Security Administration Integration Points
This section identifies the security integration points using:
Application Engine programs.
This section describes component interfaces that are delivered with PeopleSoft applications that you can use to manage and administer user profiles and roles.
The DELETE_ROLE component interface is based on the Delete Role (PURGE_ROLEDEFN) component, and it is used to purge roles. It is keyed by RoleName and has the Get, Find, Save, and Cancel methods. The DELETE_ROLE service operation calls this component interface.
The DELETE_USER_PROFILE component interface is based on the Purge Inactive User Profile (PURGE_USR_PROFILE) component, and it is used to remove unused User Profiles. It is keyed by User ID and has the Get, Find, Save, and Cancel methods. The DELETE_USER_PROFILE service operation and the PURGEOLDUSRS Application Engine program call this component interface.
The ROLE_MAINT component interface is based on the Roles (ROLEMAINT) component. It is keyed by RoleName and has the Cancel, Create, Find, Get, and Save methods.
This component interface is based on the My System Profile (USERMAINT_SELF) component. It allows only the current user to access it.
The USERMAINT_SELF component interface is used with the following components: Forgot My Password (EMAIL_PSWD), Change Password (CHANGE_PASSWORD), and Change Expired Password (EXPIRE_CHANGE_PSWD).
The USER_PROFILE component interface is based on the User Profiles (USERMAINT) component. It is keyed by User ID.
The USER_PROFILE component interface is used in User Profile Save As (USER_SAVEAS) and with LDAP authentication.
The USER_PROFILE_SYNC component interface is based on the User Profiles (USERMAINT) component. It is keyed by User ID and has the Cancel, Get, and Save methods.
The USER_PROFILE_SYNC component interface is used in User Profile Save As (USER_SAVEAS) and with LDAP authentication.
This section describes service operations that are delivered with PeopleSoft applications that you can use to manage and administer user profiles and roles.
Keep the following in mind when dealing with these security service operations, except the USER_PROFILE_XFR service operation:
Each service operation has a same-named service definition.
The service operations are asynchronous one-way.
A same-named message is defined in each service operation definition.
At least one handler is defined within each service operation definition, if the node is supposed to consume an inbound service operation.
This service operation is called from the Delete Role component. It is used to delete a role from subscribing databases. The service operation requires that the DELETE_ROLE component interface be authorized.
This service operation is called from the Delete User Profile component. It is used to delete a user profile from subscribing databases. This service operation requires that the DELETE_USER_PROFILE component interface be authorized.
This service operation is published when a Dynamic Role rule is run. It is called after the DYNROL_PUBL application engine program successfully finishes.
Note: As of release 8.49, the ROLESYNCH_MSG service operation is deprecated and replaced with ROLESYNCHEXT_MSG service operation.
This service operation publishes new roles and updates existing roles in the Roles component.
This service operation publishes user profile messages when adds, updates, and deletes occur through the User Profiles component (USERMAINT), the User Profile Save As component, the My System Profile component (USERMAINT_SELF), the Distributed User Profile component (USERMAINT_DIST), the USER_PROFILE component interface, and the USERMAINT_SELF component interface.
User Profile messages may also be published when Password is changed through the Change My Password component (CHANGE_PASSWORD) or Expired Password component (EXPIRE_CHANGE_PSWD) by triggering the USERMAINT_SELF component interface.
This service operation changes the shape of the inbound USER_PROFILE.VERSION_84 message to an internal shape that you configure based on your needs for partial user profile synchronization.
Application Engine Programs
This section describes the Application Engine programs that are designed for use in your security implementation.
The DYNROLE_PUBL Application Engine program is called when Dynamic Role Rules are executed for a single role from the Role component.
You run this program from the Roles page in the Roles component. You can also schedule this program to run as needed through Process Scheduler.
The DYNROLE_SYNC Application Engine program is designed to run in synchronous mode and is primarily used for the Role Maintenance Component Interface.
The PURGEOLDUSRS Application Engine program deletes users who have not signed on within a period specified in Password Controls.
You run this program by selecting Schedule button under Purge Inactive User Profiles. You can also schedule this program to run as needed through Process Scheduler.or by selecting , and then clicking the
Application Engine Program that puts the LDAP Schema definition into the PeopleSoft database.
You run this program by selecting.
Application Engine program used to import and export data to and from the LDAP directory into or from a PeopleSoft table. The process is based on an LDAP map.
You run this program by selecting.
The USER_SYNC Application Engine program synchronizes user profiles between databases using the USER_PROFILE message. You set up this program on the database that you configured to send or publish user profile information. Once you have set up the program, click Run.
To set up this program, create a new request and enter the following information on the Application Engine Request page:
Program Name: USER_SYNC.
State Record: AE_USRSYNC_AET
Sample Application Engine program used to transform outbound USER_PROFILE messages to conform to shapes acceptable to the subscribing nodes. This program transforms USER_PROFILE.VERSION_84 into message shape - USER_PROFILE.VERSION_81X