Enabling ChartField Security
|
Page Name |
Definition Name |
Usage |
|---|---|---|
|
SEC_FIELDS |
Enable ChartFields for security, set security level (user, role, permission list), and enable individual products. |
|
|
SEC_CF_PROD |
Select products to be enable or disable for ChartField Security. |
|
|
SEC_COMP_REG |
List ChartField Security components. Disable or enable ChartField Security for components. |
|
|
Component Details Page |
SEC_COMP_SEC |
List component detail records and associate ChartField prompt edit tables (defined in the Edit Table Set) to the detail record. |
|
ChartField Security Edit Tables Page |
SEC_EDIT_TBLS |
The edit table set defines the set of prompt edit tables and corresponding security views. Go to: . |
|
Dynamic Edit Tables Page |
SEC_DYN_EDITTBL |
Use dynamic edit tables when edit table assignments are dynamically assigned in a component based on product criteria and may differ from product to product. Go to: . |
To set up ChartField Security, you must:
Define security options and products using the ChartField Security page group.
Identify security requirements at the component level. Use the Component Registry page to enable or disable components and to set component level options.
Define security rules using the ChartField Security Rules page.
Assign security rules using the Assign Rules, Exceptions, and Security Values pages.
(Optional) Copy security rules for users, roles, permission lists, or all three.
Set up ChartField Security in this sequence:
Select the ChartFields you want to secure.
Define the rules.
Assign rules to user, role, permission list, or all three.
Build rules.
Enable the ChartField Security option.
See Component Registry - Secured Components Page.
You must complete the following steps before you can enable ChartField Security:
Define ChartFields to meet your unique requirements.
Determine which ChartFields require securing.
Determine the security level best suited for your needs.
Use the Security Options - ChartField Security page (SEC_FIELDS) to enable ChartFields for security, set security level (user, role, permission list), and enable individual products.
Navigation:
This example illustrates the fields and controls on the Security Options - ChartField Security page. You can find definitions for the fields and controls later on this page.
Your selections on this page determine the ChartField Security method, secured fields, and records.
Field or Control |
Description |
|---|---|
No Security |
Select to disable ChartField Security if it was previously enabled by user ID, role, or permission list. Also select this field if you want to enable ChartField Security at a later date but complete the setup now. |
Field or Control |
Description |
|---|---|
User ID |
Select to define rules to assign directly to a user. |
Field or Control |
Description |
|---|---|
Role |
Select to assign security rules by roles created in PeopleSoft PeopleTools security. You can facilitate setup by assigning large groups of users to similar rules. |
Field or Control |
Description |
|---|---|
Permission List |
Select to assign security rules using the row security permission list on the Tools Users Profile page. The PeopleTools User Profile page allows you to define a row security permission list that can be different from the primary permission list. |
Component Security Action
The selection for this field determines the default access behavior when a user is only authorized to view or modify some of the rows for a transaction or some of the ChartField values in a transaction.
Field or Control |
Description |
|---|---|
When user has partial access |
To allow a user partial access, select Grant Access. If you select Deny Access, the user will not have access to any ChartField values or transactions. Note: Keep in mind that blank ChartField values are implicitly treated as authorized values. This may be significant when using the partial access option Grant Access. There are some online pages that do not display the full set of ChartFields based on user setup. One example is the Budget Journal Entry, which only displays the ChartFields that are set up as Budget Keys in the Budget Definition. The partial access option Grant Access should not be used for this page if one of the secured ChartFields is not set up as a Budget Key. In this case, the ChartField value will always be blanks. |
Secured Fields
View and select active, delivered ChartFields. You can save the security setting without selecting a ChartField.
Warning! You may select only one or two ChartFields.
