This chapter provides an overview of security for PeopleSoft Expenses and discusses how to:
Set up authorized users.
Delegate entry authority.
Implement self-service applications.
Enable credit card encryption.
PeopleSoft Expenses was designed with a variety of users in mind. Set up access to PeopleSoft Expenses that is appropriate for different employees, depending on their roles in the expense approval process.
Your company may have staff, such as a travel and expense department, who submit expense reports for employees. Assign these staff members authorized user IDs to access the pages and menus for your expense system. They must also be authorized to enter expense information for specific employee IDs.
An approver in PeopleSoft Expenses is typically a department manager responsible for charges against one or more departmental budgets. You must authorize approvers in PeopleSoft Expenses security or they will not be able to access the transactions in the system.
To set up authorized users, use the Authorize Users (TE_EE_AUTHORITY2) component.
This section discusses how to set up an authorized user.
Page Name |
Object Name |
Navigation |
Usage |
TE_EE_AUTHORITY |
|
Authorize access to employees to process expense transactions for themselves and on behalf of other employees. |
If you manually enter and validate an employee in PeopleSoft Expenses, the system will automatically insert that employee's User ID, if applicable, as an authorized user. Access the Authorize Users page.
Authorized User ID |
If employees enter their own transactions, they must be entered as an authorized user for themselves. Select a user ID to grant the ability to enter expense transactions on behalf of the employee. You can authorize more than one ID for an employee. You must also select the user ID for the authorized users if they process expense transactions for themselves. |
Some companies do not have staff members who submit expense reports for everyone in the organization, so employees perform this task themselves. Employees can grant authority to enter expense data on their own behalf to authorized user IDs. Employees sign in to the system using their assigned user IDs. When using the delegate entry authority function, the Authorize Users page opens automatically with the employee ID used to access the system. If you need to delegate authority for others, use the Define Expenses Security menu option to access all employee IDs.
PeopleSoft Expenses provides employees with secure and convenient access to your expense system through self-service web pages. Self-service page navigation is defined by roles in the organization, so setup requires you to identify the appropriate role for each individual who needs access.
This section provides an overview of security and roles and discusses how to set up roles.
A user’s profile determines what self-service pages the user can access. To set up security and roles:
Create user profiles in the Maintain Security page on the User Profile component.
Assign each user profile a role.
Link the roles to permission lists.
Each permission list identifies the pages that users assigned to a role can access. PeopleSoft Expenses delivers a permission list (EPEX9000) that enables users to access all pages in the application.
Note. If you modify a permission list, you change access for all users assigned to roles that are linked to it.
PeopleSoft Expenses uses roles to govern access to pages. Using the standard self-service menus, you can access PeopleSoft Expenses pages using the employee, approver, and project manager roles. PeopleSoft Expenses delivers these role definitions:
Role Name |
Description |
EX_EMPLOYEE |
Employee. |
EX_APPROVAL |
Expenses approver. |
EX_AUDITOR |
Expenses auditor. |
EX_PROJMGR |
Expenses project manager. |
To enable users to access self-service pages:
Link user IDs to the employee, manager, or project manager roles.
Associate the roles with permission lists that provide access to the appropriate self-service applications.
User IDs set up with the employee role can select:
Delegate Entry Authority.
Create/Update User Template.
Create Travel Authorization.
Modify Travel Authorization.
View Travel Authorization.
Cancel an Approved Travel Authorization.
Delete Travel Authorization.
Print Travel Authorization.
Create Cash Advance.
Modify Cash Advance.
View Cash Advance.
Delete Cash Advance.
Print Cash Advance.
Create Expense Report.
Modify Expense Report.
View Expense Report.
Delete Expense Report.
Print Expense Report.
Create Time Report.
Modify Time Report.
View Time Report.
Delete Time Report.
Print Time Report.
View My Wallet.
Review My Wallet Receipts.
Review Expense History.
Review/Edit Profile.
View My Reservations.
Access travel partner links.
Update travel partner passwords.
User IDs set up with the manager role can select:
Approve Transactions
Modify Approved Transactions
Note. User IDs set up with the manager role can also access employee user defaults from a link on the expense transactions pages.
User IDs set up with the project manager role can select Approve Transactions.
PeopleSoft PeopleTools uses pluggable cryptography to secure critical PeopleSoft Enterprise data. PeopleSoft Expenses uses this feature to enhance credit card security by encrypting credit card information received into the PeopleSoft Expenses application as data.
Credit card encryption is delivered as enabled. However, to maximize the credit card encryption feature, you must establish a secret encryption key by using the Financials Credit Card Conversion (FS_CC_CNVRT) component. The credit card data is masked when printed or displayed online, and only the last four numbers of the credit card number are visible.
Note. Credit card data contained in files received from vendors is not encrypted using the PeopleSoft PeopleTools feature until the credit card data is loaded. Therefore, additional precautions should be taken to secure the files received from vendors while that data exists on the file system.
See Changing Credit Card Encryption.