Understanding Security for PeopleSoft Expenses
This chapter provides an overview of security for PeopleSoft Expenses and discusses how to:
Set up authorized users.
Delegate entry authority.
Implement self-service applications.
Enable credit card encryption.
Understanding Security for PeopleSoft Expenses
PeopleSoft Expenses is designed with a variety of users in mind. Expenses enables you to set up access that is appropriate for different employees, depending on their role in the expense approval process.
This section discusses:
Securing access to expense employees.
Securing access to approvers.
Securing ChartFields.
Securing Access to Expense Employees
PeopleSoft Expenses enables you to limit employee access to accounting information and user default information for three transactions. The three transactions are expense reports, time reports, and travel authorizations. You accomplish this by creating employee privilege templates and associating those templates with a business unit or a user role.
See Maintaining Employee Privilege Templates.
Your company may have staff, such as a travel and expense department, who submit expense reports for employees. Assign these staff members authorized user IDs to access the menus and pages to your expense system. They must also be authorized to enter expense information for specific employee IDs.
An approver in PeopleSoft Expenses is typically a department manager responsible for charges against one or more departmental budgets. You must authorize approvers in PeopleSoft Expenses security. If you don't authorize approvers, they cannot access the transactions in the system.
PeopleSoft ChartField security provides a flexible, rule-based approach to administer security at a data level. ChartField security is supported in PeopleSoft Expenses and across other PeopleSoft Financial and Supply Chain Management (FSCM) applications. The ChartField security feature prevents unauthorized employees and contractors from viewing and editing sensitive financial data by restricting access to data stored with specific ChartField values.
The primary features for ChartField security are:
Enforces security rules by user, role, or permission list.
Enables ChartField security for all products or selectively by product.
Enables or disables ChartField security selectively by component.
Defines rules to accommodate end-user areas of responsibility.
Refines access rules by product feature or component.
Supports super-user access to minimize setup.
Defines components as exceptions to override security rules.
PeopleSoft Expenses does not secure access to transaction pages and accounting data. PeopleSoft Expenses has its own security; therefore, it does not use ChartField Security to restrict access to transaction pages and accounting data. Employees should always be able to view their past transactions, even if they no longer have authority to a specific ChartField. For example, employee A had access to department ID 42000 but has moved to department 50000. Employee 42000 can view all expense reports for all departments that he or she has been a member of.
For more information, see the PeopleSoft Enterprise Application Fundamentals PeopleBook:
See Securing ChartFields for PeopleSoft Enterprise Expenses.
Setting Up Authorized Users
To set up authorized users, use the Authorize Users (TE_EE_AUTHORITY2) component.
This section discusses how to set up an authorized user.
Page Used to Set Up Authorized Users|
Page Name |
Definition Name |
Navigation |
Usage |
|
TE_EE_AUTHORITY |
|
Set up an authorized user. Use this page to authorize access to employees to process expense transactions for themselves and on behalf of other employees. |
Setting Up an Authorized UserAccess the Authorize Users page (Travel and Expenses, Manage Expenses Security, Authorize Expense Users).
If you manually enter and validate an employee in PeopleSoft Expenses, the system automatically inserts that employee's user ID, if applicable, as an authorized user. Access the Authorize Users page (Travel and Expenses, Manage Expenses Security, Authorize Expense Users).
|
Authorized User ID |
If employees enter their own transactions, they must enter the transactions as authorized users for themselves. Select a user ID to grant the ability to enter expense transactions on behalf of the employee. You can authorize more than one ID for an employee. You must also select the user ID for the authorized users if they process expense transactions for themselves. |
Delegating Entry Authority
Some companies do not have staff members who submit expense reports for everyone in the organization, so employees perform this task themselves. Employees can grant authority to enter expense data on their own behalf to authorized user IDs. Employees sign in to the system using their assigned user IDs. When you use the delegate entry authority function, the Authorize Users page opens automatically with the employee ID used to access the system. If you need to delegate authority for others, use the Define Expenses Security menu option to access all employee IDs.
Implementing Self-Service Applications
PeopleSoft Expenses provides employees with secure and convenient access to your expense system through self-service web pages. Self-service page navigation is defined by roles in the organization, so setup requires you to identify the appropriate role for each individual who needs access.
This section provides an overview of security and roles and discusses how to set up roles.
Understanding Security and Roles
A user's profile determines what self-service pages the user can access. To set up security and roles:
Create user profiles in the Maintain Security page within the User Profile component.
Assign each user profile a role.
Link the roles to permission lists.
Each permission list identifies the pages that users who are assigned to a role can access. PeopleSoft Expenses delivers a permission list (EPEX9000) that enables users to access all pages in the application.
Note. If you modify a permission list, you change access for all users assigned to roles that are linked to it.
PeopleSoft Expenses uses roles to govern access to pages. Using the standard self-service menus, you can access PeopleSoft Expenses pages using the employee, approver, and project manager roles. PeopleSoft Expenses delivers these role definitions:
|
Role Name |
Description |
|
EX_EMPLOYEE |
Employee. |
|
EX_APPROVAL |
Expenses approver. |
|
EX_AUDITOR |
Expenses auditor. |
|
EX_PROJMGR |
Expenses project manager. |
Setting Up Roles
To enable users to access self-service pages:
Link user IDs to the employee, manager, or project manager roles.
Associate the roles with permission lists that provide access to the appropriate self-service applications.
User IDs that are set up with the employee role can select:
Delegate Entry Authority.
Create/Update User Template.
Create Travel Authorization.
Modify Travel Authorization.
View Travel Authorization.
Cancel an Approved Travel Authorization.
Delete Travel Authorization.
Print Travel Authorization.
Create Cash Advance.
Modify Cash Advance.
View Cash Advance.
Delete Cash Advance.
Print Cash Advance.
Create Expense Report.
Modify Expense Report.
View Expense Report.
Delete Expense Report.
Print Expense Report.
Create Time Report.
Modify Time Report.
View Time Report.
Delete Time Report.
Print Time Report.
View My Wallet.
Review My Wallet Receipts.
Review Expense History.
Review/Edit Profile.
View My Reservations.
Access travel partner links.
Update travel partner passwords.
User IDs that are set up with the manager role can select:
Approve Transactions.
Modify Approved Transactions.
Note. User IDs that are set up with the manager role can also access employee user defaults from a link on the expense transactions pages.
User IDs that are set up with the project manager role can select Approve Transactions.
Enabling Credit Card EncryptionPeopleSoft PeopleTools uses pluggable cryptography to secure critical PeopleSoft Enterprise data. PeopleSoft Expenses uses this feature to enhance credit card security by encrypting credit card information received into the PeopleSoft Expenses application as data.
Credit card encryption is delivered as enabled. However, to maximize the credit card encryption feature, you must establish a secret encryption key by using the Financials Credit Card Conversion (FS_CC_CNVRT) component. The credit card data is masked when printed or displayed online, and only the last four numbers of the credit card number are visible.
Note. Credit card data contained in files received from vendors is not encrypted using the PeopleSoft PeopleTools feature until the credit card data is loaded. Therefore, additional precautions should be taken to secure the files received from vendors while that data exists on the file system.
See Changing Credit Card Encryption.