Field or Control |
Description |
|---|---|
Active |
Select to enable and disable security for a specific field. ChartField Security supports the following ChartField selection: ACCOUNT ALTACCT DEPTID OPERATING_UNIT PRODUCT FUND_CODE BUDGET_REF PROGRAM_CODE CLASS CHARTFIELD1 CHARTFIELD2 CHARTFIELD3 PROJECT_ID Note: ChartField Security also supports customized non-delivered ChartFields that you add during ChartField Configuration. See Securing Customized ChartFields for additional required setup. |
Secure Affiliate ChartField |
Select this check box to secure the related ChartField affiliate prompt values. For example, when Fund Affiliate is enabled, the prompt view for affiliate displays only those values associated with the fund code values you are authorized to access. |
Security Records
View ChartField associated delivered records. Each ChartField that is enabled for security is associated with a security record for user ID, role, or permission list.
Note: Table names may not be changed. The ChartField Configuration process creates the security records.
Inquiry Views
The Inquiry Views tab displays the security views for each ChartField that are used by the Security Values Page, which displays the secured ChartField values. You can change the inquiry views that are used on this page.
Review the delivered inquiry security views. Each ChartField that is enabled for security is associated with an inquiry security view for user ID, role, or permission list.
Note: This is delivered metadata and modifying the existing data is not recommended.
Use the Secure ChartField Options - Products page (SEC_CF_PROD) to select products to be enable or disable for ChartField Security.
Navigation:
This example illustrates the fields and controls on the Secure ChartField Options - Products page. You can find definitions for the fields and controls later on this page.
Your selections on this page determine whether a product is enabled or disabled for ChartField Security. When you disable a product, all registered components for that product are also disabled for ChartField Security. You can enable a product but disable some of its components.
Field or Control |
Description |
|---|---|
Active |
Select this check box to enable security for source products in the list. When you enable or disable a source product, all components associated with the source product in the component registry are enabled or disabled as well. |
Note: When a product and its components are enabled for ChartField Security, you must define rules and assign users, roles, and permission lists. If you do not define rules, then users will not be able to access the product components nor enter or view transactions. When you enable a product and one or all of its components, ChartField Security is strictly enforced.
Use the Component Registry - Secured Components page (SEC_COMP_REG) to list ChartField Security components.
Disable or enable ChartField Security for components.
Navigation:
This example illustrates the fields and controls on the Component Registry - Secured Components. You can find definitions for the fields and controls later on this page.
Filter
Field or Control |
Description |
|---|---|
Active Flag |
Select a blank value for the Active Flag field to view both active and inactive components. Select Active to view all ChartField Security enabled components. Select Inactive to view all components that do not have ChartField Security. |
Component |
Select a specific component by which to filter your results for ChartField Security selection. |
Source Product |
Select a specific product to list all the components that are associated with the product. |
Apply Filter |
Click this button to execute a query that controls the view of components. |
Register Components - Options
Field or Control |
Description |
|---|---|
Active |
Enable or disable ChartField Security for a component by selecting or deselecting this check box. Note: Most components are delivered with the Active Flag field enabled. However, some components are delivered as disabled for ChartField Security. These components typically do not require security, but you can enable security for these components. |
|
Click to navigate directly to the component. |
Secure Dist Code (secure distribution code) |
Select this check box to enable components that support a distribution code. This check box is grayed out for components that do not use distribution codes. Distribution code security rules work much like ChartField Security rules do. When this check box is selected for a component, you must define rules for the distribution code and assign those rules to end users who have access to the component. Note: ChartField Security only secures the prompt values for a distribution code, not the component access. |
Source Product |
Lists the source PeopleSoft product that the component is associated with and establishes the link between products and their components. You can change the Source Product assignment for a component to group it with a different product to provide additional flexibility for components that may be shared by multiple products. Note: If this list box is grayed out, the product is not secured with ChartField Security. Use this field to reassign a component to another product. For example, you can reassign PeopleSoft General Ledger exception tables to PeopleSoft Commitment Control because the users of these tables are Commitment Control users. Your selection here is related to the function of the product and how you use it. Note: There may be components that are shared by two different products. One product may be enabled for security and another product may not. For example, the Budget Journal Exceptions component is owned by Commitment Control but shared with General Ledger. If General Ledger is enabled for security and Commitment Control is not, then the Budget Journal Exceptions component will not be active for ChartField Security. In this case, you can change the source product here for the Budget Journal Exceptions component to General Ledger; which would then activate it for security enforcement. |
