Camps Help TitlePrint this document linkBack to Help Home Link
Security Requirements

Security within the new County and Municipal Personnel System (CAMPS) will be controlled at several levels to limit access to the system and the data it contains to authorized users only.  Currently, local user access to CSC mainframe systems is defined based on OIT’s Access Control Facility 2 (ACF2) software package.  Security for the new system will mirror the ACF2 format to maintain a standard for CSC systems.

The ACF2 format requires each user to possess both a logon identification and a password.  The Security Administrator assigned to the system will create both the logonid and an initial password.  The user’s initial password will be equal to their logonid and must be changed the first time the user enters the login screen.  Every 60 days the user will be required to change their password.  The new password must be different from the expired password.  Once changed, the password cannot be changed again for 10 days. 

All questions or problems involving security should be brought to the attention of the assigned Security Administrator at the jurisdiction level.

 

SECURITY SCHEMA

The security schema will be formatted as follows:

  • LOGON ID = Comprised of seven (7) bytes (i.e., CSCTEST for CSC, or A9ATEST for Local)

 

  • PASSWORD = Must be a minimum of five (5) and maximum of seven (7) bytes. 

arrow  NOTE:  Logon ID’s and Passwords are case-sensitive!

  • SECURITY CODE = Consists of five (5) bytes

 

  • Position one (1) will define the user’s security level

The security level defines which screens the user can access within the system.  The security levels will be maintained in a separate table.

  • Positions two (2) through five (5) will define the user’s data group

The data groups will be defined using the Jurisdiction Code’s base and number.  In most cases the juris number will be a range (i.e., 0001 through 0099).  The data groups will be maintained in a separate table.

 

SECURITY – APPOINTING AUTHORITIES

Within the new system, users are restricted to accessing only those screens and data for which they have received authorization.  Additionally, security within the system is controlled by the use of six different security levels made available to Local Appointing Authority (AA) users.  The appropriate security level is determined and assigned by the individual offices, and is selected from one of the following:

Level 0

Data Entry

Level 1

Data Entry and First Level AA Approval

Level 2

Data Entry, and Both Levels of AA Approval for all Transactions

Level 8

Security Administrator, Data Entry, and Both Levels of AA Approval

Level I

Inquiry and Report Generation

Level M

Inquiry for Managers (Inventory Detail)

arrow   NOTE:  Higher security levels will also include inquiry rights.  Data access will be restricted to the user’s data group.

 

SECURITY – CIVIL SERVICE COMMISSION

Security levels for CSC staff will be as follows:

Level 5

Transaction Review and Approval for HRM Staff

Level 6

Data Entry for HRIS Staff

Level 7

Data Entry and Review for HRIS Staff

Level 8

Security Administrator, Access only to Security Tables

Level 9

System Administrator, Total System Access and Table Maintenance

Level I

Inquiry and Report Generation

Level M

Inquiry for Managers (Inventory Detail)

Level S

Inquiry and Report Generation for Sel Svcs Staff (Pers Info Query)

 

arrow   NOTE:  Higher security levels will also include inquiry rights.  Data access for all CSC security levels will be global.  The security code’s data group could be blank or “9999.”

This approach will allow for expansion and/or modification of security levels when required.