Understanding User Profiles Security
Important! Mass Change is a deprecated product. Support will be maintained for this product, but no new development will be produced for Mass Change. It is strongly recommended that you use Application Engine instead. For more information on PeopleSoft Application Engine, see PeopleTools: Application Engine.
To provide self-service access to an individual, create a user profile by selecting You then add a password and all the security that the individual needs to access the site. The User Profiles Management process enables you to create and maintain user profiles in batch. You must understand how a user profile is created before you run the User Profiles Management process.
Warning! Before you use this process, make sure that you understand how PeopleTools security works. When you provide database access to a large number of people, you can only revoke the access manually. A user with a high level of security in the institution should be in charge of running and setting up the process. Few people should have access to the user profiles management setup and process pages.
The User Profiles Management Application Engine process (USERPROFILE) consists of five main processes. These processes enable you to:
Create new user profiles and add role for the user IDs.
Delete a role from user profiles.
Add a role to existing user profiles.
Assign user preferences (default values) for the user IDs, including security values needed for the online credit card process.
Update inbound Security Assertion Markup Language (SAML) definition.
You can run these five processes individually or all at once. The User Profiles Management process runs the five processes one role at a time. The mass change selects a group of people—for example, applicants—and then runs the processes based on a role (for example, the Applicant role). The first four processes use temporary tables so you can validate the processes' actions. These temporary tables are useful if you run the User Profiles Management process for many roles at once. A cleanup page enables you to delete these temporary tables.
The User Profiles Management process enables you to create user profiles and assign user IDs and passwords to groups of individuals. You can select which algorithms to use for creating the user ID and password and assign a checklist, a communication, or a comment to the user ID. The communication can include a letter that informs new users of their user IDs and passwords for access to the web.
The User Profiles Management process enables you to maintain existing user profiles by adding or deleting roles to grant or remove page access. It can also set up the user preferences, which are default values, for basic fields like Academic Career and Academic Institution. If the institution accepts credit cards, you can use the feature to give appropriate security access for the online credit card functionality.
The User Profiles Management process also enables you to update the PeopleTools inbound SAML definition for multiple user IDs at once. This option allows provisioning of security to web services that are secured by WS-Security SAML token profile (instead of Username token profile). An example of the use for this option is with the Simplified Campus Experience (SCE) feature in which a user is authenticated up front with a user ID and a password, and once authenticated, the SCE application can call a number of other SAML secured web services without supplying a password in the web service request (user ID only is needed), thus without having to store the user’s password.
The system uses mass changes to select the population of individuals for whom you want to create or maintain user profiles.
For more information, consult the Supplemental Installation Instructions for Campus Solutions Applications: Using the User Profiles Management Result Table.
See PeopleTools: Security Administration
See PeopleTools: Integration Broker Administration
Several mass change examples that you can use with the User Profiles Management process are delivered with this application.
These mass change examples are delivered:
Userprofile - Advisor.
Userprofile - Applicant.
Userprofile - Contributor.
Userprofile - Employee.
Userprofile - Former Student.
Userprofile - Fundraiser.
Userprofile - Graduate.
Userprofile - Instructor.
Userprofile - Prospect.
Userprofile - Recruiter.
Userprofile - Student.
Note: If you elect to use the Dynamic Role Member Assignment process (DYNROLE_PUBL) that is provided with PeopleTools to assign roles to already existing user IDs make sure the queries you create have the same criteria as the mass changes you are using.
The PeopleTools PeopleBook: Security Administration contains more information about the Dynamic Role Member Assignment process.