Securing Academic Organizations
To set up academic organization security, use the Update Security - Acad Orgs component (RUN_SA505) and the Academic Org Security component (SCRTY_TABL_ACAD).
This section provides overviews of academic organization security trees, security versus organizational structures, and creation of new security trees and discusses how to:
Update the security tree.
Granting and restricting access in the security tree.
Online security is a critical issue in any organization. Because most data in Campus Solutions is confidential, you must specifically designate the data that users can see. To do that, you use an academic organization security tree, which is a security structure that graphically represents the hierarchies of organizational units in an institution. With the security tree, you can view and update the reporting relationships among units and grant and deny user access to data. You can also track changes over time by creating new trees with different effective dates. To set up data security, you create security trees that are based on hierarchies of organizational entities. Using PeopleSoft Tree Manager, you can build a new security tree showing organizational entities such as universities, institutions, and academic departments.
The primary advantage of using a hierarchy for academic organization security is that you do not have to define access rules for every organizational entity. Consequently, updating security access is faster than it would be if you had to update user access for each entity. And with a hierarchy, you can more easily deny access to a particular entity.
Each academic organization that you add to the academic organization security tree has a unique identifier—the academic organization code—which you create on the Academic Organization Table page.
After you create the academic organization security tree, you run the Update Security-Acad Orgs process that links the effective date of the tree structure with the Academic Organization Security table, in which you grant user access to academic organizations. This ensures that the security rules use the tree with up-to-date academic organization hierarchies. You then run the Tree Auditor process to crosscheck the Academic Organization table and the security tree to ensure that the academic organization data matches.
Use the Academic Organization Security table to grant or restrict user access to academic organizations. When you grant users access to an academic organization, you automatically grant them access to data in any academic organization that reports—directly or indirectly—to that academic organization, unless you selectively restrict access to a specific organization.
When you use the security structure that is delivered with Campus Solutions, you grant and deny user access to academic organization data using the same user IDs and roles that the system administrator creates.
See PeopleTools: Tree Manager
See PeopleTools: Security Administration “User Profiles”
Though you use the organizational structure as the foundation for the data security structure, the two structures are not—and should not be—the same. The primary difference between the organizational structure and the data security structure is that you continue to maintain inactive academic organizations in the security structure. You must do this so that users can retrieve historical data associated with the inactive academic organizations.
Unlike an organization chart, a security tree has these characteristics:
One security tree can be in effect at a time.
Historical security is irrelevant to user access.
Inactive academic organizations always appear in security trees.
Otherwise, data in defunct academic organizations would be inaccessible.
To use trees for reporting purposes to accurately reflect an academic organization chart at a particular point in time, do not use the academic organization security tree. Instead, create a separate academic organization tree. As the organization changes, you can create new effective-dated versions of the academic organization tree. Then, you can easily create queries that extract data from hierarchies, which accurately reflect the academic organization structure at a fixed point in time.
In the steps described for creating an academic organization security tree, it is assumed that you have a hierarchy using academic organizations from the Academic Organization table to grant and deny access to user IDs. This is the structure delivered with Campus Solutions, and it works well if you use the academic organization structure as the basis for the security structure—that is, users should view only specific portions of data, in certain organizational chunks, and the organizational entities are hierarchical.
Note: Base the security structure on current security needs. For example, you might have only a few users using Campus Solutions for the first six months of implementation. Consequently, you would not need to set up complex security hierarchies at that point. With a simple security hierarchy, you achieve enhanced system performance. When security needs change—for example, when more users begin using the system—you can easily adapt the security structure.
PeopleSoft Tree Manager offers a powerful visual means to build a security hierarchy for all organizational entities. A tree hierarchy is a quick, graphical method of granting and restricting user access to data in Campus Solutions. You do not have to perform regular audits to prevent circular or conflicting relationships among units, as you do with code-based security. The security hierarchy prevents such relationships from occurring in the first place.
