View
165
Download
10
Category
Tags:
Preview:
Citation preview
PeopleSoft PeopleSoft Security Overview –v8.9Security Overview –v8.9
04/08/23 1PeopleSoft Security Overview
By, Prasanna
Session AgendaSession Agenda1. Types of Data Security2. User Security
1. User Profiles2. Roles
Static RolesDynamic Roles - NO_USERS Query?
3. Permission ListVarious Types of Permissions?
2. Transaction Level Security 1) Table Level Security (Query Security) 2) Row Level Security 3) Field Level Security (PeopleCode) 4) Secondary Row Level Permission Lists
3. Important People tools Tables
04/08/23 2PeopleSoft Security Overview
8.9 Security Changes8.9 Security Changes
Types of Security User Transaction
04/08/23 3PeopleSoft Security Overview
User SecurityUser Security
• User security data is the data defined as a user’s security access. It enables the system to ensure that users have access only to that which you have granted them access.
– Roles– Permissions– Row Level Permission
04/08/23 4PeopleSoft Security Overview
User SecurityUser Security
To administer security: Create permission lists. Create roles and attach permission lists to roles. Create user IDs and attach permission lists and roles to user IDs.
04/08/23 5PeopleSoft Security Overview
User SecurityUser Security
04/08/23 6PeopleSoft Security Overview
Security NavigationSecurity Navigation
Navigation: Main Menu -> PeopleTools -> Security
04/08/23 7PeopleSoft Security Overview
Permission List PagePermissions to:•Pages•Component Interfaces•People Tools•Process•Query (Query Access Groups)So on
Navigation: Main Menu -> PeopleTools -> Security -> Permission & Roles ->Permission
04/08/23 8PeopleSoft Security Overview
Roles PageRoles Page
Dynamic Member Allocation
Navigation: Main Menu -> PeopleTools -> Security -> Permission & Roles ->Roles04/08/23 9PeopleSoft Security Overview
User Profile PageUser Profile Page
Navigation: Main Menu -> PeopleTools -> Security -> User Profiles
04/08/23 10PeopleSoft Security Overview
Roles AssignmentRoles Assignment
04/08/23 11PeopleSoft Security Overview
Important NotesImportant Notes• User (operator) accounts are created and managed through the
User Profile pages. • A User can be assigned one and only one Row Security Permission
List which controls the population access to which the user has rights.
• A User can be assigned one or more Roles. Roles are essentially a grouping of Permission Lists.
• A Permission List grants the specific transaction pages and modes (Add, Update/Display, Update/Display All, Correction, Read Only). Access to tables
• A Role can be assigned one or more Permission List.• Therefore, the specific pages and modes a user can access online is
determined by the Permission Lists assigned to the Roles that are assigned to the User.
• The menu links a User through the Portal Registry.
04/08/23 12PeopleSoft Security Overview
Primary Permission ListPrimary Permission List• Primary Permission Lists are assigned to each user account. Users can have only a single Primary Permission List. The primary
permission list controls a set of operator defaults (see screen capture below). The following are the Primary Permission Lists currently in use. Most users will require PPALL_ACH.
PPL DescriptionHCPPDEU Primary List - GermanyHCPPFRA Primary List - FranceHCPPGBR Primary List - UKHCPPUSA Primary List - USAPPALL_ACH Primary List - all countriesNavigation: Setup HRMS -> Foundation Tables -> Organization -> Org Defaults by Permissions Lst
04/08/23 13PeopleSoft Security Overview
Transaction(Data) SecurityTransaction(Data) Security
Transaction• Transaction data is the data that is being secured.
Certain fields on a transaction data row are used to secure access to that row.
– Row Level Security– Query Security with Data Restriction– Security Sets & Access Types (Secondary Row Level)
04/08/23 14PeopleSoft Security Overview
Row Level SecurityRow Level Security• Confirming Basic Security
04/08/23 15PeopleSoft Security Overview
Row Level Security (or Population Access)Row Level Security (or Population Access)• Create Row Security Permission List
– Create Similar Way like Tradition Permission List– Should not assigned any transaction access permissions– Permission list name be prefixed with “DP”.
Navigation: PeopleTools -> Security -> Permissions & Roles -> Permission Lists
04/08/23 16PeopleSoft Security Overview
Define Department AccessDefine Department Access• Navigation: Setup HRMS -> Security -> Core Row Level Security -> Security by Dept Tree
Example of Row security permission list for combination of Branches
04/08/23 17PeopleSoft Security Overview
Query Security
• Query Access Tree– The trees are a hierarchical registry of tables defined in PeopleSoft.– New or missing tables should be added to the access tree as required.
