Understanding Security
This section discusses:
Security administration.
Security concepts.
User security for PeopleSoft eSettlements is designed for decentralized administration. Access to information is flexible, and you can configure access to meet your organization's needs. Predefined role types and data access rights ensure secured data access throughout the system. Security is managed by two types of administrators:
A main system administrator.
Local administrators (for both buyers and sellers).
The system administrator establishes the overall structure for creation of user profiles and creates one user profile for each buying entity (buyer) and selling entity (supplier). These first users are the local administrators and are referred to as either the buyer administrator or the supplier administrator. The local administrator role types are restricted to creating respective local buyer and supplier users.
Note: In the Buyer Direct model, you do not have to create separate buyer and supplier administrators. The system administrator can manage all user security. However, you are required to create separate buyer and supplier administrators in the Business Service Provider model.
The following concepts are fundamental to security:
Term |
Definition |
|---|---|
Permission lists |
Permission lists group authorizations. You assign permission lists to roles. Permission lists store authorized sign-in times (when users may access the system), page access, PeopleTools access, and buyer and supplier data permissions. |
Role names |
Role names are intermediate objects that link user profiles to permission lists, and that are mapped to PeopleSoft eSettlements role types. You can assign multiple role names to a user profile, and you can assign multiple permission lists to a role name. Note: You must map roles to PeopleSoft eSettlements role types for use within PeopleSoft eSettlements. |
Role types |
Role types are intermediate objects that enable you to control access and notifications. You can map PeopleSoft role names to role types. You define access and the activities that a particular role name can perform, as well as the events for which that role name receives email notification. You can map many role names to a particular role type, but only one role type can be mapped to a single PeopleSoft eSettlements role name. The next section discusses these role types in detail. |
User profiles |
A profile describes a particular user. Profiles include low-level PeopleTools data (such as language code) and application-specific data (such as the SetIDs that users are authorized to access within Oracle's PeopleSoft Financials applications). Permission lists, role names, and role types are all part of a user's profile. Some user profile attributes (such as a password) are security-related, while others are descriptive (for example, an email address) or preferential (for example, if multi-language capabilities are enabled). |
Buyer data permissions |
Buyer permissions are first assigned to the buyer administrator by the system administrator during buyer registration. The system administrator controls the data access that the buyer administrator can subsequently assign to users locally through buyer security. |
Supplier data permissions |
Supplier permissions are first assigned to the supplier administrator by the system administrator during supplier registration. The system administrator controls the data access that the supplier administrator can subsequently assign to users locally through supplier security. |
See the product documentation for PeopleTools: Security Administration