Purpose

On an annual basis, the Office of the Controller requests that Chief Administrative Officers (CAOs) and Chief Financial Officers (CFOs) certify compliance with UCLA Financial Policy and verify that appropriate controlling and monitoring procedures are performed. In support of this effort, CAOs and CFOs must review a series of reports to ensure that individuals with access to their departments are truly needed. The deadline to review all reports is May 29, 2026.  

Sample CAO Certification Questionnaire (#8)

Do you understand your responsibilities in designating a DSA in order to maintain appropriate access controls and can you confirm that current access rights are correct based on your review of the following consolidated reports?  Please note, correct access rights mean access rights are granted to employees based on the minimum access necessary to perform their specific tasks, access for separated employees has been removed, and access for employees aligns with employee responsibilities.

1. Users with Access to a Specific Unit
2. Users and their Access by Appt Unit
3. Users and their Student Access by Appt Unit
4. Reviewers by Appointment Dept
5. QDB Users by Appt Unit

Important Dates

• May 4, 2026 – Reports are released by Org to Box
• May 29, 2026 – Annual Chief Administration Officer (CAO) Certification Process is due

Procedures

On an annual basis CAOs and Department Security Administrators (DSAs) need to evaluate whether access assigned within their dept is appropriate for the roles of employees. Please discuss with your DSAs, supervisors, managers, and/or directors to confirm all access is appropriate.  

The following five reports assist in identifying all employees that have access to your department:

1. Users with Access to a Specific Unit – Generates a listing of users who have a value-based function to a specific unit.
2. Users and their Access by Appt Unit – Generates a listing of users and their assigned functions for a specific appointment (appt) unit – the 4‐digit code in DACSS identifying an employee’s payroll appointment unit according to UCPath.
3. Users and their Student Access by Appt Unit – Generates a listing of users by their assigned UCPath unit who have Student Systems access.
4. Reviewers by Appointment Dept – Generates a listing of reviewers by the department they are assigned to in UCPath.
5. QDB Users by Appt Unit – Generates a listing of users by appointment unit who have QDB (query database) access. The appointment unit is a feed from payroll; users may have multiple appointment units.

Making Changes

The following would need to be performed in order to review and make any necessary changes related to DACSS access:

• Step 1 – Download the four reports created for your organization saved in Box (reports 2 through 5 listed above).
• Step 2 – The first report "Users with Access to Specific Unit" will need to be run by your CAO/DSA. Contact erm@finance.ucla.edu for assistance.
• Step 3 – Review the instructions and video on how to access the first report.
• Step 4 – Filter by Department within each of the Excel files.
• Step 5 – Review assigned DACSS functions for each employee.
• Step 6 – Discuss with your DSAs, supervisors, managers, and/or directors to confirm access is truly needed for the employee’s role.
• Step 7 – Process a System Access Request (SAR) to remove or change access in DACSS.

For assistance with SARs, contact Digital & Technology Solutions Client Support at (310) 825-8000 option 2.

Where to Find the Reports

The reports are stored in Box by Org. Access the 2026 DACSS Reports.

Supporting Materials

• How to run your reports to verify any changes performed by your DSA
• DACSS Report Instructions
• List of Department Security Administrators (DSAs)
• DACSS Report Download Instructions
• DACSS Glossary