Setting Up Group Security
To set up group security, use the Group Security Default component (GB_GRP_DEFN_TABLE), Security By Group component (GB_GRP_SEC_TABLE), and Security By Operator component (GB_OPR_SEC_TABLE).
These topics provide an overview of group security and discuss how to:
|
Page Name |
Definition Name |
Usage |
|---|---|---|
|
GB_GROUP_DFT_TBL |
Set up default component access. Specify which components in your system can use or refer to groups that are created in the Group Build component. |
|
|
GB_GRP_SEC_TBL |
Set up security by group. Specify the users who have security access to the selected group ID and the components that the user can access for the group. |
|
|
GB_OPR_SEC_TBL |
Set up security by user. Specify the groups that the selected user can access and the components that the user can access for the group. |
Because you can group people together in any manner that suits your needs, including across companies or departments, groups have their own security structure that is separate from, and overrides, data permission security. For example, a user who does not normally have access to department 10100, but who has access to a group that includes people in department 10100, can see all group members, even those who belong to that department. This makes security factors an important consideration when you set up groups.
Note: User profiles must have an associated person in order to be given security access to groups (the system will not list user IDs that don't have a person associated with them). This ensures that the security is assigned to a person and the activities involving the group can be tracked by the person. Assign people to user profiles on the User Profiles component in PeopleTools security.
Use the Group Security Default page (GB_GROUP_DFT_TBL) to set up default component access.
Specify which components in your system can use or refer to groups that are created in the Group Build component.
Navigation
Image: Group Security Default page
This example illustrates the fields and controls on the Group Security Default page. You can find definitions for the fields and controls later on this page.
|
Field or Control |
Definition |
|---|---|
| Component Name |
The system populates these fields with a list of the standard PeopleSoft Human Resources components that refer to groups. Components can refer to groups in one of two ways:
When you define group security for a particular group or user, you can import this default list into the Security By Group and Security By Operator pages. Then you can selectively delete components to make them unavailable to that group or user. To keep a particular component from appearing on the Security By Group or Security By Operator page, delete its name from the list. |
| System Data |
View whether a component is a standard component that is delivered by PeopleSoft as system data or a modified component that is created for your installation. This check box is selected if the system supplies the data and deselected if the component is modified. You can't change this field. |
Use the Security by Group page (GB_GRP_SEC_TBL) to set up security by group.
Specify the users who have security access to the selected group ID and the components that the user can access for the group.
Navigation
Image: Security by Group page
This example illustrates the fields and controls on the Security by Group page. You can find definitions for the fields and controls later on this page.
|
Field or Control |
Definition |
|---|---|
| Effective Date |
The date on which the security configuration takes effect. The default is to today's date. Change the date to grant security access as of a different date. |
| User ID |
Select the ID of a user whose group access you want to set up or change. |
 (get employee ID) |
If you know a person's ID but not the matching user ID, click the Get Employee ID icon to search for the person's user ID. The system displays the Search Operator ID box. Enter the ID and click OK to add the person's user ID to the user list, if it isn't already on the list. If you don't know the person's ID, click the Look up EmplID icon to search for it. The system displays a Look up EmplID page that you can use to search for the ID you want. |
| Status |
Select Active to grant the user access to the group or Inactive to remove the user's access. |
| Component Name |
Select the components that you want to include in the user's security access for this group. Valid values are the default components listed on the Group Security by Default page. |
| Default |
Click this button to assign this user access to the current group from any default component listed on the Group Security Default page. The system displays the default components. You can delete any components for which you do not want to grant security access to this user for this group. |
Use the Security by Operator page (GB_OPR_SEC_TBL) to set up security by user.
Specify the groups that the selected user can access and the components that the user can access for the group.
Navigation
Image: Security by Operator page
This example illustrates the fields and controls on the Security by Operator page. You can find definitions for the fields and controls later on this page.
|
Field or Control |
Definition |
|---|---|
| Effective Date |
The date that the security configuration takes effect. The default is today's date. To grant security access as of a different date, change the date. |
| Group ID |
Enter the ID of the group to which you want to control this user's access. |
| Status |
Select Active to grant the user access to the group or Inactive to remove the user's access. |
| Component Name |
Select the components that you want to include in the user's security access for this group. Valid values are the default components listed on the Group Security by Default page. |
| Default |
Click this button to assign this user access to the specified group from any default component listed on the Group Security Default page. The system displays the default components. You can delete any components for which you do not want to grant security access to this user for this group. |