Maintaining System Users and Roles

User security in PeopleSoft eProcurement is similar to that in other PeopleSoft applications. You can associate permission lists with roles to which user profiles (user IDs) are attached. However, PeopleSoft eProcurement comes with several predefined role actions that restrict or grant user access to certain actions.

The following elements are used to create user access:

  • Permission Lists: (PeopleTools) Permission lists are the building blocks of user security authorization. A permission list grants a degree of access to a particular combination of PeopleSoft elements, specifying pages, development environments, time periods, administrative tools, personalizations, and so on. This level of access should be appropriate to a narrowly defined and limited set of tasks, which can apply to a variety of users with a variety of different roles. These users might have overlapping, but not identical, access requirements.

  • Roles: (PeopleTools) A role is a collection of permission lists. You can assign one or more permission lists to a role. The resulting combination of permissions can apply to all users who share those access requirements. However, the same group of users might also have other access requirements that they do not share with each other. You can assign a given permission list to multiple roles.

  • User Profiles: (PeopleTools) A user profile is a definition that represents one PeopleSoft user. Each user is unique; the user profile specifies a number of user attributes, including one or more assigned roles. Each role that is assigned to a given user profile adds its permission lists to the total that apply to that user.

  • eProcurement Role Actions: (eProcurement) eProcurement role actions are predefined role actions that restrict or grant user access to certain actions.

The following flow chart illustrates the setup of eProcurement security from permission lists, roles, and user profiles to the eProcurement role actions:

This example illustrates the fields and controls on the User security setup within PeopleTools and PeopleSoft eProcurement.

User security setup within PeopleTools and PeopleSoft eProcurement

Users are granted access to certain actions and pages based on their roles. For example, assume setting up the user ID VP1 to be an administrator of the eProcurement system. The system has a predefined user role named ePro Admin, and this role contains permission lists to allow access to suppliers, items, business units, and Purchasing and eProcurement pages. Using the User Profile-Roles page, attach this user role to the user ID VP1. Next, within eProcurement, VP1 needs to have access to the System Administration region of the Administer Procurement Main page; therefore, attach the user role ePro Admin to the eProcurement Role Actions page for the SYSTEM_ADMIN action name.

For more information about PeopleTools user security, see PeopleTools: Security Administration.

Role actions are pre-grouped into role action categories. Role action categories are pre-associated with transactions, which can be viewed on the Administer Role Action Categories page.

The relationship between role actions, role action categories, and transactions can be viewed on the eProcurement Role Actions page.

The administrator selects a transaction to work with for a particular role. Administrators will have to select the Role Action Categories and Role Actions they want to assign manually. The Assign Role Actions to Roles page determines which role name can perform which particular actions and enables you to modify the action controls accordingly.

All role actions are categorized into functional categories. Administrators assign the role actions. The assignment will be by role and within a particular role the actions will be listed under designated Role Action Categories.

Page Name

Definition Name

Usage

Administer Role Action Category Page

PV_ACT_CATEGORY

View the predefined role action categories.

eProcurement Role Actions Page

PV_ACTIONS_MAINT

View all the predefined role actions delivered, as well as their default action controls.

Role Assigned Page

PV_ACT_ROLES

View roles assigned to a specific role action and related role action controls.

Assign Role Actions To Roles Page

PV_ACTIONS

Use this page to manage role actions and role action categories for each role that is associated with each transaction.

PeopleTools: Security Administration

Use the Role Action Category page (PV_ACT_CATEGORY ) to view the predefined role action categories.

Navigation:

eProcurement > Administer Procurement > Maintain System Users and Roles > Role Action Category

This example illustrates the fields and controls on the Administer Role Action Category page.

Administer Role Action Category page

Transaction

Role Action Category and Description

Requisition

  • REQACS – Requisition Access

  • REQDTL – Requisition Line Detail Access

  • REQHDR – Requisition Header

  • REQMAN – Manage Requisitions

  • REQSRH – Requisition Item Search

Workflow

REQWKL – Requisition Workflow

Receiving

RECVIN – Receiving User Functionality

Buyer Center

BYRCNT – Buyer Center

Use the eProcurement Role Actions page (PV_ACTIONS_MAINT ) to view all of the predefined role actions delivered, as well as their default action controls.

Navigation:

eProcurement > Administer Procurement > Maintain System Users and Roles > Role Action Name

This example illustrates the fields and controls on the eProcurement Role Actions page. You can find definitions for the fields and controls later on this page.

