PeopleSoft Security Overview v8.


12/19/2010 PeopleSoft Security Overview


Session Agenda
1. Types of Data Security 2. User Security 1. User Profiles 2. Roles Static Roles Dynamic Roles - NO_USERS Query? 3. Permission List Various Types of Permissions? 2. Transaction Level Security 1) Table Level Security (Query Security) 2) Row Level Security 3) Field Level Security (PeopleCode) 4) Secondary Row Level Permission Lists 3. Important People tools Tables


PeopleSoft Security Overview


8.9 Security Changes 
Types of Security 
User  Transaction


PeopleSoft Security Overview


User Security
‡ User security data is the data defined as a user s security access. It enables the system to ensure that users have access only to that which you have granted them access.
± Roles ± Permissions ± Row Level Permission


PeopleSoft Security Overview


Create roles and attach permission lists to roles. 12/19/2010 PeopleSoft Security Overview 5 .User Security  To administer security:    Create permission lists. Create user IDs and attach permission lists and roles to user IDs.

User Security 12/19/2010 PeopleSoft Security Overview 6 .

Security Navigation Navigation: Main Menu -> PeopleTools -> Security 12/19/2010 PeopleSoft Security Overview 7 .

Permission List Page Permissions to: ‡Pages ‡Component Interfaces ‡People Tools ‡Process ‡Query (Query Access Groups) So on Navigation: Main Menu -> PeopleTools -> Security -> Permission & Roles ->Permission 12/19/2010 PeopleSoft Security Overview 8 .

Roles Page Dynamic Member Allocation Navigation: Main Menu -> PeopleTools -> Security -> Permission & Roles ->Roles 12/19/2010 PeopleSoft Security Overview 9 .

User Profile Page Navigation: Main Menu -> PeopleTools -> Security -> User Profiles 12/19/2010 PeopleSoft Security Overview 10 .

Roles Assignment 12/19/2010 PeopleSoft Security Overview 11 .

Correction. Read Only). Update/Display All. Access to tables ‡ A Role can be assigned one or more Permission List. Roles are essentially a grouping of Permission Lists. Update/Display.Important Notes ‡ User (operator) accounts are created and managed through the User Profile pages. ‡ A Permission List grants the specific transaction pages and modes (Add. the specific pages and modes a user can access online is determined by the Permission Lists assigned to the Roles that are assigned to the User. ‡ Therefore. ‡ A User can be assigned one and only one Row Security Permission List which controls the population access to which the user has rights. ‡ A User can be assigned one or more Roles. 12/19/2010 PeopleSoft Security Overview 12 . ‡ The menu links a User through the Portal Registry.

Most users will require PPALL_ACH.USA PPALL_ACH Primary List .Germany HCPPFRA Primary List . The primary permission list controls a set of operator defaults (see screen capture below).France HCPPGBR Primary List . Users can have only a single Primary Permission List. The following are the Primary Permission Lists currently in use.all countries Navigation: Setup HRMS -> Foundation Tables -> Organization -> Org Defaults by Permissions Lst 12/19/2010 PeopleSoft Security Overview 13 . PPL Description HCPPDEU Primary List .Primary Permission List ‡ Primary Permission Lists are assigned to each user account.UK HCPPUSA Primary List .

Transaction(Data) Security  Transaction ‡ Transaction data is the data that is being secured. ± Row Level Security ± Query Security with Data Restriction ± Security Sets & Access Types (Secondary Row Level) 12/19/2010 PeopleSoft Security Overview 14 . Certain fields on a transaction data row are used to secure access to that row.

Row Level Security ‡ Confirming Basic Security 12/19/2010 PeopleSoft Security Overview 15 .

Navigation: PeopleTools -> Security -> Permissions & Roles -> Permission Lists 12/19/2010 PeopleSoft Security Overview 16 .Row Level Security (or Population Access) ‡ Create Row Security Permission List ± Create Similar Way like Tradition Permission List ± Should not assigned any transaction access permissions ± Permission list name be prefixed with DP .

Define Department Access ‡ Navigation: Setup HRMS -> Security -> Core Row Level Security -> Security by Dept Tree Example of Row security permission list for combination of Branches 12/19/2010 PeopleSoft Security Overview 17 .

± Navigate to PeopleTools -> Security -> Query Security -> Query Access Manager.Query Security ‡ Query Access Tree ± The trees are a hierarchical registry of tables defined in PeopleSoft. To update Query Trees. ± New or missing tables should be added to the access tree as required. 12/19/2010 PeopleSoft Security Overview 18 .

‡ Grant Access Tree to a Permission List 12/19/2010 PeopleSoft Security Overview 19 .

click the Properties button. ‡ Select the security record definition (usually a view) in the Query Security Record list box. Application Designer to open the Application Designer. and select the Use tab from the Record Properties dialog box. and open the record on which you want to apply row-level security.To apply row level security to Queries: ‡ Select PeopleTools. 12/19/2010 PeopleSoft Security Overview 20 . ‡ With the record definition open in the Application Designer.

