Understanding Security
This chapter provides overviews of security and permission lists and role types, and discusses how to administer self-service security and create new users.
Understanding Security
This section discusses:
Security administration.
Security concepts.
Security AdministrationUser security for PeopleSoft eSettlements is designed for decentralized administration. Access to information is flexible, and you can configure access to meet your organization's needs. Predefined role types and data access rights ensure secured data access throughout the system. Security is managed by two types of administrators:
A main system administrator.
Local administrators (for both buyers and sellers).
The system administrator establishes the overall structure for creation of user profiles and creates one user profile for each buying entity (buyer) and selling entity (supplier). These first users are the local administrators and are referred to as either the buyer administrator or the supplier administrator. The local administrator role types are restricted to creating respective local buyer and supplier users.
Note. In the Buyer Direct model, you do not have to create separate buyer and supplier administrators. The system administrator can manage all user security. However, you are required to create separate buyer and supplier administrators in the Business Service Provider model.
Security Concepts
The following concepts are fundamental to security:
|
Permission lists group authorizations. You assign permission lists to roles. Permission lists store authorized sign-in times (when users may access the system), page access, PeopleTools access, and buyer and supplier data permissions. |
|
|
Role names are intermediate objects that link user profiles to permission lists, and that are mapped to PeopleSoft eSettlements role types. You can assign multiple role names to a user profile, and you can assign multiple permission lists to a role name. Note. You must map roles to PeopleSoft eSettlements role types for use within PeopleSoft eSettlements. |
|
|
Role types are intermediate objects that enable you to control access and notifications. You can map PeopleSoft role names to role types. You define access and the activities that a particular role name can perform, as well as the events for which that role name receives email notification. You can map many role names to a particular role type, but only one role type can be mapped to a single PeopleSoft eSettlements role name. We discuss these role types in detail in the next section. |
|
|
A profile describes a particular user. Profiles include low-level PeopleTools data (such as language code) and application-specific data (such as the setIDs that users are authorized to access within Oracle's PeopleSoft Enterprise Financials applications). Permission lists, role names, and role types are all part of a user's profile. Some user profile attributes (such as a password) are security-related, while others are descriptive (for example, an email address) or preferential (for example, if multi-language capabilities are enabled). |
|
|
Buyer permissions are first assigned to the buyer administrator by the system administrator during buyer registration. The system administrator controls the data access that the buyer administrator can subsequently assign to users locally through buyer security. |
|
|
Supplier permissions are first assigned to the supplier administrator by the system administrator during supplier registration. The system administrator controls the data access that the supplier administrator can subsequently assign to users locally through supplier security. |
See Also
Enterprise PeopleTools PeopleBook: Security Administration
Understanding Permission Lists and Role Types
Permission lists control data and processing access. Roles are assigned to user profiles and include one or more permission lists that control page access.
This section discusses:
Permission lists.
Role types.
Permission Lists
Users creating permission lists must have full access to the following web libraries to make use of the self-service interface:
WEBLIB_EBPP
WEBLIB_MENU
WEBLIB_PT_NAV
WEBLIB_PORTAL
Specific menu and component access is enabled when you assign a permission list to a role.
The PeopleSoft system provides roles with permission lists already assigned to them; however, you can create your own roles. Use the delivered demo data as a reference when creating roles and permission lists.
Role Types
Role types enable you to assign and differentiate between specific buyer, supplier, and administrator role names. The PeopleSoft system comes with seven predefined role types to which you map role names (roles):
Buyer accountant
Buyer administrator
Buyer user
Operational approver
Supplier administrator
Supplier user
System administrator
See Also
Enterprise PeopleTools PeopleBook: Security Administration
Administering Self-Service Security and Creating New Users
To administer self-service security and create new users, use the following components:
Maintain Role Types (EM_ROLE_CONFIG)
Buyer Inquiry (EM_BUYERSEC_INQRY)
Buyer User Details (EM_BUYER_SECURITY)
Supplier Inquiry (EM_SELLERSEC_INQRY)
Supplier User Details (EM_SELLER_SECURITY)
This section provides an overview of self-service security administration and discusses how to:
Map roles to role types.
Create new buyer users.
(Optional) Define invoice line approval rules.
Create new supplier users.
See Also
Creating Supplier Administrators
Understanding Self-Service Security Administration
Roles control security and access to the functions within the system. You must create roles before you create new users. You then map the roles to PeopleSoft eSettlements role types.
The system administrator creates the user profiles for the local buyer and supplier administrators, who then have the authority to set up additional user profiles within their organizations.
Buyer data permissions are controlled by business unit; supplier data permissions are controlled by supplier ID.
Note. The system administrator must first set up a buyer administrator and supplier administrator before either of the local administrators can set up additional users for their organizations.
