PeopleSoft Application Security

1

• PeopleSoft Application Security
• High Level Overview
• HRBIT
• 2/11/04

2
Overview

• Online security structure
• Permission Lists
• Roles
• User Profiles
• Query Security
• Process Security

3
PeopleSoft Online Security

• Three major components define user application
  security
• User Profiles
• Roles
• Permission Lists
• Users will have only one User Profile
• User Profiles may have one or many Roles
• Roles may have one or many Permission Lists

4
Permission Lists

• Permission lists may grant permission to one or
  many items in one list
• Areas include
• General permissions (time-out settings, start app
  server access, etc.)
• Page permissions (menu items)
• PeopleTools permissions (App Designer, Query,
  Data Mover, etc.)
• Process permissions (Process Groups or Process
  Profile)
• Sign-on times
• Component Interface
• Message Monitor
• Web Libraries
• Personalizations
• Query (Query Access Groups and/or Query Profile)
• Mass Change

5
PeopleSoft Roles

• Are a collection of assigned Permission Lists
• May contain one or many Permission Lists
• Should be built with little overlap to provide
  the most flexibility
• Should be centered on the business process or
  task being performed, not on the user performing
  the task
• Should be re-usable, rather than specific to only
  one user

6
Building PeopleSoft Roles
Users
John Mary Jim 1 1 1 2
3 4 4 5 5 6 6 7 7
Doris
Tasks
1 2 3 5
Role 1 Role 2 Role 3 Role 4 Role 5
7
Global/Universal Roles

• Permissions that apply to all users may be
  collected together in global roles such as a UF
  PeopleSoft User role
• Typically these are non-page permissions but not
  always
• Examples include
• Sign-on times
• Web libraries access
• Password updates

8
Special Permission Lists

• Each User Profile is assigned four permission
  lists directly rather than through an assigned
  Role
• Primary Permission List
• Row-Sec Permission List
• Navigator Homepage Permission List
• Process Profile Permission List

9
Primary PL Row-Sec PL

• Primary and Row-Sec permission lists are used by
  each application (HRMS and Financials) in
  different ways to provide default values and row
  level security
• The Primary PL is used by most applications to
  set certain user default values such as SetID,
  default Business Unit, default Country, etc.
• In Finance, the Primary PL is used to control
  row-level security by Business Unit, Ledger or
  SetID
• In HRMS, the Row-Sec PL is used to control
  row-level security based on Department
• Although assigned directly, the same permission
  list may be used by multiple User Profiles

10
Department Security

• Department data access is assigned to the Row-Sec
  Permission List.
• Access to a parent-node includes all child-nodes.
  
• Multiple nodes may be granted to the Row-Sec
  Permission List.

11
Process Profile

• Configures defaults for process parameters
• Server file destinations
• Sever print destinations
• View and update process requests
• Override output destination
• Override server parameters
• View and/or update server status
• Enable recurrence selections
• Process profile info is only inherited through
  the Process Profile permission list, not through
  PLs assigned to Roles.

12
Query Security

• Online Query Security is controlled by several
  levels of access
• Menu/Page level access to Query Manager
• Access to run queries
• Access to create private queries
• Access to create public queries
• Access to records (tables) against which to run
  queries
• UF will have three custom query roles
• 1. Will grant access to run public queries
• 2. Will add ability to create and run private
  queries
• 3. Will add ability to create public queries

13
Query Access Groups

• Query Access Groups are groups of records that
  can be queried
• If a user is not granted access to a Query Access
  Group containing the appropriate records, that
  user will not be able to query those records
• Queries that reference records not in the users
  Query Access Groups will not appear as choices
  for the user to run in Query Manager
• Query Access Groups are inherited through Roles
  assigned to the User Profile

14
Row-level Security in Queries

• If row-level security is enabled, all query
  results will be filtered based on that security
• By default in HRMS, row-level security is based
  on the Department Security Tree
• Querying employee information will return only
  those employees for which the user has been
  granted access on the Department Security Tree

15
Process Security

• Process Security is controlled on two levels
• Access to page to execute the process
• Access to the Process Group that contains the
  process definition
• All processes must be in at least one Process
  Group
• Process Groups are granted to users via
  permission lists assigned to roles
• These roles may be specific to process groups, or
  may be the same roles used for menu/page access
• Process Groups are defined on the process
  definition
• Case matters
• No error checking

16
Security Queries
PeopleTools gt Security gt Review Security
Information
17
User ID Queries
18
User IDs Page Access
19
Role Queries