People Soft Security Overview

PeopleSoft PeopleSoft Security Overview –v8.9Security Overview –v8.9

04/08/23 1PeopleSoft Security Overview

By, Prasanna

Session AgendaSession Agenda1. Types of Data Security2. User Security

1. User Profiles2. Roles

Static RolesDynamic Roles - NO_USERS Query?

3. Permission ListVarious Types of Permissions?

2. Transaction Level Security 1) Table Level Security (Query Security) 2) Row Level Security 3) Field Level Security (PeopleCode) 4) Secondary Row Level Permission Lists

3. Important People tools Tables


8.9 Security Changes8.9 Security Changes

Types of Security User Transaction


User SecurityUser Security

• User security data is the data defined as a user’s security access. It enables the system to ensure that users have access only to that which you have granted them access.

– Roles– Permissions– Row Level Permission



To administer security: Create permission lists. Create roles and attach permission lists to roles. Create user IDs and attach permission lists and roles to user IDs.


Security NavigationSecurity Navigation

Navigation: Main Menu -> PeopleTools -> Security


Permission List PagePermissions to:•Pages•Component Interfaces•People Tools•Process•Query (Query Access Groups)So on

Navigation: Main Menu -> PeopleTools -> Security -> Permission & Roles ->Permission


Roles PageRoles Page

Dynamic Member Allocation

Navigation: Main Menu -> PeopleTools -> Security -> Permission & Roles ->Roles04/08/23 9PeopleSoft Security Overview

User Profile PageUser Profile Page

Navigation: Main Menu -> PeopleTools -> Security -> User Profiles


Roles AssignmentRoles Assignment


Important NotesImportant Notes• User (operator) accounts are created and managed through the

User Profile pages. • A User can be assigned one and only one Row Security Permission

List which controls the population access to which the user has rights.

• A User can be assigned one or more Roles. Roles are essentially a grouping of Permission Lists.

• A Permission List grants the specific transaction pages and modes (Add, Update/Display, Update/Display All, Correction, Read Only). Access to tables

• A Role can be assigned one or more Permission List.• Therefore, the specific pages and modes a user can access online is

determined by the Permission Lists assigned to the Roles that are assigned to the User.

• The menu links a User through the Portal Registry.


Primary Permission ListPrimary Permission List• Primary Permission Lists are assigned to each user account. Users can have only a single Primary Permission List. The primary

permission list controls a set of operator defaults (see screen capture below). The following are the Primary Permission Lists currently in use. Most users will require PPALL_ACH.

PPL DescriptionHCPPDEU Primary List - GermanyHCPPFRA Primary List - FranceHCPPGBR Primary List - UKHCPPUSA Primary List - USAPPALL_ACH Primary List - all countriesNavigation: Setup HRMS -> Foundation Tables -> Organization -> Org Defaults by Permissions Lst


Transaction(Data) SecurityTransaction(Data) Security

Transaction• Transaction data is the data that is being secured.

Certain fields on a transaction data row are used to secure access to that row.

– Row Level Security– Query Security with Data Restriction– Security Sets & Access Types (Secondary Row Level)


Row Level SecurityRow Level Security• Confirming Basic Security


Row Level Security (or Population Access)Row Level Security (or Population Access)• Create Row Security Permission List

– Create Similar Way like Tradition Permission List– Should not assigned any transaction access permissions– Permission list name be prefixed with “DP”.

Navigation: PeopleTools -> Security -> Permissions & Roles -> Permission Lists


Define Department AccessDefine Department Access• Navigation: Setup HRMS -> Security -> Core Row Level Security -> Security by Dept Tree

Example of Row security permission list for combination of Branches


Query Security

• Query Access Tree– The trees are a hierarchical registry of tables defined in PeopleSoft.– New or missing tables should be added to the access tree as required.

To update Query Trees, – Navigate to PeopleTools -> Security -> Query Security -> Query

Access Manager.