Role Actions page

This page lists all of the predefined role actions delivered, as well as their default action controls. You cannot modify the data. A user can be assigned multiple roles for a single role action. The system will display the actions within each category in ascending order.

Note: This page can be accessed from the eProcurement Administer Procurement menu, Service Procurement menu, and the Setup Financials/Supply Chain menu. If both eProcurement and Service Procurement are installed, then both product transaction lists will be available for selection. If only one of them is installed, then only the respective transaction lists will be available for selection.

Field or Control

Description

Action Name

Displays the action names specific to the category selected in the Role Action Category page.

Description

Displays the definition of each action.

Object Type

Displays the object type, such as Page, Button, and Fields that the particular role action controls.

Action Controls

Determines how the action will behave for the assigned role. Each action control will have a default value assigned to it.

If multiple roles are assigned the same role action but with a different action control, then the least restrictive of the action controls will be used.

Roles Assigned

Click the icon to view other roles to which the role action is assigned.

This table lists Action Controls and describes the online behavior of each:

Action Name

Description

ACCOUNTING_DISPLAY

Controls the display of accounting information in a requisition. The assignment of this role action will take precedence over the assignment of the workflow Change all and Change Distribution actions contained in the Requisition Workflow category.

For more information on how this role action and SCHEDULE_DISPLAY role action work together to control the online requisition behavior, refer to the table that follows this one.

ADD_MULTI_ITEMS

Controls the display of the multi-add buttons on the catalog search results tab. When assigned, users can add multiple items to their cart, favorites, and templates. Users with this control can still add items one at a time if they choose.

ADD_SPECIAL_REQUEST

Controls whether the user is shown a link to create a special request when no search results are found.

SPECIAL_REQUEST_SEARCH

Controls if Special Request will display Catalog Items search results after clicking the Add button. The Search feature will use the Item Description to find related catalog items. Users will have the option to continue to add special request or use only catalog items.

Users need to enable the Search Framework on the eProcurement Installation page to use this option.

CHECKOUT_AFTER_ADD

User will be taken to the Checkout/Review and Submit page each time an item is added to the cart.

CUST_SRCH_RESULT_DISPLAY

This action will control the display of the Customize Search Results section on the My Preferences page. When assigned, users will be able to choose what fields they want displayed for their search results.

MULTI_SCHEDULE

Controls whether the user can add multiple schedules to a requisition line item. When enabled, the requisition schedule line will display the add and delete buttons.

REQ_BUYER_SOURCING_CONTROL

Controls the display of the item buyer information section on the line details page for a requester. The buyer information contained in this section is: Buyer Name, Buyer Information link, Consolidate with other Reqs flag, Calculate Price flag, Override Suggested Supplier flag, Inventory Source flag, and the Auto Item Substitute flag. The assignment of this role action will take precedence over the assignment of any of the workflow Change all and Change Line actions contained in the Requisition Workflow category.

REQ_CNTRCT_INFO

Controls the display of the item contract information section on the line details page for a requester. The information that is contained in this section is: Contract ID, Contract Search icon, Version number, Contract Line, Category Line, Contract details link, and Use Contract if Available check box. The assignment of this role action will take precedence over the assignment of any of the workflow Change all and Change Line actions contained in the Requisition Workflow category.

REQ_ITEM_DETAILS

Controls the display of the item details section on the line details page for a requester. The item information that is contained in this section is: Merchandise amount, Item ID, Item Substitute search icon, Category, Original Substituted Item ID, Original Substituted Item Description, Inspection Required field, Physical Nature field, Buyer field, Buyer Information link, Item Type, Configurable Info link, RFQ Required flag, Device Tracking flag, Zero Price Indicator flag, Stockless item flag, and Amount Only flag. The assignment of Display only or Hide actions will take precedence over any assignment of the workflow Change all and Change Line actions contained in the Requisition Workflow category.

REQ_ITEM_MANUFACTURER

Controls the display of the item manufacturer information section on the line details page for a requester. The Manufacturer information that is contained in this section is: Manufacturer Name, ID, Item ID, and UPN ID. The assignment of Display only or Hide actions will take precedence over the assignment of any of the workflow Change all and Change Line actions contained in the Requisition Workflow category.

REQ_ITEM_SUBSTITUTE

Controls the display of the item substitute icon on the item search page. When selected, an informational list of substitute items will appear. This role action works in conjunction with the Purchasing Business Unit flags: Enable Item Substitutions and Allow Item Search. Both of these flags need to be enabled along with this role action for the icon to appear. If the role action is not enabled, then the icon will not appear on the search results page.

