Understanding PeopleSoft Application Security
PeopleSoft applications use multilevel security to enable you to successfully manage shared data environments. You set up data access at different entry points within your system and define the most efficient path to data across business groups, tables, departments, pages, and so forth. You have full control over security definitions, selecting options to create a matrix that enables or restricts user access to data through a series of authorizations.
Note: User profiles define individual PeopleSoft users. Each user is unique. The user profile specifies a number of user attributes. You set up user profiles using the User Profiles component (USERMAINT).
See PeopleTools: Security Administration.
Security access covers three areas: networks, databases, and applications. Network security controls the overall point of entry into your system hardware and software resources. Database security narrows the scope of a user's information access. At the application level, security extends to the field level.
These are the PeopleSoft application security levels:
Workstation user.
Network server security.
Database management (RDBMS) security.
PeopleSoft application security.
Users can access defined sets of functions, pages, and fields. For example, auditors can review inquiry pages and generate reports, controllers can run PeopleSoft business processes, and management information systems staff can configure and maintain pages and records.
This section discusses:
Security terms.
Row-level security in PeopleSoft financials.
Permission lists.
This table describes the various types of PeopleSoft application security:
Security Type |
Location |
Function |
---|---|---|
Network |
Network software |
Controls entry into the network and authorizes rights to use shared resources. |
Relational Database Management System (RDBMS) |
Operating system |
Controls access to the database. |
User |
PeopleTools |
Controls access to application pages, functions, and business components. |
Object |
PeopleTools |
Controls access to objects or object groups used in application development. |
Query |
PeopleTools |
Defines table row sets accessible for performing system queries. |
Row-level |
PeopleTools and PeopleSoft applications |
Controls access to the subset of data rows within tables that the user is authorized to review or update. |
Field-level |
PeopleCode |
Controls access to individual fields on pages. |
To establish security, you must first decide the level that you want, which key fields to secure, and whether security will be defined through user IDs or permission lists. With row-level support, you can implement security to restrict individual users or permission lists from specific rows of data that are controlled by the following key fields:
Business unit
SetID
Ledger (and ledger group)
Book
Project
Pay cycle
Planning Instance
You can also limit access to specific subsets of rows. For example, you can specify user ID security to limit an auditor in Paris to the business unit for your European division. Or, if you have a team of auditors, you can assign them all to one primary permission list and then specify permission list security to enforce appropriate limits on the information that they can access.
The sheer volume of users assigned to a level of security can help you determine whether to use security based on user ID or permission list. If 1,000 users have identical access requirements, explore the use of permission list security. By assigning these users to a single role, you can make subsequent changes in their access requirements just once instead of 1,000 times.
Note: Applying row-level security does not restrict the data selected by batch processes.
These tables show the sample permission lists and the corresponding menus and components available to users.
Note: The permission lists that you associate with a user through role assignment are not used for row-level security in PeopleSoft financials. Only the primary permission list for a user is relevant when setting up row-level access by permission list.
This table lists the permissions granted to the various general ledger users:
Permission List ID |
Description |
Menus |
Components |
---|---|---|---|
EPGL1000 |
GL Transactions/Processes |
Process Journals |
Journal Entry |
This table lists the permissions granted to the Accounting Manager role:
Permission List ID |
Description |
Menus |
Components |
---|---|---|---|
EPGL9100 |
Establish Business Units-GL |
Establish Business Units |
General Ledger Definition, Ledgers For A Unit, General Ledger Units, Ledgers For A Unit, Record Groups, TableSet Controls, TableSet IDs |
EPGL9000 |
General Ledger |
Design ChartFields |
Account, Product, Scenarios, Statistics Code, ChartField Editing Template, Combination Definition, Combination Rule, Combination Group, SpeedTypes, Build Combination Data, Message Log, Combination Data, Background Process, AltAcct Xref, Department, Project, Configure ChartFields |
EPGL9000 |
General Ledger |
Define General Options |
