Understanding PeopleTools Security
To provide Project Costing users with access to application functions that are essential to performing their jobs, you create security roles and assign them to individual user profiles. Attached to each security role are permission lists which provide access to application pages and processes that are required to perform the job tasks.
This topic discusses important PeopleTools components that you use to secure objects and definitions in your PeopleSoft system.
Permission lists are the building blocks of PeopleTools user security authorization. A permission list grants a particular degree of access to specified PeopleSoft elements such as pages, portals, menus, component interfaces, development environments, signon time periods, administrative tools, personalizations, and so on. Permission lists are specific to a specific set of objects that are necessary to support a unique security role. Security roles might have overlapping—but not identical—access requirements. You typically define permission lists before you define security roles and user profiles.
Project Costing delivers preconfigured sample permission lists that grant access to various pages. These permission lists support the sample functional security roles that are delivered with the application.
Important! If you modify a permission list, you change the access for all users who are assigned to security roles that are associated with the permission list.
See PeopleTools: Security Administration, "Setting Up Permission Lists."
This table lists some of the delivered sample permission lists that provide access to Project Costing, and typical security roles that are associated with each permission list:
|
Permission List |
Description |
Typical Security Roles |
|---|---|---|
|
EPPC2000 |
Project and Activity Setup |
Project Manager, Resource Manager, Contract Administrator, Grants Administrator, Proposal Planner |
|
EPPC2100 |
Project and Activity Team |
Project Manager, Resource Manager, Contract Administrator, Grants Administrator, Proposal Planner |
|
EPPC2500 |
Project Budgeting |
Project Manager, Budget Approver, Grants Administrator, Proposal Planner |
|
EPPC2700 |
Project Resource Adjustment |
Project Manager, Project Accountant, Time and Expense Administrator, Grants Administrator, Proposal Planner |
|
EPPC3100 |
Contract and Billing Integration |
Project Manager, Billing Manager, Billing Coordinator, Grants Administrator, Proposal Planner |
|
EPPC4000 |
Project Asset Capitalization |
Project Manager, Project Accountant, Financial Asset Manager, Grants Administrator, Proposal Planner |
|
EPPC6100 |
Financial Analysis |
CFO, Treasurer, Financial Analyst, Project Manager, Resource Manager, Budget Approver, Financial Asset Manager, Time and Expense Administrator, Buyer, Engineer, Grants Administrator, Proposal Planner |
|
EPPC7000 |
Third-Party Interface/Review |
Project Manager, Project Accountant, Grants Administrator, Proposal Planner |
|
EPPC9001 |
Project Costing Accounting Setup |
Project Manager, Project Accountant, Application Administrator, Contract Administrator, Grants Administrator, Proposal Planner |
Note: This table contains a subset of the delivered Project Costing permission lists. To view all of the Project Costing permission lists, go to and search for permission lists that begin with EPPC.
With row-level support, you can implement security to provide individual users or permission lists with access to a page, but you do not have to provide access to all rows in the table when the page is accessed. This type of security is typically applied to tables that hold sensitive data. For example, you can implement row-level security in Project Costing to restrict access to specific projects.
The PeopleTools security system determines which data permissions to grant to a user by examining the primary permission list and row security permission list. The permission list that the system uses varies by application and data entity, such as employee, customer, or business unit. Project Costing uses the row security permission list value to determine a user's access to projects if you implement permission list-level security.
Note: Row-level security does not restrict the data that is selected by batch processes.
Security roles are essentially collections of permission lists, which determine the pages that users can access. You can assign one or more permission lists to a security role. The resulting combination of permissions can apply to all users who share those access requirements. However, the same group of users might also have other access requirements that they don't share with each other. You can assign:
A permission list to multiple security roles.
Permission lists define access to specific portals and components based on the user's security role.
A security role to multiple user profiles.
Multiple security roles to a user profile.
User permissions are based on the combined permissions that are assigned to all of the user's security roles.
User profiles define individual PeopleSoft users. Each user is unique. The user profile specifies a number of user attributes, including one or more assigned security roles. After you create security roles, create user profiles and associate them with security roles. The values for a user's page access are inherited from the associated security roles.
To set up security roles and user profiles in PeopleTools:
Create security roles in the Role Maintenance component (ROLEMAINT).
Assign permission lists to security roles.
Create user profiles in the User Profile Maintenance component (USERMAINT).
Assign security roles to user profiles.
See PeopleTools: Security Administration, "Administering User Profiles."
Project Costing provides sample data that contains several preconfigured security roles based on functional tasks that are typically performed by an employee who is assigned to that security role. Each preconfigured security role comes with access to the set of pages within the application that correspond to the functional tasks of that security role. For example, a project manager can access pages that are used for every project management business process task, but a time and expense administrator can only access pages to make resource adjustments, perform expenses integration, perform time and labor integration, and create summary and variance reports.
This table lists three of the sample security roles that are delivered with the PeopleSoft system:
|
Security Role |
Description |
|---|---|
|
Project Manager |
Responsible for creating project plans, identifying activities, assigning responsibilities, determining budget, checking budget compliance, tracking project costs and expenses, billing customers, making payments, and adjusting resources. |
|
Project Accountant |
Responsible for setting up the project infrastructure, such as ChartFields, for the expenditures that are associated with projects. |
|
Application Administrator |
Responsible for the initial setup and ongoing maintenance for the application. |
Note: This table contains a subset of sample security roles that you can use in Project Costing. To view security roles, go to