PeopleSoft

Security Overview –v8.9

By, Prasanna

12/08/21 PeopleSoft Security Overview 1

 Session Agenda
1. Types of Data Security
2. User Security
1. User Profiles
2. Roles
Static Roles
Dynamic Roles - NO_USERS Query?
3. Permission List
Various Types of Permissions?
2. Transaction Level Security
1) Table Level Security (Query Security)
2) Row Level Security
3) Field Level Security (PeopleCode)
4) Secondary Row Level Permission Lists

3. Important People tools Tables

12/08/21 PeopleSoft Security Overview 2

 8.9 Security Changes
 Types of Security
 User
 Transaction

12/08/21 PeopleSoft Security Overview 3

 User Security
• User security data is the data defined as a user’s
security access. It enables the system to ensure that
users have access only to that which you have granted
them access.
– Roles
– Permissions
– Row Level Permission

12/08/21 PeopleSoft Security Overview 4

 User Security
 To administer security:
 Create permission lists.
 Create roles and attach permission lists to roles.
 Create user IDs and attach permission lists and roles to user IDs.

12/08/21 PeopleSoft Security Overview 5

 User Security

12/08/21 PeopleSoft Security Overview 6

 Security Navigation

Navigation: Main Menu -> PeopleTools -> Security

12/08/21 PeopleSoft Security Overview 7

 Permission List Page
Permissions to:
•Pages
•Component Interfaces
•People Tools
•Process
•Query (Query Access Groups)
So on

Navigation: Main Menu -> PeopleTools -> Security -> Permission & Roles ->Permission
12/08/21 PeopleSoft Security Overview 8
 Roles Page

Dynamic Member Allocation

Navigation:
12/08/21
Main Menu -> PeopleTools -> Security -> Permission & Roles ->Roles
PeopleSoft Security Overview 9
 User Profile Page

Navigation: Main Menu -> PeopleTools -> Security -> User Profiles
12/08/21 PeopleSoft Security Overview 10
 Roles Assignment

12/08/21 PeopleSoft Security Overview 11

 Important Notes
• User (operator) accounts are created and managed through the
User Profile pages.
• A User can be assigned one and only one Row Security Permission
List which controls the population access to which the user has
rights.
• A User can be assigned one or more Roles. Roles are essentially a
grouping of Permission Lists.
• A Permission List grants the specific transaction pages and modes
(Add, Update/Display, Update/Display All, Correction, Read Only).
Access to tables
• A Role can be assigned one or more Permission List.
• Therefore, the specific pages and modes a user can access online is
determined by the Permission Lists assigned to the Roles that are
assigned to the User.
• The menu links a User through the Portal Registry.

12/08/21 PeopleSoft Security Overview 12

 Primary Permission List
• Primary Permission Lists are assigned to each user account. Users can have only a single Primary Permission List. The primary permission
list controls a set of operator defaults (see screen capture below).
The following are the Primary Permission Lists currently in use. Most users will require PPALL_ACH.
PPL Description
HCPPDEU Primary List - Germany
HCPPFRA Primary List - France
HCPPGBR Primary List - UK
HCPPUSA Primary List - USA
PPALL_ACH Primary List - all countries
Navigation: Setup HRMS -> Foundation Tables -> Organization -> Org Defaults by Permissions Lst

12/08/21 PeopleSoft Security Overview 13

 Transaction(Data) Security
 Transaction
• Transaction data is the data that is being secured.
Certain fields on a transaction data row are used to
secure access to that row.
– Row Level Security
– Query Security with Data Restriction
– Security Sets & Access Types (Secondary Row Level)

12/08/21 PeopleSoft Security Overview 14

 Row Level Security
• Confirming Basic Security

12/08/21 PeopleSoft Security Overview 15

 Row Level Security (or Population Access)
• Create Row Security Permission List
– Create Similar Way like Tradition Permission List
– Should not assigned any transaction access permissions
– Permission list name be prefixed with “DP”.
Navigation: PeopleTools -> Security -> Permissions & Roles -> Permission Lists

12/08/21 PeopleSoft Security Overview 16

 Define Department Access
• Navigation: Setup HRMS -> Security -> Core Row Level Security -> Security by Dept Tree

Example of Row security permission list for combination of Branches

12/08/21 PeopleSoft Security Overview 17

 Query Security

• Query Access Tree

– The trees are a hierarchical registry of tables defined in PeopleSoft.
– New or missing tables should be added to the access tree as required.
To update Query Trees,
– Navigate to PeopleTools -> Security -> Query Security -> Query
Access Manager.

