Understanding Roles

Roles are an intermediate object that exist between permission lists and user profiles. Roles aggregate permission lists so that you can arrange permissions into meaningful collections.

Note: In previous releases, roles were associated with PeopleSoft Workflow. PeopleTools has expanded role definitions so that they are also a part of the security architecture. There is only one type of role definition, and you maintain it within Security.

Users inherit most of their permissions from the roles assigned to the user profile. However, you assign the following permission lists directly to a user profile:

  • Data permissions.

    These are assigned through a primary permissions list or a row security permissions list.

  • PeopleSoft Navigator homepage permissions.

  • Process profile permissions.

When you assign roles to profiles manually, through the Security pages, these users are static role members.

Other users may obtain membership in a role programmatically. You can run a batch process that uses predefined role rules and assigns roles to user profiles according to these rules. Users who become members of a particular role programmatically are dynamic role members.

Use dynamic role assignment to make your security system scale to large user populations. If you have thousands of users and need to make every change to a user profile manually, the security administrator becomes a bottleneck. If you implement dynamic roles, you reduce administrative tasks.