 For example. security access types determine: ‡ The security transaction data.Secondary Permission Lists  Security Sets and Security Access Types  Security sets represent a grouping of data that is being secured (WHAT). ‡ If there is data security for future-dated rows. 12/19/2010 PeopleSoft Security Overview 21 .  Security access types are different ways of securing the data within a security set (HOW). Among other things. Each security set has a number of security access types that you can choose to enable. ‡ If the access type uses a department security tree. people of interest without jobs is a separate security set from people with jobs.

People with Jobs for United State s Federal Government Includes the data of any person who has a GVT_JOB record and all the associated data for that person. People of interest without jobs Includes the data of any person who does not have a JOB record and all the associated data for that person. PPLUSF SJT_PERSON_USF PPLPOI SJT_PERSON DEPT SJT_DEPT RSOPN HRS_SJT_JO 12/19/2010 PeopleSoft Security Overview 22 . Departments Includes department budgets and positions. PeopleSoft delivers the following five security sets Security Set PPLJOB Description Security Join Table Storing Data SJT_PERSON People with Jobs Includes the data of any person who has a JOB record and all the associated data for that person. including the data of applicants associated with a job opening. Job Openings Includes the data of job openings.

‡ Security Set Table 12/19/2010 PeopleSoft Security Overview 23 .

‡ The system is delivered with the following security types enabled: ± People with Jobs(PPLJOB) ± People without Jobs(PPLPOI) ± Departments(DEPT) Dept Security Tree POI Type Dept Security Tree 12/19/2010 PeopleSoft Security Overview 24 .

8.9 Security Changes ‡ Security Type 12/19/2010 PeopleSoft Security Overview 25 .

continge nt w orke r. or P O I) R e gula tory R e gion C om pa ny Busine ss U nit D e pa rtm e nt Loca tion S a la ry P la n P a y G roup (for custom e rs using P a yroll for N orth Am e rica ) P O I T ype P O I T ype a nd Busine ss U nit P O I T ype a nd Institution P O I T ype a nd C om pa ny Job ope nings H R S _ JO B_ O P E N IN G y y y E m ploye e s C ontinge nt w orke rs P O Is w ith jobs y y y y Add E m ploym e nt Insta nce com pone nt (JO B_ D AT A_ E M P ) Add C ontinge nt W orke r Insta nce com pone nt (JO B_ D AT A_ C W R ) Add P O I Insta nce com pone nt (JO B_ D AT A_ P O I) Job D a ta com pone nt (JO B_ D AT A) JO B y y y y y y y P O Is w ithout jobs y y Add a P O I R e la tionship com pone nt (P E R S _ P O I_ AD D ) M a inta in a P e rson·s P O I R e ltn com pone nt (P E R S _ P O I_ M AIN T A IN ) P E R _ P O I_ S C R T Y y y y y 12/19/2010 PeopleSoft Security Overview 26 .D a ta T y p e T ra n s a c tio n C o m p o n e n t in w h ic h D a ta is E n te re d o r M a in ta in e d D e pa rtm e nts com pone nt (D E P AR T M E N T _ T BL) Job O pe ning pa ge (H R S _ JO _ 3 6 0 ) R e c o rd S to rin g T ra n s a c tio n D a ta F ie ld s A v a ila b le fo r T ra n s a c tio n S e c u rity D a ta D e pa rtm e nts D E P T _ T BL y y y y y y y S e tID D e pa rtm e nt C om pa ny Busine ss U nit D e ptID Loca tion O rga niz a tiona l R e la tionship (e m ploye e .

Dep rtme ts b Setid 12/19/2010 PeopleSoft Security Overview 27 .Job Comp PPLPOI OI usi ess U it OI Loc tio OI I stitutio erso of I terest DEPT .erso Org iz tio .Job Dep rtme t Tree .Job Deptid ± o Tree / group .o Tree .Job Comp .9 Security Changes ‡ Delivered Security Types PPLJOB .Job Loc tio .Job S l r Gr de .Job usi ess U it .Dep rtme ts .Dep rtme ts b Tree .Job Reg Regio .8.

12/19/2010 PeopleSoft Security Overview 28 . There are SJTs on both the transaction and user side.8.9 Security Changes  Security Join Tables ± The system stores security data in security join tables (SJTs).

