UPB - Time Entry and Approval Routing Security Setup

Time Entry and Approval Routing Security Setup

Position definitions

There are three key unit roles involved in the time entry and approval routing security setup process:

Human Resources/Payroll Contact/Business Manager: Coordinates the approval routing security setup for a unit’s human resources and payroll functions

Superuser: Changes or approves all time transactions either in Employee Self-Service or PHATIME

Unit Security Contact (USC): Initiates security access requests and changes


This job aid contains the steps to initiate time entry and approval routing security.

  1. Initiate Time Entry Security and Setup
  2. Request Security Profiles in the Security Application
  3. Review and Modify Time Approval Routing Queue
  4. Situations to Avoid
  5. Initiate Time Entry Security and Setup

Initiate Time Entry Security and Setup

The time entry and security setup has several interrelated pieces. Each of these pieces should be coordinated between the USC and Administrative Information Technology Services (AITS).

New TS-Orgs

The TS-Org is used by the USC in the security profile requests. The individuals in your unit who are being assigned time entry and approval roles will also need security access to the TS-Org. If the unit chooses to create separate time approval routing queues by TS-Org, the unit should identify an unused Banner Org Code related to their department which can be assigned as a new TS-Org.

Adjustment Notification Application Security for the New TS-Org

If your unit decides to add a new TS-Org and time approval routing queue, your USC will need to request the appropriate security related to the Adjustment Notification Application (ANA) so that any ANA based transactions (e.g., overpayment adjustments, leave balance requests) for employees moved to the new TS-Org can be processed.

Your USC will submit a request to designate a Department Workflow Originator and a Department Workflow Approver for each new TS-Org through the Security Application.

PARIS Security for New TS-Org

Your USC will need to request the appropriate security related to PARIS. New PARIS users need to complete training before your USC can request the PARIS PUA security profile. More information can be found at the PARIS Resource page.

Request Security Profiles in the Security Application

Before a time entry routing queue is created, the USC submits the security requests for the time entry roles. If the individual is being granted Banner HR access for the first time, the USC must also request the appropriate organization and employee class (e-class) access. The USC submits these security requests through the Security Application found on the Unit Security Contact (USC) Website.

 Login to the Security Application

  1. Go to https://www.aits.uillinois.edu/access/usc_website.
  2. Click the Security Application Login button.
  3. Type your ID and Password.
  4. Click the Login button.

Initiate an Employee Access Request

The USC will provide their department information to direct the security profile request to the appropriate university authorization group and the UIN of the employee (see Figure 24)

  1. Click Initiate Request.
  2. Select the Campus. (See Figure 24)
  3. Select the College code.
  4. Select the Department code.
  5. Type the employee UIN.
  6. Click the Retrieve button.

Review and Complete the Security Compliance Statements

With every security profile request, the USC must review and complete the security compliance statements (see Figure 25).

  1. Click Continue.
  2. Read the verification message and respond to it as needed to confirm that the department has a signed copy of the Information Security Compliance Form on file.

Request E-class Access

Master E-class Access Request Steps

In the Security Application, in the Security Main Menu, click on the Banner HR-Pay link.

        1. Click the Employee Class Access increment link.
        2. Click Add from the drop down in Action column for Master Employee Class Access. (See Figure 26).
        3. Click either of the two settings (it does not matter which one) in the Settings column.
        4. Under the Master Access heading, select MASTER with an Action of Add.
        5. Click the Save button.
        6. Click the View/Submit Request button if finished requesting access for this individual.
 Restricted E-class Access Request Steps
        1. In the Security Application, in the Security Main Menu, click on the Banner HR-Pay link.
        2. Click the Employee Class Access increment link.
        3. Click Add from the drop down in the Action column. (See Figure 26)
        4. Click either of the two settings in the Settings column.
          It does not matter which one you click as both will take you to the same Settings screen.
        5. Under the Restricted Access header, select the appropriate e-class code from the drop down.
        6. Select Action as Add. (See Figure 27)
        7. Click the Save button.
        8. If there are additional employee classes to be added, select any additional e-classes from the drop down as needed, with Action as Add.
          Click Save after each additional e-class has been added until all e-classes are added.
        9. Click the Profiles button when finished adding e-classes.
          Click View/Submit Request button if finished requesting access for this individual.

