People Soft Security

8/7/2019 People Soft Security

http://slidepdf.com/reader/full/people-soft-security 1/29

Security

prepared by:Abhijit Mishra



Introduction

Why Security?

To protect data from unwanted users.

Traditionally, Security deals with:– Risks

– Threats

– Vulnerabilities

– Attacks

In the world of Internet, the Challenge is:

Security, the enabling technology for e-Commerce.



Computer Crimes

• Computer security breaches: 16% rise in past year. Source: CSI

• The FBI reports that US industries suffer annual losses totaling$63 billion as a result of theft of intellectual property stored oncomputers.

• $236 million loss to saboteurs, viruses, laptop theft, financial

fraud, telecommunications fraud and theft of proprietaryinformation. Source: CSI

• Password files are stolen regularly.

• Firewalls not helping; 80% of hackers are employees andex-employees.



Security and e-Commerce

Type of Attack Average LossUnauthorized Insider Access $2,809,000

Theft of Proprietary Information $1,677,000Telecom Fraud $539,000Financial Fraud $388,000Sabotage $86,000System Penetration by Outsider $86,000

E-Commerce is a key to:• developing new customer• finding new sources of revenue• improving customer service, satisfaction and retention• expanding into new markets

• reducing costs• pioneering innovative new business strategies



Security Policy

Sample elements of a security policy include:

• Approval process for granting access to a system• Requirements for Identification and Authentication• Method for keeping system configurations current insofar as

security patches and enhancements• Process to promulgate the security policies and updates• Process to confirm or enforce compliance to security policies

Authentication Authorization

AdministrationAudit



PeopleSoft Security:

PeopleSoft provides you with security features,includingComponents and PeopleTools, to ensure that your

sensitive application data, such as employee salaries,performance reviews, or home addresses, doesn't fallinto the wrong hands.

PeopleSoft’s Approach



Native Security Services in

PeopleSoft 7.5 andPrior Versions



Database Security

Each DBMS that PeopleSoft supports has its own securitysystem; works in conjunction with PeopleSoft Online Security.

DBMS Security generally controls which:

• Users can login to a database

• Users can access tables and views and can manipulate

data• Users can perform server system administration activities



PeopleSoft Online Security

The PeopleSoft security approach is tailored for the Internet.

It enables

• to easily create and maintain security definitions

• to reduce the maintenance of your security system

By using PeopleTools security tools, one can control access to:

• Batch Processes

• Object Definitions

• Application Data

• Other Components



PeopleSoft Security Types

• Sign-on and Time-out Security

• Page and Dialog Security

• Batch Environment Security

a) Process Securityb) Reporting Security

• Object Security

• Application Data Security

a) Query/Table Level Security

b) Row Level Security

c) Field Security



PeopleSoft Security Types contd.

• Sign-on and Time-out SecuritySign-on : Monday to Friday 9am to 5:45pm Time-out: 20mins. Idle time

• Page and Dialog SecurityMenus or specific actions (Enabled/Disabled)

• Batch Environment Securitya) Process Security

(1) Run Control ID(2) Process Groups

(3) Restricting off-line RDBMS access

b) Reporting SecurityReport Repository at Web ServerServer should be locked from outside accessCan distribute reports and view them based on Role



• Object SecurityField, Record and Page level Security

PeopleSoft Security Types contd.

• Application Data Securitya) Table Level Security

Works only for queries (SQL)

Query Access Groups in Tree ManagerDoesn’t control run-time page access table data

b) Row Level SecuritySQL views - security views

saving only rows of data Tailored to specific applications

c) Field Level SecuritySecuring fields or columnsby using PeopleCode



PeopleSoft Internet ArchitectureSecurity

• Falls under PeopleSoft Online Security

• Also known as Run-time Security

• Only authorized users can connect to web and application servers

• Only authorized application servers can connect to a given database

• Uses authentication tokens embedded in browser cookies

To secure the links between the numerous components within

the system, including browser, web servers, application

servers, database servers and so on, PeopleSoft incorporates

a combination of Secure Socked Layer (SSL) security and

Tuxedo/Jolt Encryption.



