Understanding PeopleSoft Security

PeopleSoft security is based on permission lists and roles.

Image: A user's security profile is made up of permission lists and roles

This diagram illustrates how permission lists are assigned to roles and then roles assigned to user IDs to create user security profiles:

A user's security profile is made up of permission lists and roles

To administer security:

  1. Create permission lists.

  2. Create roles and attach permission lists to roles.

  3. Create user IDs and attach permission lists and roles to user IDs.

Create Permission Lists

Create permission lists and assign to them access to menus, components, component interfaces, pages, global functionality, along with other information. Permission lists are assigned to roles; however, some permission lists are assigned directly to the user.

Important! Be sure to start with a thorough analysis of your security requirements. For example, if a user has access to a position management page that uses a component interface to update the job data tables, then the user needs permissions for the job data component interface as well as for the position management page.

Create permission lists using the Permission Lists component (ACCESS_CNTRL_LISTX) or Copy Permission Lists component (PERMISSION_SAVEAS) by navigating to PeopleTools > Security > Permissions & Roles and selecting the appropriate permission list component.

Image: Create permission lists in the Permission Lists component or Copy Permission Lists component

This example illustrates creating permission lists in the Permission Lists component or Copy Permission Lists component.

Create permission lists in the Permission Lists component or Copy Permission Lists component

Note: Assign data permission to permission lists on the Security by Dept Tree page (SCRTY_TABL_DEPT) and the Security by Permission List page (SCRTY_CLASS) by navigating to Set Up HCM > Security > Core Row Level Security and selecting the appropriate component.

See PeopleTools: Security Administration, "Setting Up Permission Lists".

.

Create Roles

Create roles and assign permission lists to the roles. The access you granted to the permission lists combines under the role. For example, you would assign the permission lists required by your workforce's managers to the role of Manager which, combined, give your managers security access to all elements of the system that managers need. Roles are assigned to the user.

Create roles using the Roles component (ROLEMAINT) or Copy Roles component (ROLE_SAVEAS) by navigating to PeopleTools > Security > Permissions & Roles and selecting the appropriate roles component.

Image: Assign permission lists to roles on the Permission Lists page (ROLE_CLASS)

This example illustrates assigning permission lists to roles on the Permission Lists page (ROLE_CLASS).

Assign permission lists to roles on the Permission Lists page (ROLE_CLASS)

See PeopleTools: Security Administration, "Setting Up Roles".

Create User IDs

Create user IDs and assign to user IDs roles and permission lists to give them access to the system as appropriate.

In addition to the permission lists assigned to roles, the following four specific permission lists are assigned directly to the user on the User Profile - General page (USER_GENERAL) by navigating to PeopleTools > Security > User Profiles > User Profiles > General. Unlike the permission lists assigned to roles, users can have only one each of these four permission lists:

  • Navigator Homepage

    Navigation homepages are used by PeopleSoft Workflow.

  • Process Profile

    Process profiles contain PeopleSoft Process Scheduler authorizations.

  • Primary

    Primary permission lists grant global security.

  • Row Security

    Row Security permission lists grant data-permission security based on a department security tree. Assign data permission to permission lists on the Security by Dept Tree page.

    Note: On the Security by Permission List page you can assign data permission to permission lists that you attach to roles.

Image: Create user IDs in the User Profiles component or Copy User Profiles component and assign the Navigator Homepage, Process Profile, Primary, and Row Security permission lists directly to the user profile on the General page

This example illustrates creating user IDs in the User Profiles component or Copy User Profiles component and assign the Navigator Homepage, Process Profile, Primary, and Row Security permission lists directly to the user profile on the General page.

Create user IDs in the User Profiles component or Copy User Profiles component and assign the Navigator Homepage, Process Profile, Primary, and Row Security permission lists directly to the user profile on the General page

Roles and permission lists combine under the user ID to give users their security access. For example, the HR Training Manager would have the roles of manager, instructor, and employee to meet her access needs as a manager, instructor, and employee. Managers in different departments would have the same manager and employee roles, in addition to other roles that meet their needs.

Assign roles to users using the User Profiles - Roles page (USER_ROLES) by navigating to PeopleTools > Security > User Profiles > User Profiles > Roles:

Image: Assign roles to user IDs on the User Profiles - Roles page

This example illustrates assigning roles to user IDs on the User Profiles - Roles page.

Assign roles to user IDs on the User Profiles - Roles page

Image: User security profiles are made up of the combined permissions of the roles and permission lists assigned to them

This diagram illustrates how a user's security profile is made up of assigned roles, and the permission lists assigned to those roles, as well as permission lists assigned directly to the user:

User security profiles are made up of the combined permissions of the roles and permission lists assigned to them

See PeopleTools: Security Administration, "Administering User Profiles"