PeopleSoft Security Basics

A security definition refers to a collection of related security attributes that you create using PeopleTools Security. The three main PeopleSoft security definition types are:
  • Create permission lists.
  • Create roles and attach permission lists to roles.
  • Create user IDs and attach permission lists and roles to user IDs.
 PeopleSoft security definition called an Access Profile also exists, but these are defined at the database level.
User Profiles
User profiles define individual PeopleSoft users.
Each user has an individual user profile, which in turn is linked to one or more roles. You add one or more permission lists, which ultimately control what a user can and cannot access, to each role. A few permission types are assigned directly to the user profile.
Typically, a user profile must be linked to at least one role in order to be a valid profile. The majority of values that make up a user profile are inherited from the linked roles.
Roles
Roles are intermediate objects that link user profiles to permission lists. You can assign multiple roles to a user profile, and you can assign multiple permission lists to a role. Some examples of roles might be Employee, Manager, Customer, Vendor, and Student.
A manager is also an employee and may also be a student. Roles enable you to mix and match access appropriately.
You have two options when assigning roles: assign roles manually or assign them dynamically. When assigning roles dynamically, you use PeopleCode, LDAP, and PeopleSoft Query rules to assign user profiles to roles programmatically.
Permission Lists
Permission lists are groups of authorizations that you assign to roles. Permission lists store sign-in times, page access, PeopleTools access, and so on.
A permission list may contain one or more types of permissions. The fewer types of permissions in a permission list, the more modular and scalable your implementation.

A user profile inherits most of its permissions through roles, but you apply some permission lists, such as process profile or row-level security (data permissions), directly to a user profile.
By No comments:
Subscribe to: Posts (Atom)
  • Application Engine Concepts
         1.How can we call a section dynamically in app engine? Use the AE_APPLID and AE_SECTION fields in the state record to execute diffe...
  • People Payroll Tables
    PS_STATE_TAX_DATA PS_GENL_DEDUCTION PS_BAL_ADJ_UI_CAN PS_CAN_CHECK_YTDPS_CAN_DED_BALANCE PS_CAN_ERN_BALANCE PS_CAN_TAX_BALANCE...
  • North America Payroll Process overview
    PAYROLL PROCESS OVERVIEW: ·          Set up the Balance ID tables  (Once per year of Calendar) : Every calendar year must define Balance...