Access Control Executives
The Access Control Executive (ACE) is responsible for managing access for departmental users accessing administrative business systems in their department.
- IMS-Business Support Services has custodial responsibility for the management of all UT Health San Antonio administrative business systems.
- Departments maintain the responsibility for authorizing user access to systems for the completion of daily operations
- Fulfilling this responsibility, each UT Health San Antonio department must designate an Access Control Executive (ACE).
- The ACE must be appointed by the Dean, Chair, or Director using the Access Control Executive (ACE) Designation Form.
- No one can sign the Access Control Executive (ACE) Designation Form in place of the Dean, Chair, or Director without approval from the Executive Vice President for Business Affairs and Chief Financial Officer.
Listing of other qualifications:
- It is required that the ACE be a senior member of the department: Dean, Chair, Director, Associate/Assistant Director, Administrator, or the department’s senior administrative position (provided the department’s organizational structure does not include an Associate/Assistant Director or Administrator).
- The ACE can also be the Technical Support Representative (TSR)
- The ACE must be knowledgeable about the University policies and procedures, internal controls, and the department’s business processes and organizational structure.
- If a new ACE is designated, the name of the former ACE will be removed from distribution lists and all security access will be terminated.
User process guides/forms and training
- The following forms and guides are used by the departmental ACE:
- ACE Designation Form (pdf) - This form is used to assign a departmental ACE and must be signed by the department's Chair, Dean or Director and the Vice President for Business Affairs.
- ACE Proxy Designation Form (pdf) - This form is used by the departmental ACE to designate a person to act in the ACE's absence. This form must be signed by the department's Chair, Dean or Director.
- P.S.A.R. (Personnel Security Access Request) Form - This online form is used to request/delete access to application systems for a user. For security purposes, this form should ONLY be completed and submitted by the departmental ACE. The PSAR form service us accessible by logging into the IMS Self Service portal.
- Access Control Executive Procedures Manual and Reference Guide (pdf) - This guide will take a step-by-step approach through ACE Tools for the departmental ACE.
- Administrative Mailbox (pdf) - This guide will take a step-by-step approach through setting up the HRMS mailbox for the departmental ACE to receive confirmation emails from Human Resources department or Payroll.
The ACE has the responsibility to manage departmental users accessing administrative business systems including: PeopleSoft applications, Document Review System (DRS), FM Systems and Data Warehouse. These systems contain sensitive data and information critical to HSC business processes. In addition to this critical function, the ACE serves as the official liaison between the departmental users and administrative departments in the use of UT UT Health San Antonio business systems.
Implementation of appropriate access controls to administrative business systems is critical to attainment of HSC’s missions. The ACE responsibilities, listed below, should be carefully reviewed by Deans, Chairs, and Directors, as well as the designated departmental ACE to ensure departmental compliance.
List of responsibilities:
- The ACE has the responsibility to assign appropriate security access to PeopleSoft, Document Review System (DRS), and Data Warehouse. Departmental users should be assigned access privileges based on job duties, or on a “need-to-know” basis. Additionally, the ACE must ensure approval cycles support appropriate separation-of-duties and good internal controls.
- The ACE has the responsibility to immediately terminate security access for an employee who has been terminated, transferred to another department, or no longer has a need to access administrative systems.
- The ACE is required to review the “User Security Access Departmental List”, at least annually, and provide a signed copy to their Dean, Chair or Director. Any access changes should be forwarded to Computing Resources for implementation. To document the completion of required ACE training and system access verification, the department must maintain a current signed copy of the “List.”
- In the ACE’s absence, only the Dean, Chair, or Director may assume the responsibilities and duties of the ACE.
- The ACE is required to complete mandatory annual ACE Access Reviews
- The ACE has the responsibility to ensure departmental personnel receive both formal systems training and training related to departmental procedures and accounts.
- The ACE serves as the official liaison between the department and administrative departments in the use of UT Health San Antonio's administrative business systems.
- The ACE has the responsibility to maintain the electronic Administrative Mailbox, which is established for internal control of routine departmental business processes.
- The ACE has the responsibility to ensure personal computers accessing administrative business systems are properly secured.
Restrictions: Failure to comply could put business processes and information at risk. For all access to the application systems, the departmental ACE is required to submit a Personnel Security Access Request (PSAR) form. For security reasons, the PSAR form should only be submitted by the departmental ACE. New and existing employees who are not in the ACE role, should not complete this form.
Cost: There is no cost for the classes, however a no-show fee of $50.00 will be charged to the department for any users who sign up for a class but do not attend. An e-mail with at least 24-hr notice will be accepted.
Instructions on new and annual ACE training
New ACE training:
- Transition Solutions will contact the newly appointed ACE to schedule initial ACE training. This training is required for newly designated ACEs and is conducted one-on-one throughout the year. This Initial ACE training includes a technical and functional overview. Included is an initial review of departmental security access and the appropriate forms.
Annual ACE access review
- As a review of responsibilities and existing departmental access, each ACE is required to attend annual ACE training.
- This Annual ACE training is conducted in a seminar style and includes a “functional” overview and a review of departmental security access and the appropriate forms.
- The ACE training includes the following documentation:
- ACE Process Guide and Helpful Information Sheet
- User Security Access Departmental List and Confirmation Form
- Additional Process Guides as needed
- The ACE training includes the following documentation:
- After mandatory annual ACE training, a copy of the User Security Access Departmental List Confirmation Form is signed and forwarded by the ACE to Transition Solutions.