Setting Up Access Profiles

This section provides an overview of access profiles and discusses how to:

  • Use the Access Profiles dialog box.

  • Set access profile properties.

  • Work with access profiles.

Every user profile must be assigned to an access profile, by way of a Symbolic ID. The Access ID consists of a relational database management system (RDBMS) ID and a password. Access profiles provide the necessary IDs and passwords for the database logon operations that occur in the background. Access IDs are used:

  • When an application server initializes and connects to a PeopleSoft database.

  • When a developer or power user signs in to the PeopleSoft database directly (two-tier).

  • When batch programs connect to the database.

Users signing in to the system through PeopleSoft Pure Internet Architecture take advantage of the Access ID that the application server used for connecting to the database.

Access profiles enable you to minimize the number of users who need to know system administrator passwords. In fact, only one person needs to know these passwords. That person can create the required access profiles—by providing the necessary passwords when prompted—and all other security administrators can assign users to the predefined access profiles. The Access ID and password are encrypted in the database in the PSACCESSPROFILE table.

Before you begin creating your user profiles, roles, and permission lists, you need to set up your access profiles in the database. Ultimately, the access profile is the profile that your users use to connect to your PeopleSoft database. Without being associated with an access profile, users cannot sign in, even with a test ID. This association is by way of the symbolic ID, which is a proxy ID for the Access ID and Access password.

The ID that you use must be defined at the RDBMS level as a valid RDBMS ID. You do not use PeopleSoft or PeopleTools software to create an RDBMS ID; create it using the utilities and procedures defined by your RDBMS platform. After you create the RDBMS ID, use the PeopleTools access profiles utility to link your RDBMS ID to the access profile. This profile is created when you first install your database.

Access the Access Profiles dialog box in Application Designer (Tools, Miscellaneous Definitions, Access Profiles).

Image: Access Profiles dialog box

This example illustrates the fields and controls on the Access Profiles dialog box.

Access Profiles dialog box

Field or Control

Definition
Close

Click to exit this dialog box.
New

Click to create a new access profile definition.
Edit

Click to edit an access profile definition.
Delete

Click to delete an access profile definition.

When you create or modify an access profile using the Access Profiles dialog, you need to understand the properties that comprise an access profile. After reading this section, you will be familiar with these properties.

Access the Add Access Profile dialog box (click the New button in the Access Profiles dialog box).

Image: Add Access Profile dialog box

This example illustrates the fields and controls on the Add Access Profile dialog box.

Add Access Profile dialog box

Field or Control

Definition
Symbolic ID

Enter the Symbolic ID that is used to retrieve the encrypted access ID and access ID password from the PSACCESSPROFILE table. For your initial installation, set it equal to the database name.
Access Profile ID

Enter the Access Profile ID, which must be a valid RDBMS ID with system administrator privileges and must match the associated RDBMS ID. The system assumes that the RDBMS ID that you enter is the same as the Access Profile ID.

The Access Profile ID must be a different logon ID than the User ID. Logic within PeopleTools ensures that if Access ID = User ID, then PeopleTools does not log off and log on again, nor does the system issue a SET CURRENT SQLID = ‘owner ID’.

Note: In DB2 terminology, Access ID is a primary ID and Owner ID is a secondary Auth ID. If the Access ID does not equal the Owner ID, then secondary authorization security exists in DB2 to issue a SET CURRENT SQLID command. DB2 will qualify tables (required) with the Owner ID provided by SET CURRENT SQLID statements issued by the PeopleSoft software. If the Access ID equals the Owner ID, then the secondary authorization exits are not required. DB2 will qualify the table name with the Access ID.
Access Password

Enter the password associated with your RDBMS ID/Access Profile ID, which is the password that the Access ID uses to sign in to the database.

This section discusses how to create a new Access Profile definition, change an Access Profile password, and delete an Access Profile in the PeopleSoft system.

To create a new Access Profile definition:

  1. In PeopleSoft Application Designer, select Tools > Miscellaneous Definitions > Access Profiles.

    The Access Profiles dialog box appears.

  2. Click New.

    The Add Access Profile dialog box appears.

    This dialog box prompts you for the Symbolic ID, name, and password of the new access profile.

  3. Enter a Symbolic ID.

    The Symbolic ID is used as the key to retrieve the encrypted acccess ID and access ID password from the PSACCESSPROFILE table.

  4. Enter an Access Profile ID.

    This ID must be a valid RDBMS ID with system administrator privileges.

  5. Enter and confirm a password.

    The access password is the password string for the RDBMS ID/Access Profile ID. The Confirm Password field is required, and its value must match that of the Access Password field.

  6. Click OK.

Note: You should use only one Access ID for your system. Some RDBMSs do not permit more than one database table owner. If you create more than one Access ID, additional steps may be required to ensure that this ID has the correct rights to all PeopleSoft system tables.

To change an Access Profile password:

  1. In Application Designer, select Tools > Miscellaneous Definitions > Access Profiles.

    The Access Profiles dialog box appears.

  2. In the Access Profiles: list, highlight the profile that you want to modify, and click Edit.

    The Change Access Profile dialog box appears.

    This dialog box prompts you for the old password, the new password, and then a confirmation of the new password for the access profile.

  3. Enter and confirm the new password.

    The access password is the password string for the ID. The Confirm Password field is required, and its value must match that of the Access Password field.

  4. Click OK.

To delete an Access Profile:

  1. Select Tools > Miscellaneous Definitions > Access Profiles.

    The Access Profiles dialog box appears.

  2. Highlight the access profile that you want to remove, and click Delete.

    You are prompted to confirm the deletion.

    Click Yes at the prompt dialog box if you want to delete the selected access profile.

Important! Make sure you don't delete the only available Access ID or you will not be able to log on to PeopleSoft software in any capacity.