REQ_ITEM_SUPPLIER

Controls the display of the supplier information section on the line details page for a requester. The supplier information that is contained in this section is: Supplier Name, ID, Supplier Location, Supplier Item ID, and Catalog. The assignment of Display only or Hide actions will take precedence over the assignment of any of the workflow Change all and Change Line actions contained in the Requisition Workflow category.

REQ_PROCUREMENT_GROUP

Controls the display of the item procurement group information section on the line details page for a requester. The information that is contained in this section is: Procurement Group ID, Primary Unit check box, Unit Allocation Quantity, and Unit Allocation Amount. The assignment of Display only or Hide actions will take precedence over the assignment of any of the workflow Change all and Change Line actions contained in the Requisition Workflow category.

REQ_SETTINGS_PG_ACCESS

Controls whether the requester has access to the requisition settings link and page. The requisition settings link takes users to the requisition settings page, where they can review and change the Requisition Business Unit, Requester, and default settings of a requisition. Access to this link will appear at the top of all pages of the requisition. If the control chosen is to hide the link, then this assignment will take precedence over the assignment of these role actions: LAND_ON_REQ_SETTINGS_PG, ALLOW_DEFAULT_OPTION, and CHANGEREQBU.

SCHEDULE_DISPLAY

Controls the display of schedule information on a requisition. Because the schedule and the accounting information appear together on the requisition, rules were established as to how the settings of this role action and the settings of the accounting role action will work together.

For more information on how this role action and ACCOUNTING_DISPLAY role action work together to control the online requisition behavior, refer to the table that follows this one.

VIEW_PRICEADJUSTMENTS

Controls the display of the price adjustments icon on the item search page without having to drill into the item details. This action will also control the display of price adjustments on the requisition schedule.

SUPP_PRICE_BREAKDOWN

Controls whether a Price Breakdown icon will appear on the item search results page. The icon will indicate to the user that price breakdowns have been defined for the item. When the icon is selected, the user will be able to view the defined price breakdowns by unit of measure for that item supplier combination.

EDIT_SHIPPING_FOR_ALL_LINES

Controls the display of the Edit for All Lines link in the Shipping Summary section of the Checkout page. If the same role has the ENFORCE_RGN_SECURITY role action assigned, it will take precedence over the assignment of this action.

SHIPVIA_FREIGHT_DISPLAY

Controls the display of the Ship Via and Freight Terms field on the requisition schedule. This role action works in conjunction with the ACCOUNTING_DISPLAY and SCHEDULE_DISPLAY role actions. Schedule information needs to be visible in order for the fields to be displayed.

LAND_ON_REQ_SETTINGS_PG

Controls whether the Requisition Settings page will be the first page the requester will access. If so, then the user will be able to review and change the Requisition Business Unit, Requester, and default settings before adding items to the requisition. The assignment of this action will take precedence over any assignment of the Initial Page Display option in Requisition Navigation setup.

MASS_CHANGE

This action will control the display of the Mass Change link on the requisition review and submit page. If the action control of Enabled is selected, users will be given access to the Mass Change page, where they can change values for the requisition line, schedule, and accounting lines. The assignment of this action will take precedence over the assignment of the EDIT_SHIPPING_FOR_ALL_LINES role action and will allow users to make changes to the Schedule via the Mass Change page. In addition, when the ACCOUNTING_DISPLAY and SCHEDULE_DISPLAY role action controls are set to Display only and Hide and the user has been given access to the Mass Change link, she will not be allowed to make any changes to the requisition accounting or schedule. The information on the Mass Change page will be display only.

VIEW_CONTRACT

Controls whether the contract icon will appear on the search results page so the user can view contract information for the item. This role action will also control the appearance of the Contract Search section on the Advanced Search page.

ENFORCE_RGN_SECURITY

This action enforces the regional security on a requisition by restricting the Ship To ID to the requisition default ship to ID. A requester will not be able to change the Ship to ID on the requisition.

MASS_APPROVER

Users are allowed to approve many requisitions at one time.

MULTI_COMMENTS

Enables multiple comments at the Header and Line. This role action also controls the ability to enter Ship To comments as well as the ability to add attachments to the Header comments.

ALLOW_ADHOC_ONPREVW

Allow add/remove ad hoc approvers on requisition preview.

ALLOW_ADHOC_ONSUBMIT

Allow submit on requisition preview.

