Why Dynamic roles ?1) The assignment of roles to User Profiles based on your business rules.2) These business rules run against system(s) to assign PeopleSoft access.3) PeopleSoft security changes in an automatically.4) The dynamic role rule process removes and grants access to User ProfilesPeopleTools > Security > Permissions & Roles >Roles (Dynamic Member Tab/Page).There are three ways can use to execute your rules to find the dynamic role users.o PS/Queryo LDAP Plug-ino PeopleCodePS/Query1) Access is removed or granted based on the User Profile IDs retrieved by the query.2) Logic to select the dynamic role users will be present in the SQL of the Query.
a) Use PSOPRALIAS_VW or PSOPRALIAS record to create the dynamic role queries.PSOPRALIAS - Used to store ID values corresponding to various ID types. For example, stores EMPLIDfor Employee type, CUST_ID for customer ID. It will be easy to join the tables based on the type of theUserid.b) Don't use any Bind variables in the role queries. They are not designed for resloving the bind variables.c) Use Disntict caluse in the SQL to make you always retrive uniques id only. Any duplicate will the thedynamic role asssignement.
1) Access is removed or granted based on the User Profile IDs pushed in to the system array variable%RoleDynamicMembers.2) This is used when logic is complicated and cannot be retried from the Query.3) Logic to select the dynamic role users will be present in the Peoplecode event (Record name, Field name, Event name , Function name.) should be provided in the dynamic members tab. 4)
fetch the value using create sql fetch the oprid values and push in to the system variable.Eg:- %RoleDynamicMembers.Push(&Userid);LDAP Plug-in
With a directory-based rule, you must assign directory groups. The PeopleCode Rule group box appearsbecause directory rules are implemented using the DynRoleMembers PeopleCode program. This programuses the Directory business interlink to retrieve user and group information from the directory. To view theprogram, open the FUNCLIB_LDAP record in PeopleSoft Application Designer. Click Assign DirectoryGroups to select a particular directory group that exists in your LDAP server hierarchy. For example, if youhave your LDAP server grouped by geographic region, your rule could assign a new self-service role to allusers in the North America group. Use the Directory Group drop-down list box to select the appropriatedirectory group value. The values are derived from the LDAP data that you import using the Directory GroupImport process.
When you click the button execute Dynamic rules button DYNROLE_PUBL Application engine is exequted.This app engine program reads Dynamic Role Rules, executes the rules, and publishes the results. Themessages are then subscribed to and the users are assigned to the appropriate roles. This program is