Skip to Main Content
Return to Navigation

Understanding PS_HOME and PS_CFG_HOME Security

With the separation of the PS_HOME and PS_CFG_HOME directories, system administrators can implement more secure PeopleSoft deployments by restricting access within each of these directory structures.

This section describes the procedures and considerations involved in configuring these additional security options.

Note: Each site can elect to implement these security measures as needed according to individual security policies.

Note: Each PeopleSoft application you have licensed may have specific instructions regarding the implementation of these security measures. Always check your application-specific documentation for any information you need to consider to ensure both a secure environment and a properly functioning application.

Understanding PS_HOME Security

Because the configuration files, by default, do not reside in PS_HOME, the PS_HOME installation can be locked down to prevent unauthorized access, by user or system process. By making the PS_HOME directory ‘Read-Only’, processes running in the domain cannot write to PS_HOME or any of the subdirectories therein. Likewise, any users with malicious intent are unable to delete or modify executable files in PS_HOME.

Securing PS_HOME involves making the directory read-only, yet making sure that the following system elements have sufficient access.

System Element


Application server

Application server domains need read access to the executable and binary files of PS_HOME to process requests and run application logic.

Process Scheduler

Process Scheduler domains need read access to the executable and binary files of PS_HOME to run batch processes. Plus, keep in mind these points:

  • The user creating a Process Scheduler domain on Windows needs read and write access to the Windows Registry.

  • The restricted OS user needs to have full privilege access to the psreports folder (and its children). Process Scheduler and the Report Distribution agent inherit the restricted user's security settings they will need to create folders in psreports.

  • Oracle ProcMGR (Tuxedo) should be started with the restricted OS user ID.

  • Configure Process Scheduler with an Admin OS user for Windows. While logged into Windows with the full privilege OS user ID, create and configure the Process Scheduler domain, so that ODBC and NVision DLLs register properly.

See PeopleTools 8.52 Installation for your platform

See PeopleTools 8.52 PeopleBook: PeopleSoft Process Scheduler

File server/Windows workstations

The file server and/or Windows workstations running Application Designer need read-only access to PS_HOME to facilitate three-tier connections.

Note: These instructions do not apply to the PS_HOME residing on the web server for PIA or the PS_HOME on the database server.

Note: When implementing a read-only PS_HOME, consider that environment locations to which processes write files can't be in a read-only location. Settings for "temporary" directories and "output" directories should not be located within the PS_HOME directory structure. For example, the default temporary directory locations are C:\Documents and Settings\<user>.PEOPLESOFT\Local Settings\Temp (Windows) and %root%\TMP (UNIX).

Note: All elements of your PeopleSoft implementation, such as Process Scheduler and SQR can operate within a secure PS_HOME configuration.

Understanding Minimum Access Required by the User Starting Domains

The bare minimum that needs write access at the time a domain boots includes:

  • The domain directory: it must be possible to write content to the domain directory although most of the configuration files in this directory can be read-only.

  • The domain LOGS directory: by default this is the LOGS directory beneath the domain directory. If this location is overridden in the configuration file, the relevant location must also be read-write.

  • The .adm directory: this subdirectory within the domain (if present) must also be read-write. This is required by Oracle Tuxedo.

  • The Archive directory: located within the domain directory, a copy of the .cfg is archived to this directory each time it is updated. This directory is also used by the Purge Cache PSADMIN option for application servers.

All other files in the PS_CFG_HOME directory tree can be made read-only to the user starting the domain.

Understanding PS_CFG_HOME Security

Some administrators may want to implement additional security and restrict access to PS_CFG_HOME. For example, in some cases you may want take further steps to limit privileges of the user starting a domain, or lock down configuration files to prevent unintended configuration changes during runtime.