ALLOW_CHANGE_REQUEST

Users are allowed to edit requisitions, create change requests, or both to a line that has been sourced to a Purchase Order.

ALLOW_DEFAULT_OPTION

Enables the defaulting options on the Requisition Settings page.

ALLOW_HOLD

Users are allowed to put a requisition on hold.

ALLOW_PURGE

Users are allowed to perform the Purge Staging Table and Purge Change Order Requests in Buyer Center.

CANCHANGEALL

While the eProcurement requisition is in pending approval status, these roles are allowed to change any field on the requisition, including quantity and price, without restarting the approval process.

CANCHANGEDISTRIB

While the eProcurement requisition is in pending approval status, these roles are allowed to change any field on the requisition distribution without restarting the approval process.

CANCHANGEHEADER

While the eProcurement requisition is in pending approval status, these roles are allowed to change any field on the requisition header without restarting the approval process.

CANCHANGELINE

While the eProcurement requisition is in pending approval status, these roles are allowed to change any field on the requisition line except the quantity and price without restarting the approval process.

CANCHANGESCHEDULE

While the eProcurement requisition is in pending approval status, these roles are allowed to change any field on the requisition ship/schedule without restarting the approval process.

CANLINKWO

Action is assigned to Roles that are permitted to link to Maintenance Work Order.

CHANGEREQBU

User can change the requester and business unit of a requisition.

ITEM_NOTIFICATION

These roles get the worklist notification for the new item request. New item requests can be initiated from the special request page for an item.

NO_CASUAL_RECV

No receiving is allowed for the roles assigned to this action.

NO_DEFAULT_RESULT

No search result will be provided by default on the Requisition Manager and the Inquire Receipts page.

NO_ONETIME_SHIPTO

Disables one-time ship-to address access.

PRICEANDAVAILCHECK

Users who have authority to perform real-time price and availability checks for Marketplace items.

RECV_BY_SHIPTO

This action allows a casual receiver who has the Receive Ship To ID set up in User Preferences to receive all requisitions shipped to that particular ship-to ID.

RECV_ALL_SHIPTO

This action allows a casual user to receive all requisitions for all ship to’s for the SETID associated with the Receiving BU.

RECV_CASUAL_ALL

This action should be assigned to user roles of casual users and who should have the authority to cancel their receipts as well as seeing some purchase order details, such as PO item price.

RECV_POWER

The RECV_POWER action should be assigned to Power Users in Receiving. The eProcurement Receive main page for Power Users provides access to all pages in PeopleSoft standard receiving.

RESTRICT_INV

Allows a requester to only see inventory items and ordering unit of measures when searching for requisition items. No supplier information will be shown. This action should only be used when SES is installed and used for item searching.

SYSTEM_ADMIN

Procurement System Administrator. This action allows access to the System Administration Admin functionality.

VAT_DETAILS

This action allows users to view VAT Schedule and VAT Distribution details. It also allows users to override VAT related fields, such as VAT code, VAT applicability, VAT Transaction Type, and so on.

VIEW_ALL_SUPPLIERS

This action will allow a user to view all suppliers when browsing or searching.

VIEW_INVENTORY_ICON

This action controls the display of the inventory item icon on the item search result pages. If this action is used, an inventory item icon will appear if the item is marked as an inventory item in the master item table.

VIEW_ORDERING_UOM

When assigned, the Default Req UOM defined on the Unit of Measure page will be used for the item on a requisition. This action also allows viewing the ordering units of measure for an item on the Requisition Item Description page.

VIEW_SUPPLIER_UOM

When assigned, only UOMs defined on the Item Supplier UOM page for an Item/Supplier/Location will be available for the item on the requisition search results display UOM prompt. VIEW_ORDERING_UOM action will take precedence over this role action.

WF_EXPAND_APPROVERS

Users in this role will always see the Review / Edit Approvers section in the eProcurement Approval page as expanded. Otherwise, it will be collapsed by default when the user is approving a requisition.

The following table provides details on how the online requisition pages behave when the role actions SCHEDULE_DISPLAY and ACCOUNTING_DISPLAY are assigned to a user role with various combination of action controls.

Action Controls for SCHEDULE_DISPLAY

Action Controls for ACCOUNTING_DISPLAY

Online Behavior

Display Only

Editable

Schedule becomes editable along with the accounting information on the Review and Submit Requisition Settings and the Mass Change pages. The Edit For All Lines link appears.