• Grant Access Tree to a Permission List


To apply row level security to Queries:• Select PeopleTools, Application Designer to open the Application

Designer, and open the record on which you want to apply row-level security.

• With the record definition open in the Application Designer, click the Properties button, and select the Use tab from the Record Properties dialog box.

• Select the security record definition (usually a view) in the Query Security Record list box.


Secondary Permission ListsSecondary Permission Lists

Security Sets and Security Access Types Security sets represent a grouping of data that is being secured

(WHAT). For example, people of interest without jobs is a separate security set

from people with jobs. Security access types are different ways of securing the data within a

security set (HOW). Each security set has a number of security access types that you can choose to enable. Among other things, security access types determine:

• The security transaction data.• If there is data security for future-dated rows.• If the access type uses a department security tree.


PeopleSoft delivers the following five security sets Security

Set Description Security Join Table Storing

Data

PPLJOB People with Jobs Includes the data of any person who has a JOB record and all the associated data for that person.

SJT_PERSON

PPLUSF People with Jobs for United States Federal Government Includes the data of any person who has a GVT_JOB record and all the associated data for that person.

SJT_PERSON_USF

PPLPOI People of interest without jobs Includes the data of any person who does not have a JOB record and all the associated data for that person.

SJT_PERSON

DEPT Departments Includes department budgets and positions.

SJT_DEPT

RSOPN Job Openings Includes the data of job openings, including the data of applicants associated with a job opening.

HRS_SJT_JO


• Security Set Table


• The system is delivered with the following security types enabled:

– People with Jobs(PPLJOB) Dept Security Tree– People without Jobs(PPLPOI) POI Type– Departments(DEPT) Dept Security Tree


8.9 Security Changes8.9 Security Changes• Security Type


Data Type Transaction Component in which Data is Entered or

Maintained

Record Storing Transaction Data

Fields Available for Transaction Security Data

Departments Departments component (DEPARTMENT_TBL)

DEPT_TBL SetID Department

Job openings Job Opening page (HRS_JO_360)

HRS_JOB_OPENING Company Business Unit DeptID Location

Employees Contingent

workers POIs with

jobs

Add Employment Instance component (JOB_DATA_EMP)

Add Contingent Worker Instance component (JOB_DATA_CWR)

Add POI Instance component (JOB_DATA_POI)

Job Data component (JOB_DATA)

JOB Organizational Relationship (employee, contingent worker, or POI)

Regulatory Region Company Business Unit Department Location Salary Plan Pay Group (for

customers using Payroll for North America)

POIs without jobs Add a POI Relationship component (PERS_POI_ADD)

Maintain a Person’s POI Reltn component (PERS_POI_MAINTAIN)

PER_POI_SCRTY POI Type POI Type and

Business Unit POI Type and

Institution POI Type and

Company


8.9 Security Changes8.9 Security Changes• Delivered Security Types

PPLJ OB - Job Department Tree - Job Location - Job Business Unit - Job Company - Job Reg Region - Job Salary Grade - Person Organization - Job Deptid – non Tree - Job Company/Paygroup

PPLPOI

- POI Business Unit - POI Location - POI Institution - Person of Interest

DEPT

- Departments by Tree - Departments - non Tree - Departments by Setid


8.9 Security Changes8.9 Security Changes Security Join Tables

– The system stores security data in security join tables (SJTs). There are SJTs on

both the transaction and user side.


8.9 Security Changes8.9 Security Changes Transaction Security Join Tables

Transaction Security Join Table

Description Transaction Data From:

Key Fields

SJT_PERSON

Used by customers using the core job data components

Contains transaction data for the people (employees, contingent workers, POIs with jobs, POIs without jobs

JOB JOB_JR PER_ORG_ASGN PER_POI_SCRTY

SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 EMPLID

SJT_PERSON_USF

Used by customers using the US Federal job data components.

Contains transaction data for the employees entered into the US Federal person tables.

GVT_JOB SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 EMPLID

SJT_DEPT Contains the transaction data for the HRMS departments.