To update Query Trees, – Navigate to PeopleTools -> Security -> Query Security -> Query
Access Manager.
04/08/23 18PeopleSoft Security Overview
• Grant Access Tree to a Permission List
04/08/23 19PeopleSoft Security Overview
To apply row level security to Queries:• Select PeopleTools, Application Designer to open the Application
Designer, and open the record on which you want to apply row-level security.
• With the record definition open in the Application Designer, click the Properties button, and select the Use tab from the Record Properties dialog box.
• Select the security record definition (usually a view) in the Query Security Record list box.
04/08/23 20PeopleSoft Security Overview
Secondary Permission ListsSecondary Permission Lists
Security Sets and Security Access Types Security sets represent a grouping of data that is being secured
(WHAT). For example, people of interest without jobs is a separate security set
from people with jobs. Security access types are different ways of securing the data within a
security set (HOW). Each security set has a number of security access types that you can choose to enable. Among other things, security access types determine:
• The security transaction data.• If there is data security for future-dated rows.• If the access type uses a department security tree.
04/08/23 21PeopleSoft Security Overview
PeopleSoft delivers the following five security sets Security
Set Description Security Join Table Storing
Data
PPLJOB People with Jobs Includes the data of any person who has a JOB record and all the associated data for that person.
SJT_PERSON
PPLUSF People with Jobs for United States Federal Government Includes the data of any person who has a GVT_JOB record and all the associated data for that person.
SJT_PERSON_USF
PPLPOI People of interest without jobs Includes the data of any person who does not have a JOB record and all the associated data for that person.
SJT_PERSON
DEPT Departments Includes department budgets and positions.
SJT_DEPT
RSOPN Job Openings Includes the data of job openings, including the data of applicants associated with a job opening.
HRS_SJT_JO
04/08/23 22PeopleSoft Security Overview
• Security Set Table
04/08/23 23PeopleSoft Security Overview
• The system is delivered with the following security types enabled:
– People with Jobs(PPLJOB) Dept Security Tree– People without Jobs(PPLPOI) POI Type– Departments(DEPT) Dept Security Tree
04/08/23 24PeopleSoft Security Overview
8.9 Security Changes8.9 Security Changes• Security Type
04/08/23 25PeopleSoft Security Overview
Data Type Transaction Component in which Data is Entered or
Maintained
Record Storing Transaction Data
Fields Available for Transaction Security Data
Departments Departments component (DEPARTMENT_TBL)
DEPT_TBL SetID Department
Job openings Job Opening page (HRS_JO_360)
HRS_JOB_OPENING Company Business Unit DeptID Location
Employees Contingent
workers POIs with
jobs
Add Employment Instance component (JOB_DATA_EMP)
Add Contingent Worker Instance component (JOB_DATA_CWR)
Add POI Instance component (JOB_DATA_POI)
Job Data component (JOB_DATA)
JOB Organizational Relationship (employee, contingent worker, or POI)
Regulatory Region Company Business Unit Department Location Salary Plan Pay Group (for
customers using Payroll for North America)
POIs without jobs Add a POI Relationship component (PERS_POI_ADD)
Maintain a Person’s POI Reltn component (PERS_POI_MAINTAIN)
PER_POI_SCRTY POI Type POI Type and
Business Unit POI Type and
Institution POI Type and
Company
04/08/23 26PeopleSoft Security Overview
8.9 Security Changes8.9 Security Changes• Delivered Security Types
PPLJ OB - Job Department Tree - Job Location - Job Business Unit - Job Company - Job Reg Region - Job Salary Grade - Person Organization - Job Deptid – non Tree - Job Company/Paygroup
PPLPOI
- POI Business Unit - POI Location - POI Institution - Person of Interest
DEPT
- Departments by Tree - Departments - non Tree - Departments by Setid
04/08/23 27PeopleSoft Security Overview
8.9 Security Changes8.9 Security Changes Security Join Tables
– The system stores security data in security join tables (SJTs). There are SJTs on
both the transaction and user side.
04/08/23 28PeopleSoft Security Overview
8.9 Security Changes8.9 Security Changes Transaction Security Join Tables
Transaction Security Join Table
Description Transaction Data From:
Key Fields
SJT_PERSON
Used by customers using the core job data components
Contains transaction data for the people (employees, contingent workers, POIs with jobs, POIs without jobs
JOB JOB_JR PER_ORG_ASGN PER_POI_SCRTY
SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 EMPLID
SJT_PERSON_USF
Used by customers using the US Federal job data components.
Contains transaction data for the employees entered into the US Federal person tables.
GVT_JOB SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 EMPLID
SJT_DEPT Contains the transaction data for the HRMS departments.
DEPT_TBL SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 SETID DEPTID
HRS_SJT_JO Contains the transaction data for the job openings in your system.
HRS_JOB_OPENING HRS_JO_RTEAM_VW
SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 HRS_JOB_OPENING_ID
04/08/23 29PeopleSoft Security Overview
8.9 Security Changes8.9 Security Changes User Security Join Tables
User Security Join Table
Description Stores Data From: Key Fields
SJT_CLASS_ALL Contains the data permission information for all the permission lists that are given data access on the Security by Dept Tree page or Security by Permission List page.
SCRTY_TBL_DEPT SJT_CLASS
CLASSID SCRTY_SET_CD SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3
SJT_OPR_CLS Contains the user IDs of people with data permission and the permission lists with data permission that are assigned to them.
PSOPRDEFN PSROLEUSER PSROLECLASS
OPRID CLASSID
04/08/23 30PeopleSoft Security Overview
04/08/23 31PeopleSoft Security Overview
04/08/23 32PeopleSoft Security Overview
Typical process for setup of HCM data permission security
04/08/23 33PeopleSoft Security Overview
Security by Department Tree
04/08/23 34PeopleSoft Security Overview
Security by Permission List
04/08/23 35PeopleSoft Security Overview
How the transaction security join tables are kept up to date:
04/08/23 36PeopleSoft Security Overview
8.9 Security Changes8.9 Security Changes How the permission list user security join tables are kept up
to date:
04/08/23 37PeopleSoft Security Overview
8.9 Security Changes8.9 Security Changes When to update the user profile security join table:
04/08/23 38PeopleSoft Security Overview
• Useful PeopleTools Tables:
Projects
• PSPROJECTDEFN — Project header table • PSPROJECTITEM — Definitions in the project Fields
• PSDBFIELD — Fields in the system • PSXLATITEM — Translate Values Records
• PSRECDEFN — Record header table • PSRECFIELD — Fields in the record (subrecords not expanded) • PSRECFIELDALL — Fields in the record (subrecords expanded) • PSKEYDEFN — Indexes • PSTBLSPCCAT — Tablespaces • PSRECTBLSPC — Records’ tablespace assignments
Pages• PSPNLDEFN — Page header table • PSPNLFIELD — Page controls (field types/FIELDTYPE) • PSPNLHTMLAREA — Static HTML Areas on Pages
Components• PSPNLGRPDEFN — Component header table • PSPNLGROUP — Pages in the components
Component Interface• PSBCDEFN — header record; one row for each component interface • PSBCITEM — one row for each property
04/08/23 39PeopleSoft Security Overview
Menus• PSMENUDEFN — Menu header table • PSMENUITEM — Items (components) on the menu
Security• PSCLASSDEFN — Permission List header table • PSAUTHITEM — Menu items granted security by permission lists • PSROLEDEFN — Role header table • PSROLECLASS — Permission Lists in roles • PSOPRDEFN — User ID header table • PSROLEUSER — Roles granted to users • PSAUTHBUSCOMP — Access to Component Interfaces
Process Scheduler• PS_PRCSDEFN — Process Definition Header • PS_PRCSDEFNGRP — Process Group • PS_PRCSDEFNPNL — Component • PS_PRCSJOBDEFN — Job Header • PSPRCSRQST — Process Request Instances • PS_PRCSJOBITEM — Job Processes
Portal• PSPRSMDEFN — Content References and Folders • PSPRUHTABPGLT — Portal User HP Tab Pagelet • PSPRUHDEFN — Homepage definition (from here) • PSPRUHTAB — Homepage Tab (from here) • PSWEBPROFNVP — Web Profile Settings
Change Control • PSCHGCTLHIST — shows history of locked definitions with project name, incident, and description • PSCHGCTLLOCK — shows definitions that are currently locked
Application Engine• PSAEAPPLDEFN — header record; 1 row per app engine • PSAEAPPLSTATE — state records assigned to app engines • PSAEAPPLTEMPTBL — temp tables assigned to app engines • PSAESECTDEFN — sections • PSAESTEPDEFN — steps • PSAESTEPMSGDEFN • PSAESTMTDEFN — actions (action types)
04/08/23 40PeopleSoft Security Overview
Open Forum/Questions
04/08/23 PeopleSoft Security Overview 41
04/08/23 PeopleSoft Security Overview 42
Recommended