Users can copy the default values specified on the Requisition Settings page for line and schedule level to the Edit Lines, Shipping, and Accounting Information page.

Display Only

Hide

All Schedule fields appear only on the Requisition Settings page, the Shipping section on the Mass Change page, and the Shipping section on the Review and Submit page. The Edit For All Lines link does not appear. Accounting related fields are hidden.

Users cannot copy the default values specified on the Requisition Settings page for line, schedule, and distribution level to the Edit Lines, Shipping, and Accounting Information page.

Display Only

Display Only

Accounting and Schedule information appears only on the Requisition Settings, Mass Change, and Review and Submit pages. The Edit For All Lines link does not appear.

Users cannot copy the default values specified on the Requisition Settings page for line, schedule, and distribution level to the Edit Lines, Shipping, and Accounting Information page.

Editable

Editable

Schedule and Accounting information becomes editable in the requisition component. The Edit For All Lines link appears, enabling editing.

Users can copy default values specified on the Requisition Settings page for line and schedule level to the Edit Lines, Shipping, and Accounting Information page.

Editable

Hide

Schedule information is editable in the requisition component. The Edit For All Lines link appears, enabling editing. Accounting information, including Distribute by and SpeedChart, is hidden.

Users can copy the default values specified on the Requisition Settings page for line and schedule level to the Edit Lines, Shipping, and Accounting Information page.

Editable

Display Only

Schedule information is editable in the requisition component. The Edit For All Lines link appears, enabling editing. Accounting information, including Distribute by, is display-only. SpeedChart is hidden.

Users can copy default values specified on the Requisition Settings page for line and schedule level to the Edit Lines, Shipping, and Accounting Information page.

Hide

Editable

Schedule becomes editable along with the accounting information on the Review and Submit Requisition Settings and the Mass Change pages. The Edit For All Lines link appears.

Hide

Hide

Accounting and Schedule information is hidden on the Review and Submit, Requisition Settings, and Mass Change pages. The Edit For All Lines link and Shipping Summary section are hidden.

Hide

Display Only

Schedule becomes display-only along with the accounting information on the Review and Submit, Requisition Settings, and Mass Change pages. The Edit For All Lines link is hidden.

Role Assigned

This page allows the administrator to view all other roles assigned to a specific role action and related role action controls. Administrators can collectively change the action controls for all the roles assigned here. To access this page, click the Role Assigned icon on eProcurement Role Actions page.

This example illustrates the fields and controls on the Role Assigned page.

Role Assigned page

Note: After you make changes on the Role Assigned page, click the OK button and then click the Save button on the Role Action page.

Use the Assign Role Actions To Roles page (PV_ACTION ) to manage role actions and role action categories for each role that is associated with each transaction.

Navigation:

eProcurement > Administer Procurement > Maintain System Users and Roles > Assign Role Actions to Roles

This example illustrates the fields and controls on the Assign Role Actions to Roles page. You can find definitions for the fields and controls later on this page.

Assign Role Actions To Roles page

Use this page to manage role actions and role action categories for each role that is associated with each transaction. However, if role actions are not assigned to any roles, then the system will use the delivered default action control.

  1. As you enter the page, select a transaction.

  2. Select a role name that is associated with the transaction.

  3. In the Role Action Category field, select from the eProcurement categories that are predefined on the Administrator Role Action Category page.

  4. In the Action Name field, select from the predefined eProcurement role action names.

  5. In the Action Controls field, select how the system should display the action category.

Field or Control

Description

Copy From Role

Select a role to copy from. This option enables you to populate the fields on this page, which can speed up the process of creating a new record.

eProcurement Role Action Category

Field or Control

Description

Role Action Category

Select from the list of eProcurement categories that are predefined on the Administrator Role Action Category page.

This field indicates the type of access that the user role has, such as requisition line detail access, timesheet access, and so on. The users are specified in the Role Action section of the page. These values are pre-delivered.

Multiple role action categories can be added to the transaction by using the Add button.

Role Action

Field or Control

Description

Action Name

Displays eProcurement role action names that are predefined.

Object Type

Displays the objects managed by a specific role action. For example, VAT_DETAILS Action Name controls icons and links on the requisition.

Action Controls

Displays the action that can be performed by the user role. Options include: Enabled, Disabled, Display Only, Editable, and Hide.

Other Roles Assigned

Click to access the Other Roles Assigned modal window. This window displays the Role Name, Object Type, and Action Control of other user roles that are assigned to the role action name.