PeopleSoft Internet ArchitectureSecurity contd.



PeopleSoft Security Definitions

Security Definition:

It refers to Security attributes created by using MaintainSecurity.Also known as Access Profiles but at the database level.

The main PeopleSoft security object types are:

• User Profiles

• Roles

• Permission Lists



PeopleSoft Security Definitions contd.

User Profile: Set of data describing a particular user of PeopleSoft systeData includes Language Code, SETIDs etc.Different from application data tables e.g. PERSON_DATA

User Profile Types:Security related: PasswordsDescriptive: Email AddressPreference: Multilingual

When User Profiles are relevant:When user interacts with the system by• logging in• viewing his/her worklist entry• receiving an email

etc.




Roles:Intermediate objects that link User Profile with permissionlists.

Examples:

Employee, Manager, Customer, Vendor, Student etc.

Roles can be assign in two ways: • Manually

• Dynamicallyby using PeopleCode, LDAP and Query Tools




Permission Lists:List or group of authorizations that are assigned to a Role.

They store:Sign-on times, Page access, PeopleTools access etc.

Some Permission Lists, such as Process Profile or

row-level security, you apply directly to a User Profile.

Data permissions, or row-level security, appear either

through a Primary Permissions List or a Row Security

Permissions list.



Profile 1 Role 2

Role 1PL1


Role 3

PL2

PL3

PL1

PL4

PL3

Display

Modify

Delete

User Profile Roles Permission Lists Permissions



PeopleSoft Authorization IDs

User ID:ID required to enter the PeopleSoft application.Also used to distinctly identify the User Profile.

Connect ID:ID required to connect to the PeopleSoft database.ID required for direct/2-tier connection.

Access ID:Has administrator level database access(SELECT, UPDATE, DELETE)

ID used when connecting PeopleSoft database through

Application Server.

Symbolic ID:ID used to retrieve Access ID which is stored inPSACCESSPRFL.



PeopleSoft Authorization IDs

Application Server DatabasePeopleSoft Application

DatabaseConfiguration Manager

User ID Connect ID

Symbolic ID Access IDUser ID

2-Tier

3-Tier



PeopleSoft Users

PeopleSoftInternet

Architecture

PeopleSoftApplication

Customers

Vendors

Suppliers

Employees



Directory Server Integration



Lightweight Directory AccessProtocol

LDAP benefits:

• Single, centralized user profile for PeopleSoft and non-PeopleSoftapplications.

• Can control access to PeopleSoft applications.

• Less redundant data, less cost and fewer errors.

• Customers can utilize PeopleSoft business events and data to drivLDAP user profile and group creation and maintenance.



Lightweight Directory AccessProtocol contd.

Directories that PeopleSoft specifically supports:

• Novell NDS (Novell Directory Services) eDirectory

• iPlanet Directory Server (Netscape)

• Microsoft Active Directory

All interfaces between PeopleTools and the Directory are written inLDAP; customers can essentially use any LDAP version 3 compliantserver.



LDAP Integration

User Log-in

Sign-on PeopleCode

BI API invokes

Pulls User Profiles

User Profiles

New User = New Profile

Existing User = Sync.LDAP -> PS App Server



PeopleSoft Applicationtriggers a

business event

PeopleSoft Directory Interfacefor HRMS

The PeopleSoft Directory Interface for HRMS provides:

• an LDAP data mapping tool

• application messaging process

• an additional LDAP BI

to synchronize PeopelSoft and LDAP information

Application Msg.Containing directory data

gets published

Application Msg.Subscription process getsasynchronously invoked

LDAP version 3Business Interlink

gets invoked

Directory Data(User Profiles)gets updated

How this works:



SSL and Digital Certificates

PeopleSoft uses HTTP over SSL (HTTPS) to secure the

transmission of the content delivered to/from a user’s browser

as well as for integration between PeopleSoft and other systems.

The SSL implementation for HTTPS is provided through the use of

for Java that is enabled within PeopleTools. Hence no additional

licensing required by PeopleSoft users.

etc. CAs

People Soft Security

Documents

Transcript of People Soft Security