+ Post New Thread
Results 1 to 10 of 10
MIS Systems Thread, SIMs Security for sensitive data in Technical; My school has asked me to support SIMS ( updates, new installs etc) which I have done for a long ...
  1. #1

    Join Date
    Jun 2010
    Location
    Berkshire
    Posts
    111
    Thank Post
    18
    Thanked 9 Times in 9 Posts
    Rep Power
    9

    SIMs Security for sensitive data

    My school has asked me to support SIMS ( updates, new installs etc) which I have done for a long time but I have always used the Bursars login ( yeah I know). Things came to a head when I requested a machine login for our library integration when I was told that I was not allowed on due to the sensitive nature of the data. I pointed out that I have access via the Bursars login but more basically have file level access to SQL Db didn't move anyone so I am wondering if any of you know of a way of passwording certain files or permissions that will preserve data security whilst allowing me to do my work.
    Capita were pretty baffled so I thought I would consult some experts....
    My knowledge of SIMS is pretty basic but surely there is some granularity to the permissions but not sure where to begin?

  2. #2

    creese's Avatar
    Join Date
    Feb 2009
    Location
    -28 31' 48.89", +28 25' 37.42" ... if only.
    Posts
    3,036
    Thank Post
    167
    Thanked 343 Times in 278 Posts
    Rep Power
    168
    System Manager should most likely be all you need.

    Upgrades and installs are done outside of SIMS. So as long as you have the sa password you should be able to do all you need.

  3. #3

    Join Date
    Jun 2010
    Location
    Berkshire
    Posts
    111
    Thank Post
    18
    Thanked 9 Times in 9 Posts
    Rep Power
    9
    Thanks for that but won't the SA password allow me to view personnel files? They are worried that I might look at salaries, identity theft etc

  4. #4

    Join Date
    Dec 2007
    Location
    Nottinghamshire
    Posts
    184
    Thank Post
    56
    Thanked 21 Times in 19 Posts
    Rep Power
    16
    If you have access to SupportNet then you want KB 18694 if not pm me an email address and I'll send you the file from SupportNet for the Permission groups and what access each give

  5. #5

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,182
    Thank Post
    1,285
    Thanked 1,029 Times in 729 Posts
    Rep Power
    658
    Quote Originally Posted by sparker View Post
    Thanks for that but won't the SA password allow me to view personnel files? They are worried that I might look at salaries, identity theft etc
    With system manager access, you have the power to grant yourself additional permissions so that you could view whatever you want. It's a matter of whether or not you're trusted to be honest! I wonder if SMT realise the amount of data technicians could get at if they tried?

  6. #6

    creese's Avatar
    Join Date
    Feb 2009
    Location
    -28 31' 48.89", +28 25' 37.42" ... if only.
    Posts
    3,036
    Thank Post
    167
    Thanked 343 Times in 278 Posts
    Rep Power
    168
    Quote Originally Posted by sparker View Post
    Thanks for that but won't the SA password allow me to view personnel files? They are worried that I might look at salaries, identity theft etc
    In theory, yes. But without certain access you can't really do your job. They either want you to do upgrades and trust you, or find someone they do trust. That's the nature of the job. I'm sure anyone competent enough with IT could open all sorts of data, given the password or not.

  7. #7

    Join Date
    Jun 2010
    Location
    Berkshire
    Posts
    111
    Thank Post
    18
    Thanked 9 Times in 9 Posts
    Rep Power
    9
    This was my point to the head, he could lock me out of SIMS but what about the underlying Db? What about email?
    It really is the elephant in the room and there are so many techs out there on tiny wages with their hands on the most critical data in the school. So the upshot is that in order to do the job I must have the access or an unknown person can do it for them for a huge fee!

  8. #8

    creese's Avatar
    Join Date
    Feb 2009
    Location
    -28 31' 48.89", +28 25' 37.42" ... if only.
    Posts
    3,036
    Thank Post
    167
    Thanked 343 Times in 278 Posts
    Rep Power
    168
    Quote Originally Posted by sparker View Post
    This was my point to the head, he could lock me out of SIMS but what about the underlying Db? What about email?
    It really is the elephant in the room and there are so many techs out there on tiny wages with their hands on the most critical data in the school. So the upshot is that in order to do the job I must have the access or an unknown person can do it for them for a huge fee!
    I have access to over 140 schools and all their data. I would think only about a handfull of Heads are fully as aware as they should be of this. They know, but have not really thought about what they know. Your Head should be applauded for questioning it, but eventually needs to decide if he wants an upgrade and support from an IT technician/manager or not.

  9. #9

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,135
    Thank Post
    352
    Thanked 577 Times in 474 Posts
    Rep Power
    142
    Quote Originally Posted by sparker View Post
    Thanks for that but won't the SA password allow me to view personnel files? They are worried that I might look at salaries, identity theft etc
    Yes\No. It won't via the SIMS\FMS application, it will allow you to reset the sysman password, which in turn can reset any sims\fms user account. This however would create an audit trail.

    Just a question of having a procudure in place with solid reasons and sticking to it. If you've physical on the server and your got admin rights on the server, your half way pass any other security anyway.

    So a common one for technicians would be to have a logon that would at least allow them to check that SIMS is installed correctly and that someone can logon successful.

  10. #10

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,589
    Thank Post
    638
    Thanked 1,306 Times in 1,088 Posts
    Rep Power
    336
    Isn't the Bursar, also the system manager as is the case in many schools? With that login you can create a low level account for testing and library integration, assuming management have approved sims data being present in the library. How it's done shouldn't matter.
    I would have just gone and done it, based on your brief. Sometimes, it's better to just do it and document what you've done. Ask for permission, and you end up with a discussion, and all these other issues.
    They can't really expect you to only use the bursar's login and think that is secure. You can look at personnel data with their login surely!

SHARE:
+ Post New Thread

Similar Threads

  1. [SIMS] SIMS 7.140 Training Data Sets
    By creese in forum MIS Systems
    Replies: 5
    Last Post: 4th August 2011, 01:19 PM
  2. [SIMS] SIMS Attendance for recording after school care
    By imiddleton25 in forum MIS Systems
    Replies: 22
    Last Post: 10th January 2011, 02:13 PM
  3. Replies: 11
    Last Post: 6th October 2010, 01:24 PM
  4. sims slow to save data for some users
    By maark in forum MIS Systems
    Replies: 12
    Last Post: 2nd February 2010, 08:59 AM
  5. SIMS Learning gateway and data security
    By reggiep in forum MIS Systems
    Replies: 2
    Last Post: 5th May 2009, 10:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •