Securing Your PeopleSoft Expenses System

This chapter provides an overview of security for PeopleSoft Expenses and discusses how to:

Click to jump to parent topicUnderstanding Security for PeopleSoft Expenses

PeopleSoft Expenses was designed with a variety of users in mind. Set up access to PeopleSoft Expenses that is appropriate for different employees, depending on their roles in the expense approval process.

Your company may have staff, such as a travel and expense department, who submit expense reports for employees. Assign these staff members authorized user IDs to access the pages and menus for your expense system. They must also be authorized to enter expense information for specific employee IDs.

An approver in PeopleSoft Expenses is typically a department manager responsible for charges against one or more departmental budgets. You must authorize approvers in PeopleSoft Expenses security or they will not be able to access the transactions in the system.

Click to jump to parent topicSetting Up Authorized Users

To set up authorized users, use the Authorize Users (TE_EE_AUTHORITY2) component.

This section discusses how to set up an authorized user.

Click to jump to top of pageClick to jump to parent topicPage Used to Set Up Authorized Users

Page Name

Object Name

Navigation

Usage

Authorize Users

TE_EE_AUTHORITY

  • Travel and Expenses, Manage Expenses Security, Authorize Expense Users

  • Employee Self-Service, Travel and Expenses, User Preferences, Delegate Entry Authority

Authorize access to employees to process expense transactions for themselves and on behalf of other employees.

Click to jump to top of pageClick to jump to parent topicSetting Up an Authorized User

If you manually enter and validate an employee in PeopleSoft Expenses, the system will automatically insert that employee's User ID, if applicable, as an authorized user. Access the Authorize Users page.

Authorized User ID

If employees enter their own transactions, they must be entered as an authorized user for themselves. Select a user ID to grant the ability to enter expense transactions on behalf of the employee. You can authorize more than one ID for an employee. You must also select the user ID for the authorized users if they process expense transactions for themselves.

Click to jump to parent topicDelegating Entry Authority

Some companies do not have staff members who submit expense reports for everyone in the organization, so employees perform this task themselves. Employees can grant authority to enter expense data on their own behalf to authorized user IDs. Employees sign in to the system using their assigned user IDs. When using the delegate entry authority function, the Authorize Users page opens automatically with the employee ID used to access the system. If you need to delegate authority for others, use the Define Expenses Security menu option to access all employee IDs.

Click to jump to parent topicImplementing Self-Service Applications

PeopleSoft Expenses provides employees with secure and convenient access to your expense system through self-service web pages. Self-service page navigation is defined by roles in the organization, so setup requires you to identify the appropriate role for each individual who needs access.

This section provides an overview of security and roles and discusses how to set up roles.

Click to jump to top of pageClick to jump to parent topicUnderstanding Security and Roles

A user’s profile determines what self-service pages the user can access. To set up security and roles:

Each permission list identifies the pages that users assigned to a role can access. PeopleSoft Expenses delivers a permission list (EPEX9000) that enables users to access all pages in the application.

Note. If you modify a permission list, you change access for all users assigned to roles that are linked to it.

PeopleSoft Expenses uses roles to govern access to pages. Using the standard self-service menus, you can access PeopleSoft Expenses pages using the employee, approver, and project manager roles. PeopleSoft Expenses delivers these role definitions:

Role Name

Description

EX_EMPLOYEE

Employee.

EX_APPROVAL

Expenses approver.

EX_AUDITOR

Expenses auditor.

EX_PROJMGR

Expenses project manager.

Click to jump to top of pageClick to jump to parent topicSetting Up Roles

To enable users to access self-service pages:

Employee Role

User IDs set up with the employee role can select:

Manager Role

User IDs set up with the manager role can select:

Note. User IDs set up with the manager role can also access employee user defaults from a link on the expense transactions pages.

Project Manager Role

User IDs set up with the project manager role can select Approve Transactions.

Click to jump to parent topicEnabling Credit Card Encryption

PeopleSoft PeopleTools uses pluggable cryptography to secure critical PeopleSoft Enterprise data. PeopleSoft Expenses uses this feature to enhance credit card security by encrypting credit card information received into the PeopleSoft Expenses application as data.

Credit card encryption is delivered as enabled. However, to maximize the credit card encryption feature, you must establish a secret encryption key by using the Financials Credit Card Conversion (FS_CC_CNVRT) component. The credit card data is masked when printed or displayed online, and only the last four numbers of the credit card number are visible.

Note. Credit card data contained in files received from vendors is not encrypted using the PeopleSoft PeopleTools feature until the credit card data is loaded. Therefore, additional precautions should be taken to secure the files received from vendors while that data exists on the file system.

See Changing Credit Card Encryption.