well as historical look ups.

Org presence in a single room allows access to all the rooms in a building, with write privileges to rooms with that org presence and read access to the rest.

End dating an org presence in a room changes the privileges for that room:
  • If this is the only room in the building with your org presence, and that org presence is end dated you will no longer have access to rooms in this building
  • If you continue to have org presence in other rooms in the building, these rooms will still be accessible to you, but the end dated presence will become read only as of the next day after the end date.
Categories of security:
  • FIG – Facilities Information Group (Application Managers) – Highest level of access in the system with full editing capabilities for all aspects of facilities inventory.
  • Organization Administrators - the name ‘Org Admin’ is based on the legacy concept of an ‘org’. In the legacy system, ‘orgs’ are the highest level and are colleges or administrative units (e.g. Vet College, OHR, etc). The KFS equivalents are the C type college/division orgs. Org admins will have the following access:
    • Editing capabilities for rooms with department/section (D and S types) presences that fall under their domain. A domain will typically be one or more C types: college or division.
    • Ability to add any department/section, even if not in their domain, to a room where they have an existing department/section presence within their domain.
    • Ability to change an existing department/section presence within their domain to any department/section, even if not in their domain.
    • Read-Only capability for all rooms and departments/sections in facilities in which they have a presence within their domain.
    • Read-Only capability for complexes that contain facilities in which they have a presence within their domain.
    • Editing capabilities for complexes that they own (based on Complex Ownership field).
    • They will have read only access to facility detail but have access to the link “show all rooms in a facility” this returns the room search results page.
    • Note that not all org admins are issued COGs access. See “COG Read-Only” details below.
  • Department users – the name ‘Department user’ is based on the legacy concept of a ‘department’, which was the only level below the legacy org admin. In KFS these users can be assigned security to departments, sections, or sub-sections (D or S types). A Department User’s domain will be all orgs that roll up to the department or section they are assigned. Their access will be as follows:
    • Editing capabilities for rooms with department/section (D and S types) presences that fall under their domain.
    • Ability to change an existing department/section presence within their domain to another department/section within their domain.
    • Read-Only capability for all rooms and departments/sections in facilities in which they have a presence within their domain.
    • The facilities above will include complexes that contain buildings with rooms where their departments/sections have a presence.
      • They will see the complete list of members in the complex.
      • They will have read only access to facility detail but have access to the link “show all rooms in a facility” this returns the room search results page.
      • For rooms displayed on the rooms search results page they have editing capabilities for rooms with department/section (D and S types) presences that fall under their domain and read only access to all other rooms and departments.  (This is the same access they have for all facilities, room, department/sections in their domain.)
  • Read-Only ALL – provides read-only access to all rooms in all facilities.  This access is only available for central university services.
  • COG Read-Only - Users assigned to this group have read only access to buildings occupied by the C level orgs that are members of the College Officers Group (COG).  COG members made an agreement (referred to as the Statler Accord) that stated it was desirable for the members to share read access to each other’s space.  In the future if the Statler Accord is modified to include other organizations then security will be updated accordingly.  COG is ONLY issued to academic org admins that have their orgs represented at the College Officers Group meetings.