PeopleSoft Grants Security
This chapter discusses PeopleSoft Grants security.
PeopleSoft Grants Security
To set up grants security, use the Grants Security (GM_SEC_OPR) component.
This section discusses:
Multilevel security.
Security by department and user ID.
ChartField security.
Multilevel Security
PeopleSoft Grants uses multilevel security.
Use the security setup pages in PeopleTools to provide access to the data, functions, and pages that enable users to perform their work. To define security for the organization, you must:
Define permission lists.
Set up user roles.
Assign permission lists to roles.
PeopleSoft Grants supports user security, which enables you to limit access to specific PeopleSoft Grants proposals based on the user and department. Therefore, a user can possibly have access to a subset of all of the proposals that may be stored in the system. This security feature augments the normal PeopleSoft security based on the user class, which defines the menus and components that are available to a given user ID.
By default, if you have not set up department-level security, users have access only to their own proposals. That is, they can access a proposal only if these conditions are met:
Their user ID has an employee ID associated with it.
They have used their employee ID to identify the principal investigator for the proposal or any one of its projects.
You can associate each user ID with an employee ID (EMPLID) when you create it.
Security by Department and User ID
Establish PeopleSoft Grants security by setting up a series of associations that limit or provide user access to components. Set up these associations by linking user IDs with a security tree node that represents a department or group of departments. When a user attempts to open a component, the system examines the associations between that user's ID and user class. If you have established appropriate links, the user can open the pages. Additionally, the search records for each component enable the user to access only the records that have departments that are associated with the security tree.
Note. The pages that are listed in this procedure are fully documented in PeopleTools documentation.
To set up security by Department ID:
Create a new role by selecting PeopleTools, Security, Permissions & Roles, Roles.
You can create as many roles as necessary. You should create a role for every set of users that needs a different level of security access to the data.
We deliver a user role "Grants Super User" as system data. This role is associated with the Proposal Approval process. Users who have this role assigned can edit the Proposal/Project/Budget when the proposal is sent back by the approver. A grants super user can terminate the approval process by updating the proposal status and can access and act on other Approver/Reviewer's work items.
Create user IDs and assign roles to user IDs by selecting PeopleTools, Security, User Profiles, User Profiles.
Note. Be sure to assign a valid employee ID. This ID will be matched with the principal investigator who is designated for each proposal or proposal project to determine which proposals can be accessed by this user when no department-level access is specified.
Define the grants security tree by selecting Tree Manager, Tree Manager.
Set up the security tree based on an analysis of business processes within the organization. If a department tree already exists and mirrors a department hierarchy that would provide the appropriate coverage for security needs, you should copy that tree.
Note. The department security tree must be a node-oriented tree. That is, each node on the tree must represent a valid department that exists in the Department table (DEPARTMENT_TBL). When you define the detail tree structure, make sure that the node record equals the Department table and the field equals Department ID (DEPTID).
Assign an object group to a permission list by selecting PeopleTools, Security, Permissions & Roles, Permission Lists.
Define operator security by selecting Set Up Financials/Supply Chain, Security, Grants Security, Grants Operator Security.
Select the tree setID, tree name, and effective date of the tree. In the lower section of the page, select the department designation and access code. You can enter as many departments as you need.
Change the search records for PeopleSoft Grants components by selecting PeopleTools, Application Designer, File, Open, Components.
The search record that we deliver for these proposal components provides principal investigator and department-level security. Currently, the search records that are defined subsequently are delivered with the system. You can replace these security search records if you require a different security scheme.
This table lists the menu navigations, components, and search records that are used in PeopleSoft Grants proposals:
|
Menu Navigation |
Component |
Search Record |
|
Grants, Proposals, Maintain Proposal |
GM_PROPOSAL |
GM_PROP_SRCH |
|
Grants, Proposals, Enter Budget Detail |
GM_BUD_LINE_SUM |
GM_BUD_PD_SRCH |
|
Grants, Proposals, Submit Proposal |
GM_PROP_SUBMISSION |
GM_PROP_ SRCH |
|
Grants, Proposals, Get Application List |
GM_WEB_APPLICATION |
INSTALLATION |
|
Grants, Proposals, Print Proposal |
GM_PROP_PRINT_REQ |
GM_PROP_PRN_REQ |
|
Grants, Proposals, Generate Award |
GM_PROP_PRINT_REQ |
GM_PROP_PRN_REQ |
|
Grants, Proposals, Copy Proposal |
GM_BUD_PPSL_CPY |
GM_PROP_SRCH |
|
Grants, Proposals, Copy Proposal Version |
GM_BUD_PPSL_V_CPY |
GM_PROP_DR_SRCH |
|
Grants, Proposals, Copy Budget Period |
GM_BUD_PD_CPY |
GM_BUD_PD_SRCH |
|
Grants, Proposals, Review Pre-Award Budget |
GM_BUD_INQ |
GM_PROP_SRCH |
|
Grants, Proposals, Review Proposal Audit Logs |
GM_AU_PROPOSAL |
GM_PROPOSAL |
|
Grants, Proposals, Proposal Component Approval |
GM_COMP_APPROVAL |
GM_PROP_APP_SRH |
Note. You can give users access to specific proposals by listing them on the Maintain Proposal - Resources page with the role type of Authorized Personnel (click the Details button next to the Role field). The role type of Authorized Personnel gives security access to proposals, but this role does not print on any proposal form outputs.
ChartField Security
PeopleSoft ChartField security provides a flexible, rule-based approach to administer security at the data level. ChartField security is supported in PeopleSoft Grants Management and across other PeopleSoft Financial and Supply Chain Management (FSCM) applications. The ChartField security feature prevents unauthorized employees and contractors from viewing and editing sensitive financial data by restricting access to data stored with specific ChartField values.
The primary features for ChartField security are:
Enforce security rules by user, role, or permission list.
Enable ChartField security for all products or selectively by product.
Enable or disable ChartField security selectively by component.
Define rules to accommodate end-user areas of responsibility.
Refine access rules by product feature or component.
Support super user access to minimize setup.
Define components as exceptions to override security rules.
In PeopleSoft Grants Management, all proposal components and components that use Grants department security do not support ChartField security.
For more information, see the PeopleSoft Application Fundamentals PeopleBook:
See Also
Securing ChartFields for PeopleSoft Grants Management