Security Administration

Different tools and techniques for administering security on your PeopleSoft system, including:

Permission lists.

Roles

User profiles.

Query and definition security.

Personalization features.

permission lists.:
Permission lists are the building blocks of user security authorization. A permission list grants a degree
of access to a particular combination of PeopleSoft elements, specifying pages, development
environments, time periods, administrative tools, personalizations, and so on.
Roles
A role is a collection of permission lists. You can assign one or more permission lists to a role.You can
assign a given permission list to multiple roles.
You typically define roles after first defining their permission lists, and before defining user profiles. You
use roles to assign permissions to users dynamically.
user profiles
A user profile is a definition that represents one PeopleSoft user. Each user is unique; the user profile
specifies a number of user attributes, including one or more assigned roles.
Each role that's assigned to a given user profile adds its permission lists to the total that apply to that
user.

Security Basics
Security is especially critical for core business applications, such as PeopleSoft applications. Typically,
you do not want every department in your company to have access to all your applications. Nor do you
want everyone within a department to have access to all the functions or all the data of a particular
application

You can apply security to all users, including employees, managers, customers, contractors, and
suppliers. You group your users according to roles to give them different degrees of access.
For instance, there might be an Employee role, a Manager role, and an Administrator role. Users who
belong to a particular role require a specific set of permissions, or authorizations, within your system, so
that they can complete their daily tasks.

PeopleSoft Authorization IDs

The PeopleSoft system uses various authorization IDs and passwords to control user access.

User IDs.

Connect ID.

Access IDs.

Symbolic IDs.

User IDs

A PeopleSoft user ID is the ID you enter at the PeopleSoft sign-in dialog box. You assign each
PeopleSoft user a user ID and password. The combination of these two items grants users online
access to the PeopleSoft system.

Connect ID
The connect ID performs the initial connection to the database.
1) A connect ID is a valid database user ID that, when used during sign-in, takes the place of
PeopleSoft user IDs.
2) Temporary Connection.
3) Limited Access
A connect ID is required for a direct connection (two-tier connection) to the database. Application servers
and two-tier Microsoft Windows clients require a connect ID.

Access IDs
When you create any user ID, you must assign it an access profile, which specifies an access ID and
password.
1) Database User.
2) Permanent Connection.
3) Unlimited Access/Administrator.

Symbolic IDs
The symbolic ID acts as an intermediary entity between the user ID and the access ID. All the user IDs
are associated with a symbolic ID, which in turn is associated with an access ID. If you change the access
ID, you need to update only the reference of the access ID to the symbolic ID in the PSACCESSPRFL
table. You do not need to update every user profile in the PSOPRDEFN table

PeopleSoft Sign-in
The most common direct sign-in to the PeopleSoft database is the application server sign-in.
These are the basic steps that are taken when the application server signs in to the database:
1. Initial connection.
The application server starts, and uses the connect ID and user ID specified in its configuration
file (PSAPPSRV.CFG) to perform the initial connection to the database.
2. The server performs a SQL Select statement on security tables.
After the connect ID is verified, the application server performs a Select statement on
PeopleTools security tables, such as PSOPRDEFN, PSACCESSPRFL, and PSSTATUS. From
these tables, the application server gathers such items as the user ID and password, symbolic ID,
access ID, and access password. After the application server has the required information, it
disconnects.
3. The server reconnects with the access ID.
When the system verifies that the access ID is valid, the application server begins the persistent
connection to the database that all Pure Internet Architecture and Windows three-tier clients use
to access the database. Typically, the users signing in using a Microsoft Windows workstation are
developers using PeopleSoft Application Designer.

Setting Up Permission Lists

Permission lists are the building blocks of user security authorizations. You typically create
permission lists before you create user profiles and roles.

Permission lists may contain any number of permissions, such as sign-in times, page permissions, web
services permissions, and so on. Permission lists are more flexible and scalable when they contain fewer
permissions.

The following diagram illustrates how permission lists are assigned to roles, which are then
assigned to user profiles. A role may contain numerous permissions, and a user profile may have
numerous roles assigned to it. A user inherits all permissions assigned to each role to which the
user belongs.

The following diagram illustrates how permission lists are assigned to roles, which are then
assigned to user profiles. A role may contain numerous permissions, and a user profile may have
numerous roles assigned to it. A user inherits all permissions assigned to each role to which the
user belongs.

Creating New Permission Lists

To create a new permission list:
1. Select PeopleTools, Security, Permissions & Roles, Permission Lists.
2. On the search page, click Add a New Value.
3. In the Permission List edit box, enter the name of permission list to create.
4. From the pages in the Permission List component, select the appropriate permissions.
5. Save your permission list.

Defining Permissions

Set general permissions.

Set page permissions.

Set PeopleTools permissions.

Set process permissions.

Set sign-in time permissions.

Set component interface permissions.

Set service monitor permissions.

Set web library permissions.

Set personalization permissions.

Set query permissions.

Set mass change permissions.

Setting Page Permissions:

Menu
Name

Displays all menu names in the database. Add new rows to add more menu names
To add access to PeopleSoft components and pages:
1. Locate the menu name of the component to which you want to add access.
2. Click Edit Components.
The Components page appears.
3. Locate the component to which you want to grant access.
By default, when adding a new permission list, no components are authorized.
4. Click the Edit Pages button associated with each component to which you want to grant
access.
The Page Permissions page appears. You specify the actions that a user can complete
on the page. You have the following options for each page that appears in the Page
column:

Authorized?
Select to enable a user to access the page. Decide the degree to which a user
is authorized on a page by selecting Display Only or one or more of the
available options in the Actions group.

Display Only.
Select to enable the user to view the information provided by the page, but not
to alter any data.

Actions.
Specify how users can alter information on a page, such as Add,
Update/Display, and Correction. The available options depend upon the options
selected when the page was initially developed in PeopleSoft Application
Designer.
To grant access to all pages and all actions for each page, click Select All.

5. When you have finished making the appropriate selections, click OK on the Page
Permissions page, and then again on the Component Permissions page.
Repeat each step for each menu name.