Download as pdf or txt
Download as pdf or txt
You are on page 1of 8

Data Security

Data permission security refers to controlling access to the rows of data in system.
When you open a component in PeopleSoft the system displays a search page. The search page
represents the search record and the fields that appear are the search keys and alternate key fields that
uniquely identify each row of data. The system also uses search records to enforce data permission
security for components that contain sensitive data.
The system adds the user's security profile, including their user ID and the values of the permission lists
attached to their user profile, to the SQL select statement along with the values that the user entered on
the search page. The system retrieves only the data that matches the criteria from the search page
and the user's data permission lists. The system doesnt retrieve data for people to whom you havent
granted the user's permission lists data access. For example, if you enter Smith in the Name alternate
key field, the system retrieves data only for the people with the name Smith to whom you have access.
This diagram illustrates the data retrieval process

Implementing row level security

HCM Security Process Flow

1. Installing HCM Security

Access the Security Installation Settings page (Set Up HCM > Security >Core Row Level Security,
Security Installation Settings).

Include Home/Host Access?

This option is for tracking global assignments. When an employee is on assignment they have a host
record and a home record. Select one of the following options:
Home can see Host: Select to enable a person with data permission that enables them to view the
home record to also view the employee's host record. A person with just data permission to the host
record will not be able to see the employee's home record.
Host can see Home: Select to enable a person with data permission that enables them to view the host
record to also view the employee's home record. A person with just data permission to the home record
will not be able to view the host record.
Both: Select to enable a person with data permission to the home record to view the host record and a
person with data permission to the host record to view the home record.
If you do not select Include Home/Host Access? then regular data permission rules apply.
Incl. Additional Assignments?
This option is for workers with additional assignments added using the Job Data Concurrent component
When a worker has an additional assignment, they have a controlling employe er contingent worker
instance with an active job data record and an additional assignment job data record. Select one of the
following options:

Assignment can see Instance: Select to enable a person with data permission that enables them to
view the assignment job data record to also view the person's controlling instance job record. A person
with data permission to the controlling instance job data record will not be able to see the worker's
assignment job data record.
Instance can see Assignment: Select to enable a person with data permission that enables them to
view the controlling instance job record to also view the person's assignment job data record . A person
with data permission to the assignment job data record will not be able to see the worker's controlling
instance job data record.
Both: Select to enable a person with data permission that enables them to view the controlling
instance job record to also view the assignment job data record and a person with data permission that
enables them to view the assignment job data record to also view the controlling instance job record.
None: Select to make additional assignments job data records available to all users.
If you do not select Incl. Additional Assignments? then regular data permission rules apply.

Setting Up and Assigning Tree-Based Data Permission

To set up and use tree-based data permission, use the Tree Manager component (PSTREEMGR), Security
Tree Audit Report component (RUNCTL_PER506), Security by Dept. Tree component (SCRTY_DATA)
and Refresh SJT_CLASS_ALL component (SCRTY_OPR_RC).

Set up Department Hierarchy

Use Tree manager to setup department hierarchy. It is a graphical representation of data which
department reports to which.

For e.g. If a user is given permission to access data of Finance & Administration (13300), user also have
access to Shipping and Receiving and Administration Staffing Departments.

Assigning Tree-Based Data Permission to Row Security Permission Lists

Access the Security by Dept. Tree page (Set up HCM > Security > Core Row Level Security > Security by
Dept. Tree).
Select an existing Row Security Permission list or create a new one. Select Set ID and Department ID for
which access need to be given.


Whenever you add or modify a tree or add or modify a row security permission list on the Security by
Dept. Tree component you need to run the Refresh SJT_CLASS_ALL process to update SJT_CLASS_ALL
with the new user security data.
Navigation: Set Up HCM > Security > Core Row Level Security > Security by Dept. Tree > Refresh

Assigning Row Security to Userprofile

To assign row security to userprofile, use the User profile component . Select the appropriate Row
security permission list in Row security field.
Navigation: PeopleTools > Security > User Profiles >User Profiles

Running the Refresh SJT_OPR_CLS Process

The security join table SJT_OPR_CLS stores the relationship between User IDs and permission lists with
data permission. It need to be refreshed every time row security is created/modified for user profile.

Navigation: Set Up HCM, Security > Core Row Level Security > Refresh SJT_OPR_CLS > Refresh
Select Refresh All Rows to refresh all rows in SJT_OPR_CLS Record, uncheck to refresh selective rows.
Set of Security to Refresh
Select the set of rows to refresh.
You can select to refresh:
Select to refresh the table with the selected row security or role-based permission lists IDs of users to
whom they are attached.
Select to refresh the table with the selected user IDs and the permission lists assigned to them.

You might also like