PeopleSoft

Security
 Introduction

 Internet driven architecture of PeopleSoft

 Robust and scalable means of authorization
 Layers of security in PeopleSoft
 Security Outside PeopleSoft

 Network security
Web server security
Application server security

 Operating System security

 Database security
 PeopleSoft Online Security

 Sign on and timeout security

 Page and dialog security

 Definition security

 Batch environment security

 Process security

 Reporting security
 PeopleSoft Online Security (..contd)

 Application Data Security

 Query/ Table level Security

 Row Level Security

 Field Security

 PeopleSoft Internet Architecture Security

 PeopleSoft Security Definitions

 Permission list – is list of authorizations

 Roles – aggregates permission lists to meaningful

collections

 User profile – defines individual PeopleSoft users

 Basic Steps
1. Create Permission Lists
2. Create Roles
3. Assign Permission Lists to the Roles
4. Create User IDs
5. Assign Roles to User IDs
 Permission Lists
 Permission Lists are the “WHAT” of security
 Length: 30 Characters mixed case. Name Permission
 Lists based on what pages are included (Example:
CSU_POMANAGEPO)
 Navigation: PeopleTools>Permissions and
Roles>Permission Lists
 Permission Lists
Permission Lists

Sign-on

Pages

Query

Process Profile

Process Groups

Application Designer

Component Interface
Permission Lists – General
page
Permission Lists – Pages page
Permission Lists – Pages – Edit
Components
Permission Lists – Pages – Page
Permissions
Permission Lists –
PeopleTools page
 Permission List- Web Libraries


Permission Lists – Queries
page
 Roles
 Roles are the “WHO” of security
 Length: 30 Characters mixed case. Recommendation
use CAPS!!! (Example: CSU_POMGR)
 Collection of permission lists
 Workflow Routing
 Navigation: PeopleTools>Permissions and Roles>Roles
 Roles
Roles Roles are an
intermediate object that
exists between
Permission Lists Permission Lists and
User Profile. They are
Sign-on used to aggregate
Pages Permission Lists so that
they are arranged in to
Query meaningful collections.

Process Groups

Process Profile

Tools

Role Users
Static Role Users

Dynamic Role Users

Roles – General
Roles – Assign Permission
Lists
Roles – Workflow
Roles – Queries
Roles – Audit
 User Profiles
 Length: 30 Characters mixed case (was 8 characters).
Recommend to use Uppercase!!! (Example: DCHIANG)
 Users assigned collection of roles
 Navigation: PeopleTools>User Profiles>User Profiles
 User Profiles
User Profile
User Profiles define
Data Permissions individual PeopleSoft
users.
Primary Permissions
A User Profiles must be
linked to at least one
Navigation Perm.
Role in order to be a
valid profile.
Process Profiles

Roles

Permission Lists

Sign-on
Pages
Query

Process Groups
User Profiles – General
 User Profiles – Permission
Lists
 User Profile has four permission lists:
 Navigation Homepage – Business Process Map
 Process Profile – Process Profile
 Primary Permission List – Set defaults with
PeopleCode, Object Security Rights, Time Out
Minutes (Windows Client Only)
 Row Security Permission List – Business Unit,
Projects Security, nVision Ledger Security, etc.
User Profiles – Assigning
Roles
User Profiles – Workflow
User Profiles – Audit
User Profiles – Queries
 Users Roles Permission Lists
One to One to
Many Many
Roles Permission
Examples: Examples: Examples:
Lists
LDECATO CSU_POMGR CSU_POENTRY
MASDIKIAN CSU_POBUYER CSU_POQUERYRUN
DCHIANG CSU_POUSER CSU_POREQENTRY
CSU_POREQ CSU_POREQINQ

Permission Lists Grant

Assign
Roles are Control of:
Users to
cumulative Pages (Menus)
Roles
Processes
based on Roles are
Bus Units (row level)
their job applicable for all
duties business units A Permission List can
grant access to one or
many pages

User Profile specifies Business Unit(s) via Row-level Permission List(s)

 Single Sign-on
 Users have the ability to jump between PeopleSoft
systems, depending on their daily tasks

 Users need only to remember a single user ID and

password
 The directory server helps address the multiple user ID
and password issues.
 PIA leverages Web browser cookies to store a unique
access token for each user when they are initially
authenticated. When connected to another PeopleSoft
system, the token in the browser is used to re-
authenticate the user.
 The browser cook is an in-memory cookies and is never
written to disk. The cookie is also encrypted.
Password Controls
 Operator Tables

PSOPRDEFN Operator Definition

PSOPRALIAS PeopleSoft ID Values

PSROLEUSER Role User

ROLEXLATOPR Role User Table

PSOPRCLS Operator classes per operator

 Role Tables

PSROLEDEFN Role Definition

PSROLECLASS Role Classes

PSROLEUSER Role User

PSUSERPRSNLOPTN User Personalizations

 Permission Lists Tables
PSAUTHITEM Authorized Menu Item

PSCLASSDEFN Permission Lists Definition

PSPRCSPRFL Process Profile

SCRTY_ACC_GRP Access Group Security

SCRTY_QUERY PS/Query Profile

MC_OPR_SECURITY Mass Change

PSUSERPRSNLOPTN User Personalizations

Thank You !