Security Administration Integration Points

This section identifies the security integration points using:

  • Component interfaces.

  • Service operations.

  • Application Engine programs.

This section describes component interfaces that are delivered with PeopleSoft applications that you can use to manage and administer user profiles and roles.

DELETE_ROLE

The DELETE_ROLE component interface is based on the Delete Role (PURGE_ROLEDEFN) component, and it is used to purge roles. It is keyed by RoleName and has the Get, Find, Save, and Cancel methods. The DELETE_ROLE service operation calls this component interface.

DELETE_USER_PROFILE

The DELETE_USER_PROFILE component interface is based on the Purge Inactive User Profile (PURGE_USR_PROFILE) component, and it is used to remove unused User Profiles. It is keyed by User ID and has the Get, Find, Save, and Cancel methods. The DELETE_USER_PROFILE service operation and the PURGEOLDUSRS Application Engine program call this component interface.

ROLE_MAINT

The ROLE_MAINT component interface is based on the Roles (ROLEMAINT) component. It is keyed by RoleName and has the Cancel, Create, Find, Get, and Save methods.

USERMAINT_SELF

This component interface is based on the My System Profile (USERMAINT_SELF) component. It allows only the current user to access it.

The USERMAINT_SELF component interface is used with the following components: Forgot My Password (EMAIL_PSWD), Change Password (CHANGE_PASSWORD), and Change Expired Password (EXPIRE_CHANGE_PSWD).

USER_PROFILE

The USER_PROFILE component interface is based on the User Profiles (USERMAINT) component. It is keyed by User ID.

The USER_PROFILE component interface is used in User Profile Save As (USER_SAVEAS) and with LDAP authentication.

USER_PROFILE_SYNC

The USER_PROFILE_SYNC component interface is based on the User Profiles (USERMAINT) component. It is keyed by User ID and has the Cancel, Get, and Save methods.

The USER_PROFILE_SYNC component interface is used in User Profile Save As (USER_SAVEAS) and with LDAP authentication.

This section describes service operations that are delivered with PeopleSoft applications that you can use to manage and administer user profiles and roles.

Keep the following in mind when dealing with these security service operations, except the USER_PROFILE_XFR service operation:

  • Each service operation has a same-named service definition.

  • The service operations are asynchronous one-way.

  • A same-named message is defined in each service operation definition.

  • At least one handler is defined within each service operation definition, if the node is supposed to consume an inbound service operation.

DELETE_ROLE

This service operation is called from the Delete Role component. It is used to delete a role from subscribing databases. The service operation requires that the DELETE_ROLE component interface be authorized.

DELETE_USER_PROFILE

This service operation is called from the Delete User Profile component. It is used to delete a user profile from subscribing databases. This service operation requires that the DELETE_USER_PROFILE component interface be authorized.

ROLESYNCHEXT_MSG

This service operation is published when a Dynamic Role rule is run. It is called after the DYNROL_PUBL application engine program successfully finishes.

Note: As of release 8.49, the ROLESYNCH_MSG service operation is deprecated and replaced with ROLESYNCHEXT_MSG service operation.

ROLE_MAINT

This service operation publishes new roles and updates existing roles in the Roles component.

USER_PROFILE

This service operation publishes user profile messages when adds, updates, and deletes occur through the User Profiles component (USERMAINT), the User Profile Save As component, the My System Profile component (USERMAINT_SELF), the Distributed User Profile component (USERMAINT_DIST), the USER_PROFILE component interface, and the USERMAINT_SELF component interface.

User Profile messages may also be published when Password is changed through the Change My Password component (CHANGE_PASSWORD) or Expired Password component (EXPIRE_CHANGE_PSWD) by triggering the USERMAINT_SELF component interface.

USER_PROFILE_XFR

This service operation changes the shape of the inbound USER_PROFILE.VERSION_84 message to an internal shape that you configure based on your needs for partial user profile synchronization.

This section describes the Application Engine programs that are designed for use in your security implementation.

DYNROLE_PUBL

The DYNROLE_PUBL Application Engine program is called when Dynamic Role Rules are executed for a single role from the Role component.

You run this program from the Roles page in the Roles component. You can also schedule this program to run as needed through Process Scheduler.

DYNROLE_SYNC

The DYNROLE_SYNC Application Engine program is designed to run in synchronous mode and is primarily used for the Role Maintenance Component Interface.

PURGEOLDUSRS

The PURGEOLDUSRS Application Engine program deletes users who have not signed on within a period specified in Password Controls.

You run this program by selecting PeopleTools > Security > User Profiles > Purge Inactive User Profiles or by selecting PeopleTools > Security > Password Configuration > Password Controls, and then clicking the Schedule button under Purge Inactive User Profiles. You can also schedule this program to run as needed through Process Scheduler.

LDAPSCHEMA

Application Engine Program that puts the LDAP Schema definition into the PeopleSoft database.

You run this program by selecting PeopleTools > Security > Directory > Cache Directory Schema.

LDAPMAP

Application Engine program used to import and export data to and from the LDAP directory into or from a PeopleSoft table. The process is based on an LDAP map.

You run this program by selecting PeopleTools > Security > Directory > Authentication Map.

USER_SYNC

The USER_SYNC Application Engine program synchronizes user profiles between databases using the USER_PROFILE message. You set up this program on the database that you configured to send or publish user profile information. Once you have set up the program, click Run.

To set up this program, create a new request and enter the following information on the Application Engine Request page:

  • Program Name: USER_SYNC.

  • State Record: AE_USRSYNC_AET

USR_PRFL_XFR

Sample Application Engine program used to transform outbound USER_PROFILE messages to conform to shapes acceptable to the subscribing nodes. This program transforms USER_PROFILE.VERSION_84 into message shape - USER_PROFILE.VERSION_81X