See Also
Creating Supplier Administrators
Pages Used to Administer Self-Service Security and Create New Users
|
Page Name |
Definition Name |
Navigation |
Usage |
|
EM_ROLE_CONFIG |
eSettlements, Administration, Maintain Role Types, Maintain Role Types - System Access |
Map user-defined roles to PeopleSoft eSettlements role types. |
|
|
EM_BUYER_SECURITY |
eSettlements, Buyer Information, Review User Profiles, Review User Profiles - Buyer User Details Click the Add button or click a User ID link on the Review User Profiles - Inquiry page. |
Add or edit buyer users and security permissions for individuals needing to access the system. Note. The system administrator should not use this page to create new users because it provides only limited functionality for creating basic users. |
|
|
EM_USR_LN_APPR |
Click the User Approval Rules link on the Review User Profiles - Buyer User Details page. |
Add or edit invoice line routing and approval field values for operational users. |
|
|
EM_SELLER_SECURITY |
eSettlements, Supplier Information, Review User Profiles, Review User Profiles - Supplier User Details Click the Add button or click a User ID link on the Review User Profiles - Inquiry page. |
Add or edit supplier users and security permissions for individuals needing to access the system. |
Mapping Roles to Role TypesAccess the Maintain Role Types - System Access page (eSettlements, Administration, Maintain Role Types, Maintain Role Types - System Access).
|
Role |
Select a role to map to a role type. Click the Add button to add a role. |
|
Role Type |
Select a type to map to the adjacent role. |
Creating New Buyer Users
Access the Review User Profiles - Buyer User Details page (eSettlements, Buyer Information, Review User Profiles, Review User Profiles - Buyer User Details).
User Profile
|
User ID and Name |
Enter the user ID and name. |
|
Lock Account |
Select to prevent the user from accessing the system. |
|
Email Address |
Enter the full email address to which email notifications subscribed to by the buyer are sent for this user. Important! If you leave the @ symbol or the domain name out of the address, the email feature does not work. |
|
Email User |
Select to specify whether the user receives email notifications. Note. If the primary user must be away from the system for an extended period, you can access the General Profile Information page by selecting My System Profile and then deselect the Email User check box in the Workflow Attributes group box. Doing so also deselects the Email User check box on the Review User Profiles - Buyer User Details page and enables you to define an alternate user to receive email notification. |
|
Language |
Enter a code for the email language. |
|
Currency Code |
Enter a currency code, which controls the default values for the invoice inquiry pages for the user. |
|
Rate Type |
Enter the rate type for currency conversions on inquiry pages. The value that you enter is specific to the user. |
Instant messaging enables buyers and suppliers to initiate a dialog to resolve invoice disputes.
|
Instant Messaging Domain |
Select a provider: AOL (America Online), SAMETIME, or YAHOO. |
|
Instant Messenger ID |
Enter an ID for instant messaging. Important! Do not enter the @ sign followed by the domain name; just enter the instant messaging ID of the user. |
Buyer User Roles
|
Role Name |
Select one or more roles for the user. Click Add a User Role to add roles. Only roles that are mapped to these role types are available: buyer accountant, buyer user, and operational approver. Note. If the user needs to create urgent payments and approve payments, attach permission list EPMP8000 to the user ID. |
Accessible Buying Entities
|
Buying Entity |
Select one or more buyer IDs for the user. Click Add a Buyer to add entities. The system displays only the IDs that the system administrator attached to the buyer administrator on the Business Unit by User ID page. |
Click the User Approval Rules link to add or edit invoice line routing and approval field values for operational users.
See Also
Enterprise PeopleTools PeopleBook: Security Administration
Defining Invoice Line Approval Rules
Access the Review User Profiles - Invoice Line Approval Rule Setup page (Click the User Approval Rules link on the Review User Profiles - Buyer User Details page).
|
Use |
Select to have the rule apply to the user name. In the example screen shot, the user receives all invoices that have a department value of 12000 to 15000. |
|
Field Name |
Enter the fields to govern invoice line routing. |
|
How Specified |
Enter Range of Values or Selected Detail Values. |
|
Select Value and To Value |
Enter values to further define the field. Enter a select value if you entered Selected Detail Values in the How Specified field. Enter values in both fields if you selected Range of Values. Defining these fields enables you to, for example, prevent a user from receiving invoice lines that contain only certain account values. |
Creating New Supplier UsersAccess the Review User Profiles - Supplier User Details page (eSettlements, Supplier Information, Review User Profiles, Review User Profiles - Supplier User Details).
This page and its required tasks are similar to those on the Review User Profiles - Buyer User Details page. You must complete all of the corresponding fields for each supplier that you create.
Accessible Suppliers
|
Name |
Select one or more suppliers for this user. Click Add a Supplier to add suppliers. Only IDs that are attached to the supplier user role type are available. |
See Also