12/08/21 PeopleSoft Security Overview 18

• Grant Access Tree to a Permission List

12/08/21 PeopleSoft Security Overview 19

To apply row level security to Queries:
• Select PeopleTools, Application Designer to open the Application
Designer, and open the record on which you want to apply row-level
security.
• With the record definition open in the Application Designer, click the
Properties button, and select the Use tab from the Record Properties
dialog box.
• Select the security record definition (usually a view) in the Query Security
Record list box.

12/08/21 PeopleSoft Security Overview 20

 Secondary Permission Lists
 Security Sets and Security Access Types
 Security sets represent a grouping of data that is being secured
(WHAT).
 For example, people of interest without jobs is a separate security set
from people with jobs.
 Security access types are different ways of securing the data within a
security set (HOW). Each security set has a number of security access
types that you can choose to enable. Among other things, security
access types determine:
• The security transaction data.
• If there is data security for future-dated rows.
• If the access type uses a department security tree.

12/08/21 PeopleSoft Security Overview 21

  PeopleSoft delivers the following five security sets
Security Description Security Join Table Storing
Set Data

PPLJOB People with Jobs SJT_PERSON

Includes the data of any person who has a JOB record and all the
associated data for that person.

PPLUSF People with Jobs for United States Federal Government SJT_PERSON_USF
Includes the data of any person who has a GVT_JOB record and all the
associated data for that person.

PPLPOI People of interest without jobs SJT_PERSON

Includes the data of any person who does not have a JOB record and
all the associated data for that person.

DEPT Departments SJT_DEPT

Includes department budgets and positions.

RSOPN Job Openings HRS_SJT_JO

Includes the data of job openings, including the data of applicants
associated with a job opening.

12/08/21 PeopleSoft Security Overview 22

 • Security Set Table

12/08/21 PeopleSoft Security Overview 23

• The system is delivered with the following security types enabled:

– People with Jobs(PPLJOB) Dept Security Tree

– People without Jobs(PPLPOI) POI Type
– Departments(DEPT) Dept Security Tree

12/08/21 PeopleSoft Security Overview 24

 8.9 Security Changes
• Security Type

12/08/21 PeopleSoft Security Overview 25

 Data Type Transaction Component in Record Storing Fields Available for
which Data is Entered or Transaction Data Transaction Security Data
Maintained

Departments Departments component DEPT_TBL  SetID

(DEPARTMENT_TBL)  Department

Job openings Job Opening page HRS_JOB_OPENING  Company

(HRS_JO_360)  Business Unit
 DeptID
 Location

 Employees  Add Employment JOB  Organizational

 Contingent Instance component Relationship
workers (JOB_DATA_EMP) (employee,
 POIs with  Add Contingent contingent worker, or
jobs Worker Instance POI)
component  Regulatory Region
(JOB_DATA_CWR)  Company
 Add POI Instance  Business Unit
component  Department
(JOB_DATA_POI)
 Location
 Job Data component
 Salary Plan
(JOB_DATA)
 Pay Group (for
customers using
Payroll for North
America)

POIs without jobs  Add a POI PER_POI_SCRTY  POI Type

Relationship  POI Type and
component Business Unit
(PERS_POI_ADD)  POI Type and
 Maintain a Person’s Institution
POI Reltn component  POI Type and
(PERS_POI_MAINTA Company
IN)

12/08/21 PeopleSoft Security Overview 26

 8.9 Security Changes
• Delivered Security Types
P PLJ OB
- Job Department Tree
- Job Location
- Job Business Unit
- Job Company
- Job Reg Region
- Job Salary Grade
- Person Organization
- Job Deptid – non Tree
- Job Company/Paygroup

P PLPOI
- POI Business Unit
- POI Location
- POI Institution
- Person of Interest

DE P T
- Departments by Tree
- Departments - non Tree
- Departments by Setid

12/08/21 PeopleSoft Security Overview 27

 8.9 Security Changes
 Security Join Tables
– The system stores security data in security join tables (SJTs). There are SJTs on
both the transaction and user side.

12/08/21 PeopleSoft Security Overview 28

 8.9 Security Changes
 Transaction Security Join Tables
Transaction Description Transaction Data Key Fields
Security Join Table From:

SJT_PERSON Contains JOB SCRTY_TYPE_CD

transaction data JOB_JR SCRTY_KEY1
Used by customers for the people PER_ORG_ASGN SCRTY_KEY2
using the core job (employees, PER_POI_SCRTY SCRTY_KEY3
data components contingent workers, EMPLID
POIs with jobs,
POIs without jobs
SJT_PERSON_USF Contains GVT_JOB SCRTY_TYPE_CD
transaction data SCRTY_KEY1
Used by customers for the employees SCRTY_KEY2
using the US entered into the SCRTY_KEY3
Federal job data US Federal EMPLID
components. person tables.