Single Transaction Display |
Select this check box to indicate that the component displays one transaction. If the component displays many rows of transaction information, then do not select this check box. When a new row of transaction information is added, you may edit this check box. Once saved, this information cannot be changed because this setting determines the way in which ChartField Security executes. An example of a single-transaction display page is an expense report or payables voucher. A user entering the component views only one transaction at a time. |
Component Security Action |
This field determines the access behavior when a conflict occurs between ChartField rules, which is called partial access. You can override the security action setting in the Security Options page for partial access conditions. You also can selectively disable components in a product that is enabled for security. Options are: Deny Access: Do not allow access. Grant Access: Allow access to transaction. Default to Higher Level: Use the option selected on the ChartField Security Options page as the default. Note: This selection applies only to components that have the Single Transaction Display field enabled. |
Drill to ComponentRegister Components - Record Details
Field or Control |
Description |
|---|---|
Header Record |
Provides the header record name used in the component. This value should not be changed. This record includes the key structure that identifies the transaction. |
Detail |
Select this link to access the Component Details page, where you can view additional component information and associate the prompt edit tables defined in the Edit Table Set to the detail record. |
Component Details Page
Use the Component Details page (SEC_COMP_SEC) to list component detail records and associate ChartField prompt edit tables (defined in the Edit Table Set) to the detail record.
Navigation:
Click the Detail link on the Component Registry - Record Details page.
This example illustrates the fields and controls on the Component Details page. You can find definitions for the fields and controls later on this page.
This page shows the detail record (or records) that are delivered for each component. You can activate or inactivate specific detail records for each component. At least one record should be active for ChartField Security to be enabled.
The detail record includes the same key fields as the header record. ChartField Security supports multiple detail records. For Transaction Entry or Transaction Data Correction Components only, the Edit Table Set must be identified. For inquiry components, the Edit Table Set field should be blank because it does not require inquiry components, even if the component includes prompt edits for the criteria selection.
Field or Control |
Description |
|---|---|
Active |
Select to include the detail records for ChartField Security. For example, it may not be necessary to secure all the detail records in Bill Entry. Each detail record that is active adds overhead cost to open the component. Note: Most components include only one or two detail records. For these components, the overhead should not be an issue. |
Detail Record |
This column displays if the Single Transaction Display check box is selected from the Register Components - Options page. The detail record stores the ChartFields and distribution codes. |
Detail Record/Search View |
This column displays if the Single Transaction Display check box is not selected from the Register Components - Options page. This field contains the associated detail record that stores the ChartFields or the search view that is used to retrieve the data in the inquiry pages. If a product component uses more than one detail record or search view for security in the component, then each record must be identified in a separate row, as shown in the example that is pictured below. |
Security View |
Contains the associated security search view that is used by the inquiry pages to retrieve accounting data. The view retrieved is based on registered metadata configured during the installation process. The list of values is restricted to the authorized values for the user and product. |
Edit Table Set |
Defines the set of prompt edit tables used by the product component. The Edit Table Set field controls the prompting for each ChartField enabled for security. Only one Edit Table Set value may be assigned to a detail record, and it should be assigned using the same guidelines used by products for standard ChartField validation in their transaction pages. This field will be blank if the page does not require prompt value security. |
The example pictured shows the component details for the Detail Budget Maintenance component. This component has multiple detail records (DTL_LEDG_DVW and LEDGER_BUDG):
This example illustrates the fields and controls on the Component Details page (Single Transaction Display check box not selected on Register Components - Options page). You can find definitions for the fields and controls later on this page.
ChartField Security is implemented at the component level. Occasionally, a component is shared by two different products. One product may be enabled for security and the other product may not. For example, the Requisitions component is owned by eProcurement, but it is shared with Purchasing. If Purchasing is enabled for security and eProcurement is not, then the Requisitions component will not be active for ChartField Security. In this scenario, you can change the source product using the Source Components - Component Registry page for the Requisitions component to Purchasing. This change would then activate it for security enforcement.