Request TS-Org Access

Determine which TS-Org(s) must be accessible to the individuals who will have time entry roles. Remember to include TS-Orgs for proxy roles.

    1. In the Security Application, in the Security Main Menu, click on the Banner HR-Pay link.
    2. Click the HR Org Code Access increment link.
    3. Select Add from the drop down in the Action column for Department HR Organization Level Access. (See Figure 28)
    4. Click the Dept Org Code Access link in the Settings column for Department HR Organization Level Access.
    5. Select the Chart of Accounts from the drop down.
    6. Select the From Organization to choose a beginning point for a range of organization codes.
    7. Select the To Organization to choose an end point for the range of organization codes.
      Orgs can be added in ranges, so you don’t necessarily have to enter each org individually. But all orgs inside the range will be included, so be certain a range is appropriate.
    8. Select Add in the Action column.
    9. Click the Save button.
    10. Click the Profiles button when finished adding TS-Orgs. Then click the View/Submit Request button if finished requesting access for this individual.

Request Time Entry Security Profile

For each individual with a time entry role, determine which time entry security profile is needed for their role (e.g., Web and/or Department Time Entry Approver or Time Entry Approver Proxy). For each employee with a time entry role, the preceding security steps of Initiate Employee Access Request, Review and Complete Security Compliance Statements, Request E-Class Access, and Request TS-Org Access must be completed in that order before the Time Entry security profile is requested.

Request Web and/or Department Time Entry Approver Security Profile

  1. In the Security Application, in the Security Main Menu, click on the Banner HR-Pay link.
  2. Click the Time Entry increment link.
  3. Select Add in the Action column for Web and/or Department Time Entry Approver. (See Figure 29)
  4. Click the Save button.
  5. If finished requesting access, click the View/Submit Request button.

Request Web and/or Department Time Entry Superuser Security Profile

  1.  In the Security Application, in the Security Main Menu, click on the Banner HR-Pay link.
  2. Click the Time Entry increment link.
  3. Select Add in the Action column for Web and/or Department Time Entry Superuser. (See Figure 30)
  4. Click the Save button.
  5. Click the View/Submit Request button.

Request Time Entry Originator Proxy Security Profile

  1. In the Security Application, in the Security Main Menu, click on the Banner HR-Pay link.
  2. Click the Time Entry increment link.
  3. Select Add in the Action column for Time Entry Originator Proxy. (See Figure 31)
  4. Click the Save button.
  5. Click the View/Submit Request button.

Request Time Entry Approver Proxy Security Profile 

  1. In the Security Application, in the Security Main Menu, click on the Banner HR-Pay link.
  2. Click the Time Entry increment link.
  3. Select Add in the Action column for Time Entry Approver Proxy. (See Figure 32)
  4. Click the Save button.
  5. Click the View/Submit Request button.

Submit a Security Profile Request for Department Time Entry Originator

  1. In the Security Application, in the Security Main Menu, click on the Banner HR-Pay link.
  2. Click the Time Entry increment link.
  3. Select Add in the Action column for Department Time Entry Originator. (See Figure 33)
  4. Click the Save button.
  5. Click the View/Submit Request button.

Review and Modify Time Approval Routing Queue

AITS will grant the requested security and create the time approval routing queues for the TS-Orgs in NTRRQUE in Banner based on new time entry and org security profile requests submitted by the USC in the Security Application.

The unit Superuser should make any necessary changes to the time approval routing queue in NTRRQUE prior to the time entry period.

Review an Existing Time Approval Routing Queue

  1. Open the Routing Queue Rules Form (NTRRQUE) in Banner.
  2. Enter the COA.
  3. Enter the Organization.
    Make sure the Position field is not populated (delete the Position if it happens to be populated).
  4. Click the Next Section button.
  5. Under Approval Category, select Time Entry and Approval. (See Figure 34)
  6. Review the entries in the Approver Sequence block. Make any changes that need to be made.
  7. If any changes were made, click the Save button.