SJT_DEPT Contains the DEPT_TBL SCRTY_TYPE_CD

transaction data SCRTY_KEY1
for the HRMS SCRTY_KEY2
departments. SCRTY_KEY3
SETID
DEPTID
HRS_SJT_JO Contains the HRS_JOB_OPENING SCRTY_TYPE_CD
transaction data HRS_JO_RTEAM_VW SCRTY_KEY1
for the job SCRTY_KEY2
openings in your SCRTY_KEY3
system. HRS_JOB_OPENING_ID

12/08/21 PeopleSoft Security Overview 29

 8.9 Security Changes
 User Security Join Tables
User Security Join Description Stores Data From: Key Fields
Table

SJT_CLASS_ALL Contains the data SCRTY_TBL_DEPT CLASSID

permission SJT_CLASS SCRTY_SET_CD
information for all SCRTY_TYPE_CD
the permission lists SCRTY_KEY1
that are given data SCRTY_KEY2
access on the SCRTY_KEY3
Security by Dept
Tree page or Security
by Permission List
page.

SJT_OPR_CLS Contains the user PSOPRDEFN OPRID

IDs of people with PSROLEUSER CLASSID
data permission and PSROLECLASS
the permission lists
with data permission
that are assigned to
them.

12/08/21 PeopleSoft Security Overview 30

12/08/21 PeopleSoft Security Overview 31
12/08/21 PeopleSoft Security Overview 32
  Typical process for setup of HCM data permission security

12/08/21 PeopleSoft Security Overview 33

 Security by Department Tree

12/08/21 PeopleSoft Security Overview 34

  Security by Permission List

12/08/21 PeopleSoft Security Overview 35

 How the transaction security join tables are
kept up to date:

12/08/21 PeopleSoft Security Overview 36

 8.9 Security Changes
 How the permission list user security join tables are kept up
to date:

12/08/21 PeopleSoft Security Overview 37

 8.9 Security Changes
 When to update the user profile security join table:

12/08/21 PeopleSoft Security Overview 38

• Useful PeopleTools Tables:

Projects

• PSPROJECTDEFN — Project header table

• PSPROJECTITEM — Definitions in the project
Fields

• PSDBFIELD — Fields in the system

• PSXLATITEM — Translate Values
Records

• PSRECDEFN — Record header table

• PSRECFIELD — Fields in the record (subrecords not expanded)
• PSRECFIELDALL — Fields in the record (subrecords expanded)
• PSKEYDEFN — Indexes
• PSTBLSPCCAT — Tablespaces
• PSRECTBLSPC — Records’ tablespace assignments

Pages
• PSPNLDEFN — Page header table
• PSPNLFIELD — Page controls (field types/FIELDTYPE)
• PSPNLHTMLAREA — Static HTML Areas on Pages

Components
• PSPNLGRPDEFN — Component header table
• PSPNLGROUP — Pages in the components

Component Interface
• PSBCDEFN — header record; one row for each component interface
• PSBCITEM — one row for each property

12/08/21 PeopleSoft Security Overview 39

Menus
• PSMENUDEFN — Menu header table
• PSMENUITEM — Items (components) on the menu

Security
• PSCLASSDEFN — Permission List header table
• PSAUTHITEM — Menu items granted security by permission lists
• PSROLEDEFN — Role header table
• PSROLECLASS — Permission Lists in roles
• PSOPRDEFN — User ID header table
• PSROLEUSER — Roles granted to users
• PSAUTHBUSCOMP — Access to Component Interfaces

Process Scheduler
• PS_PRCSDEFN — Process Definition Header
• PS_PRCSDEFNGRP — Process Group
• PS_PRCSDEFNPNL — Component
• PS_PRCSJOBDEFN — Job Header
• PSPRCSRQST — Process Request Instances
• PS_PRCSJOBITEM — Job Processes

Portal
• PSPRSMDEFN — Content References and Folders
• PSPRUHTABPGLT — Portal User HP Tab Pagelet
• PSPRUHDEFN — Homepage definition (from here)
• PSPRUHTAB — Homepage Tab (from here)
• PSWEBPROFNVP — Web Profile Settings

Change Control
• PSCHGCTLHIST — shows history of locked definitions with project name, incident, and description
• PSCHGCTLLOCK — shows definitions that are currently locked

Application Engine
• PSAEAPPLDEFN — header record; 1 row per app engine
• PSAEAPPLSTATE — state records assigned to app engines
• PSAEAPPLTEMPTBL — temp tables assigned to app engines
• PSAESECTDEFN — sections
• PSAESTEPDEFN — steps
• PSAESTEPMSGDEFN
• PSAESTMTDEFN — actions (action types)

12/08/21 PeopleSoft Security Overview 40

 Open Forum/Questions

12/08/21 PeopleSoft Security Overview 41

12/08/21 PeopleSoft Security Overview 42