8. Transaction Data From: JOB JOB_JR PER_ORG_ASGN PER_POI_SCRTY Key Fields SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 EMPLID SJT_PERSON_USF Used by customers using the US Federal job data components.9 Security Changes  Transaction Security Join Tables Transaction Security Join Table SJT_PERSON Used by customers using the core job data components Description Contains transaction data for the people (employees. POIs without jobs Contains transaction data for the employees entered into the US Federal person tables. HRS_JOB_OPENING HRS_JO_RTEAM_VW 12/19/2010 PeopleSoft Security Overview 29 . POIs with jobs. Contains the transaction data for the HRMS departments. contingent workers. SJT_DEPT GVT_JOB SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 EMPLID DEPT_TBL SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 SETID DEPTID SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 HRS_JOB_OPENING_ID HRS_SJT_JO Contains the transaction data for the job openings in your system.

9 Security Changes  User Security Join Tables User ecurit le i escri ti t res t r ey iel s t i st e t er issi i f r ti f r ll lists t e er issi t t re iven t ccess n t e ecurity y ept ree page r ecurity y er issi n ist page.8. USER SROLECLASS OPRI CLASSI 12/19/2010 PeopleSoft Security Overview 30 . I ntains t e user I s f people it ata per ission and t e per ission lists it data per ission t at are assigned to t em.

12/19/2010 PeopleSoft Security Overview 31 .

12/19/2010 PeopleSoft Security Overview 32 .

 Typical process for setup of HCM data permission security 12/19/2010 PeopleSoft Security Overview 33 .

 Security by Department Tree 12/19/2010 PeopleSoft Security Overview 34 .

 Security by Permission List 12/19/2010 PeopleSoft Security Overview 35 .

 How the transaction security join tables are kept up to date: 12/19/2010 PeopleSoft Security Overview 36 .

8.9 Security Changes  How the permission list user security join tables are kept up to date: 12/19/2010 PeopleSoft Security Overview 37 .

9 Security Changes  When to update the user profile security join table: 12/19/2010 PeopleSoft Security Overview 38 .8.

one row for each component interface ‡ PSBCITEM one row for each property 12/19/2010 PeopleSoft Security Overview 39 .‡ Useful PeopleTools Tables: Projects ‡ PSPROJECTDEFN ‡ PSPROJECTITEM Fields Project header table Definitions in the project ‡ PSDBFIELD Fields in the system ‡ PSXLATITEM Translate Values Records ‡ ‡ ‡ ‡ ‡ ‡ PSRECDEFN Record header table PSRECFIELD Fields in the record (subrecords not expanded) PSRECFIELDALL Fields in the record (subrecords expanded) PSKEYDEFN Indexes PSTBLSPCCAT Tablespaces PSRECTBLSPC Records tablespace assignments Pages ‡ PSPNLDEFN Page header table ‡ PSPNLFIELD Page controls (field types/FIELDTYPE) ‡ PSPNLHTMLAREA Static HTML Areas on Pages Components ‡ PSPNLGRPDEFN Component header table ‡ PSPNLGROUP Pages in the components Component Interface ‡ PSBCDEFN header record.

Menus ‡ PSMENUDEFN ‡ PSMENUITEM Menu header table Items (components) on the menu Security ‡ PSCLASSDEFN Permission List header table ‡ PSAUTHITEM Menu items granted security by permission lists ‡ PSROLEDEFN Role header table ‡ PSROLECLASS Permission Lists in roles ‡ PSOPRDEFN User ID header table ‡ PSROLEUSER Roles granted to users ‡ PSAUTHBUSCOMP Access to Component Interfaces Process Scheduler ‡ PS_PRCSDEFN Process Definition Header ‡ PS_PRCSDEFNGRP Process Group ‡ PS_PRCSDEFNPNL Component ‡ PS_PRCSJOBDEFN Job Header ‡ PSPRCSRQST Process Request Instances ‡ PS_PRCSJOBITEM Job Processes Portal ‡ PSPRSMDEFN Content References and Folders ‡ PSPRUHTABPGLT Portal User HP Tab Pagelet ‡ PSPRUHDEFN Homepage definition (from here) ‡ PSPRUHTAB Homepage Tab (from here) ‡ PSWEBPROFNVP Web Profile Settings Change Control ‡ PSCHGCTLHIST ‡ PSCHGCTLLOCK shows history of locked definitions with project name. incident. 1 row per app engine ‡ PSAEAPPLSTATE state records assigned to app engines ‡ PSAEAPPLTEMPTBL temp tables assigned to app engines ‡ PSAESECTDEFN sections ‡ PSAESTEPDEFN steps ‡ PSAESTEPMSGDEFN ‡ PSAESTMTDEFN actions (action types) 12/19/2010 PeopleSoft Security Overview 40 . and description shows definitions that are currently locked Application Engine ‡ PSAEAPPLDEFN header record.

Open Forum/Questions 12/19/2010 PeopleSoft Security Overview 41 .

12/19/2010 PeopleSoft Security Overview 42 .

Sign up to vote on this title
UsefulNot useful