You retain the logical groupings of the hierarchy, such as institutions and academic departments, by representing them as levels in the academic organization security tree. The groupings represent a security hierarchy, but they do not have to match the organizational chart.
You use levels and academic organizations to create a hierarchy of security access. For example, users who can access information for UNIV (university) can access information for all academic organizations in the institution. On the other hand, users who are granted access to information in ENGR (engineering) can access information for only the School of Engineering.
From within PeopleSoft Tree Manager, you can view and update existing academic organization data, and you can create new academic organizations. Double-click an academic organization to open the Academic Organization Table page, which contains data for that particular academic organization.
You organize a tree by adding or moving limbs. Whenever you must change the security hierarchy for academic organizations, make a new effective-dated copy of the tree and move limbs to other locations. This practice makes the maintenance of organizational security easier and more accurate. When you add an academic organization to the tree, PeopleSoft Tree Manager links to the Academic Organization table, where you review specific information on the academic organization.
Creating a New Tree
You complete these steps to create a new security tree:
Define the tree structure.
Identify the page definitions, record definitions, and fields for the underlying database tables where tree data is stored.
Define the tree for ACAD_ORGANIZATION on the Tree Definition page.
(Optional) Specify organizational levels.
Define security for academic organizations on the Academic Org Security page.
See product documentation for PeopleTools: PeopleSoft Tree Manager
|
Page Name |
Definition Name |
Navigation |
Usage |
|---|---|---|---|
|
Update Security – Acad Orgs (update security – academic organizations) |
RUNCTL_ASOFDATE |
|
Link the academic organization security tree to academic organization security so that the system recognizes the current effective-dated academic organization security tree. |
|
Academic Org Security (academic organization security) |
SCRTY_TABL_ACAD |
|
Grant and restrict access to data for a user ID. |
Access the Update Security – Acad Orgs page ().
|
Field or Control |
Definition |
|---|---|
| As Of Date |
Enter the date that the new academic organization security tree becomes active. The Update Security - Acad Org process searches for the academic organization security tree that has an effective date closest to, but not greater than, this date and makes that the active security tree. |
| Run |
Run the Update Security - Acad Org (update security - academic organization) process (SR505) as needed. Run this process the first time that you create an academic organization security tree, any time that you create an academic organization security tree with a different effective date, and any time that you make a change to the current academic organization security tree. |
Important! Because only one academic organization security tree can be in effect at any particular point in time, be sure to run this process only on the date that the new tree takes effect—not before. For example, if the new security tree has an effective date of January 1, 2005, you should run this process on January 1, 2005. The system uses whatever tree has an effective date closest to, but not greater than, the date you enter in the As Of Date field.
Access the Academic Org Security page ().
Image: Academic Org Security page
This example illustrates the fields and controls on the Academic Org Security page. You can find definitions for the fields and controls later on this page.
Enter the highest academic organization in the hierarchy that the user ID should be able to access. Insert rows to add academic organizations or to restrict access to a particular academic organization lower in the hierarchy.
Academic organization security is based on the hierarchy in the academic organization security tree. The academic organization that you identify here must be a node on the academic organization security tree. Granting access to one node of the academic organization tree also provides access to all child nodes for that organization. To restrict access to a child node, select the academic organization that you want to secure and set the access code to No Access.
Example 1
This security setup grants the user ID access to all academic organizations under the Biology and the Chemistry nodes in the security tree:
Image: Permission for specific academic organizations (SCRTY_TABL_ACAD)
This example illustrates the fields and controls on the Permission for specific academic organizations (SCRTY_TABL_ACAD). You can find definitions for the fields and controls later on this page.
Example 2
This security setup grants this user ID access to all academic organizations under the PeopleSoft University node except any that fall under the School of Medicine or Law School node:
Image: Permission with restrictions for academic organizations (SCRTY_TABL_ACAD)
This example illustrates the fields and controls on the Permission with restrictions for academic organizations (SCRTY_TABL_ACAD). You can find definitions for the fields and controls later on this page.
The School of Medicine and Law School are excluded because the access code is set to No Access.