Account Types, Accounting Entry Definition, Calendar Builder, Currency Code, Currency Exchange Calculator, Detail Calendar, Document Type, Dun and Bradstreet, File Locations, Installation Options, Journal Code, Journal Generator Template, Journal Source, Journal Type, Market Rate Type, Market Rates, Position Accounting, Schedules, State, Summary Calendar, TimeSpans, Units of Measure, Cross/Reciprocal Rate Calc, Document Sequence Range, Operator Preferences |
EPGL9000 |
General Ledger |
Adjust Budgets |
Detail Budget Maintenance, Budget Copy Definition, Budget Copy Group, Budget Copy Request, Message Log, Budget Copy Calculation Log |
EPGL3000 |
Commitment Control |
Manage Commitment Control |
Source Transaction Definition, Control Budget Definition, Budget Attributes, Associated Budgets, ChartField Value Sets, Budget Closing Rules, Security Field Setup |
EPGL2000 |
Allocations |
Perform Allocations |
Allocations, Allocation Group, Allocation Request, Copy/Rename/Delete Step, Message Log, Shared Table Statistics, Allocation Step |
EPGL1100 |
Review Ledgers/Reports |
Consolidate Results |
Elimination Sets, Minority Interest Sets, Consolidation Definition, Subsidiary Ownership |
EPGL1100 |
Review Ledgers/Reports |
Maintain Ledgers |
Translation Rule, Translation Step, Translate Within Ledgers, MultiCurrency Group, Process MultiCurrency, Translation Definition Report, Translation Calculation Log Report, Translate w/in Ledger Step Report, Translate w/in Ledger Calc Log Report, Journal Closing Status Report |
EPGL1110 |
Review Ledgers/Reports |
Maintain Ledgers |
Revaluation Step, MultiCurrency Group, Process MultiCurrency, Payables Revaluation, Receivables Revaluation, Payables Revaluation Inquiry, Receivables Revaluation Inquiry, Revaluation Definition Report, Revaluation Calculation Log |
EPGL1100 |
Review Ledgers/Reports |
Maintain Ledgers |
Process Ledger Archive, Process Flat File Ledger Load, Process Ledger File Create, Process Publish Ledger, Ledger Template, Detail Ledger, Detail Ledger Group, Archive Ledger Log Inquiry, Ledger Template Report, Detail Ledger Definition Report |
EPGL1100 |
Review Ledgers/Reports |
Maintain Ledgers |
Average Daily Balance Definition, Process Average Daily Balance, ADB-Definition, ADB-Processes |
EPGL1100 |
Review Ledgers/Reports |
Maintain Ledgers |
Summary Ledger Definition, Process Summary Ledger, Ledger Set, Summary Ledger Status Inquiry, Summary Ledger Definition Report, Summary Ledger Detail Report |
EPGL1100 |
Review Ledgers/Reports |
Maintain Ledgers |
ChartField Value Sets, Closing Rules, Process Closing, Closing Rules Report, Closing Trial Balance Report |
EPGL1100 |
Review Ledgers/Reports |
Process Journals |
Ledger Inquiry, Ledger Period Compare, Ledger Group Inquiry |
EPGL1000 |
GL Transactions/Processes |
Process Journals |
Journal Entry, Process Copy Journal |
EPGL1000 |
GL Transactions/Processes |
Process Journals |
Process Journal Generator |
EPGL1000 |
GL Transactions/Processes |
Process Journals |
Standard Journal Entry, Process Standard Journals, Standard Journals Inquiry, Standard Journals Report |
EPGL1000 |
GL Transactions/Processes |
Process Journals |
Received Files, Process Load Journals, Process Batch Journal Import, Process Import Workbooks |
EPGL1000 |
GL Transactions/Processes |
Process Journals |
Journal Entry Approval |
EPGL1000 |
GL Transactions/Processes |
Process Journals |
Journal Suspense Correction, Process Mark Journals for Posting, Process Mark Journals for Unposting, Process Journal Edit, Process Journal Budget Check, Process Unlock Journals, Process Journal Post, Suspense Cross Reference Inquiry |
EPGL1000 |
GL Transactions/Processes |
Process Journals |
Process Journal Archive, Archive Journal Log |
EPGL1000 |
GL Transactions/Processes |
Process Journals |
Journal Inquiry, Journal Status Inquiry, Payroll Journal Entries Inquiry, Generic Accounting Entries Inquiry, Journal Entry Detail Report, Journal Entry Edit Errors Report, Posted Journals - Summary Report, Ledger vs. Journal Integrity Report, Trial Balance Report, Statutory Trial Balance Report, Stat General Ledger Activity Report, Statutory Journal Activity Report, Stat Journal Contra Activity Report, Suspended Activity Report, InterUnit Activity Report |
EPGL1000 |
GL Transactions/Processes |
Process Journals |
Open Items, Process Open Item Reconciliation, Open Item Status Inquiry, Open Item Listing Report |
CPPT1040 |
Report Manager |
Report Manager |
Report List |
CPPT1050 |
Process Scheduler |
Process Scheduler |
Process Type Definitions, Process Definitions, Job Definitions, Recurrence Definitions, Server Definitions, Report Node Definitions, System Settings, Batch Timings, Sample Processing |
CPPT1010 |
nVision Reporting |
nVision |
Define Layout, Edit Report, Run Report, Save Report, Delete Report, Open Scope, Edit Scope, Save Scope, Delete Scope |
CPPT1020 |
Report Books |
Report Books |
Report Book Definition, Drilldown Layout Registration, Run Drilldown, Report Request, Scope Definition |
CPPT1030 |
Tree Manager |
Tree Manager |
New, Open, Rename, Delete, Print, Tree Node, Tree Level |