Establish Time Approval Routing Queue

If for some reason, the time approval routing queue has not yet been created, but the time entry security has been established for all roles, the unit Superuser can and must set up the time approval queue in NTRRQUE so employees can submit timesheets.

  1. Open the Routing Queue Rules Form (NTRRQUE).
  2. Enter the COA.
  3. Enter the Organization.
    Make sure the Position field is not populated (delete the Position if it happens to be populated).
  4. Click the Next Section button.
  5. Under Approval Category, select Time Entry and Approval.
    Type 1 in the Approver Sequence field, then tab to the Approver Position field and type the position number for the Approver.
    NOTE: The Mandatory Approver box should never be checked. If this box is checked the Routing Queue may become invalid.
  6. In the Approver Action field, select Approve.
  7. Click the Save button.

Situations to Avoid

caption

 

Problem

Solution

1.

Employee Web Time Entry Originators cannot extract timesheets.

Error: “You have no records available at this time. Please contact your Payroll Administrator if you have any questions.”

The employee job record displays the wrong time entry method.

Submit a HRFE transaction to correct the job record error.

2.

Unit cannot extract timesheets.

A time approval routing queue has not been established for the timesheet organization.

Employee Web Time Entry Error: “Your records cannot be processed at this time. Please contact the Payroll Department.”

Department Originator Error: *ERROR* No approval routing queue established.

Units must establish a time approval routing queue in the Routing Queue Rules Form (NTRRQUE) in Banner for the TS-Org. After the USC requests the appropriate time entry security profiles for individuals in the time approval process, the unit Superuser can establish the time approval routing queue in NTRRQUE.

See also Problem #3 regarding Error: Incumbent field will indicate “VACANT”.

3

Unit cannot extract timesheets.

A position selected for the Time Approver is no longer “active”. Common reasons for a position to be no longer “active” are:

  • Time Approver has been terminated
  • Time Approver has on leave
  • Time Approver has been promoted
  • Time Approver has a new job Incumbent field will indicate “VACANT”.

Employee Web Time Entry Error: “Your records cannot be processed at this time. Please contact the Payroll Department.”

Department Originator Error: “*ERROR* Approver’s position is vacant for the pay period”

Update the time approval routing queue with the new Time Approver’s information or the new position information for the Time Approver.

Remember, the unit Superuser must notify the USC to contact AITS to establish security access for new Time Approvers.

4.

The Time Approver cannot extract their own timesheet. Error: “Timesheet records could not be retrieved.” Common reasons for a position to be no longer “active” are:

  • Override Approver has been terminated
  • Override Approver has on leave
  • Override Approver has been promoted
  • Override Approver has a new job

The Override Approvals Queue (NBAJQUE) for the Time Approver is “broken”.

NBAJQUE will not indicate that the Override Approver’s position is no longer “active” like NTRRQUE with the incumbent field showing “VACANT”.

 

If the Time Approver has an Override Approver for their timesheet and cannot extract their timesheet, go to the Override Approver’s job record(s) in the HR Front End (HRFE) and confirm that the Position (job) listed in NBAJQUE is active in HRFE for the pay event in question.

Correct the position information in NBAJQUE for the Override Approver or assign a new Override Approver.

5.

The Time Approver’s position contains more than one employee, e.g., pooled position.

Error: Incumbent field will indicate “MULTIPLE”.

Departments should only designate Time Approvers from non-pooled positions. The general assumption is that Banner positions will be defined on a one-to-one ratio with the exception of student and extra-help, which may be pooled.

6.

TS-Org code used for a timesheet organization has been deactivated.

A process has been established to ensure a TS-Org code is not tied to a timesheet organization before deactivating. (The possibility of this occurring is extremely unlikely.)




Keywords:time, routing queue, ntrrque, nbajque, orignator, approver, superuser, acknowledger   Doc ID:120361
Owner:Laura B.Group:University of Illinois Training and Development Resources
Created:2022-08-08 12:40 CSTUpdated:2022-10-12 10:13 CST
Sites:University of Illinois Training and Development Resources
CleanURL:https://answers.uillinois.edu/upb-time-entry-and-approval-routing-security-setup
Feedback:  0   0