DEPT_TBL SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 SETID DEPTID

HRS_SJT_JO Contains the transaction data for the job openings in your system.

HRS_JOB_OPENING HRS_JO_RTEAM_VW

SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3 HRS_JOB_OPENING_ID


8.9 Security Changes8.9 Security Changes User Security Join Tables

User Security Join Table

Description Stores Data From: Key Fields

SJT_CLASS_ALL Contains the data permission information for all the permission lists that are given data access on the Security by Dept Tree page or Security by Permission List page.

SCRTY_TBL_DEPT SJT_CLASS

CLASSID SCRTY_SET_CD SCRTY_TYPE_CD SCRTY_KEY1 SCRTY_KEY2 SCRTY_KEY3

SJT_OPR_CLS Contains the user IDs of people with data permission and the permission lists with data permission that are assigned to them.

PSOPRDEFN PSROLEUSER PSROLECLASS

OPRID CLASSID


Typical process for setup of HCM data permission security


Security by Department Tree


Security by Permission List


How the transaction security join tables are kept up to date:


8.9 Security Changes8.9 Security Changes How the permission list user security join tables are kept up

to date:


8.9 Security Changes8.9 Security Changes When to update the user profile security join table:


• Useful PeopleTools Tables:

Projects

• PSPROJECTDEFN — Project header table • PSPROJECTITEM — Definitions in the project Fields

• PSDBFIELD — Fields in the system • PSXLATITEM — Translate Values Records

• PSRECDEFN — Record header table • PSRECFIELD — Fields in the record (subrecords not expanded) • PSRECFIELDALL — Fields in the record (subrecords expanded) • PSKEYDEFN — Indexes • PSTBLSPCCAT — Tablespaces • PSRECTBLSPC — Records’ tablespace assignments

Pages• PSPNLDEFN — Page header table • PSPNLFIELD — Page controls (field types/FIELDTYPE) • PSPNLHTMLAREA — Static HTML Areas on Pages

Components• PSPNLGRPDEFN — Component header table • PSPNLGROUP — Pages in the components

Component Interface• PSBCDEFN — header record; one row for each component interface • PSBCITEM — one row for each property


Menus• PSMENUDEFN — Menu header table • PSMENUITEM — Items (components) on the menu

Security• PSCLASSDEFN — Permission List header table • PSAUTHITEM — Menu items granted security by permission lists • PSROLEDEFN — Role header table • PSROLECLASS — Permission Lists in roles • PSOPRDEFN — User ID header table • PSROLEUSER — Roles granted to users • PSAUTHBUSCOMP — Access to Component Interfaces

Process Scheduler• PS_PRCSDEFN — Process Definition Header • PS_PRCSDEFNGRP — Process Group • PS_PRCSDEFNPNL — Component • PS_PRCSJOBDEFN — Job Header • PSPRCSRQST — Process Request Instances • PS_PRCSJOBITEM — Job Processes

Portal• PSPRSMDEFN — Content References and Folders • PSPRUHTABPGLT — Portal User HP Tab Pagelet • PSPRUHDEFN — Homepage definition (from here) • PSPRUHTAB — Homepage Tab (from here) • PSWEBPROFNVP — Web Profile Settings

Change Control • PSCHGCTLHIST — shows history of locked definitions with project name, incident, and description • PSCHGCTLLOCK — shows definitions that are currently locked

Application Engine• PSAEAPPLDEFN — header record; 1 row per app engine • PSAEAPPLSTATE — state records assigned to app engines • PSAEAPPLTEMPTBL — temp tables assigned to app engines • PSAESECTDEFN — sections • PSAESTEPDEFN — steps • PSAESTEPMSGDEFN • PSAESTMTDEFN — actions (action types)


Open Forum/Questions

04/08/23 PeopleSoft Security Overview 41

04/08/23 PeopleSoft Security Overview 42

People Soft Security Overview

Documents

Transcript of People Soft Security Overview