Setting Up Permission Lists and Roles for Delegation
These topics provide an overview of permission lists and roles for delegation and discuss how to set up permission lists and roles.
Before configuring delegation transactions, you must set up permission list and role security for your delegation transactions. The PeopleSoft HCM application delivers as system data several permission lists that are required for use of the Delegation framework. You can attach these permission lists to roles where needed to enable users access to delegation functionality.
This table describes the delivered permission lists for the Delegation framework:
|
Permission List Name |
Description |
Roles Assigned to Permission List |
|---|---|---|
|
HCCPDL1000 |
Enables HCM users to access the delegation setup components that are part of the Delegation Setup Center page and the delegation administrative components that are part of the Approvals and Delegation page. |
HCM Delegation Admin (administrator) |
|
HCCPDL1100 |
Enables HCM users to access the Manage Delegation page, which is the home page for self-service transactions. |
Manager Employee |
|
EODL1000 |
Enables Enterprise Objects users to access the delegation setup components that are part of the Delegation Setup Center page and the delegation administrative components that are part of the Approvals and Delegation page. |
EODL_Administrator |
|
EODL1100 |
Enables Enterprise Objects users to access the Manage Delegation page, which is the home page for self-service transactions. |
Manager Employee |
In addition to permission lists, you need to define the delegation administrator role and assign the HCCPDL1000 permission list to it. Once assigned to a user, this role enables that designated delegation administrator access to the delegation setup and administrative components. The PeopleSoft HCM system delivers the HCM Delegation Admin role as system data for this purpose. This role already has the HCCPDL1000 permission list assigned to it.
PeopleSoft HCM applications that use delegation functionality deliver many transactions that are preconfigured for the Delegation framework. These transactions are preconfigured with a unique permission list and role for each component where the proxy can perform the delivered delegated transaction. When a proxy status becomes active, the system inserts the unique role for that delegation transaction into the proxy's user profile. The role contains the permission list that enables the proxy access to the component for performing the delegated transaction. When the proxy status becomes inactive, the system removes that role from the proxy's user profile. To configure delegation transactions, use the Configure Delegation Transaction page to associate to the transaction the unique role and the component where the transaction is performed. The unique permission list is associated with the role in PeopleTools security.
See Configuring Delegation Transactions.
When configuring transactions for delegation you must use a unique role and permission list for each component that you associate with a delegated transaction. You must attach the permission list to portal security for the component and associate the unique role with the unique permission list. You might also need to run the Portal Security Sync process to ensure that the permission list is associated with the portal navigation.
Warning! Do not use an existing role to configure a delegation transaction because the delegation framework grants and revokes the role from the proxy's security profile according to the proxy's delegated authority over a transaction. This will cause a proxy who already has access to the specified component to lose access to that component entirely when the delegation framework revokes the delegated authority.
Set up permission list and role security for your delegation transactions.
See PeopleTools: Security Administration.