Defining Row-Level Security
This topic lists the pages used to define row-level security, including their navigation and usage.
|
Page Name |
Definition Name |
Navigation |
Usage |
|---|---|---|---|
|
Business Unit Security by Permission List Page |
SEC_BU_CLS |
|
Grant access to a business unit by using a permission list. |
|
Business Unit Security By User ID Page |
SEC_BU_OPR |
|
Grant access to a business unit by using a user ID. |
|
TableSet Security by Permission List Page |
SEC_SETID_CLS |
|
Grant access to a tableset by using a permission list. |
|
TableSet Security by User ID Page |
SEC_SETID_OPR |
|
Grant access to a tableset by using a user ID. |
|
Ledger Security by Permission List Page |
SEC_LEDGER_CLS |
|
Grant access to a ledger or ledger group by using a permission list. |
|
Ledger by User ID Page |
SEC_LEDGER_OPR |
|
Grant access to a ledger or ledger group by using a user ID. |
|
nVision Ledger Security Page |
LEDGER_SECURITY |
|
Specify the business units and ledgers accessible in the creation of PS/nVision reports by securing an nVision ledger field by user rather than role. Because the scope of a PS/nVision report may cross business unit and ledger boundaries, you may need to specify particular security access for users who generate reports with field data that they cannot access when performing other tasks. |
|
Project Security Page User, Tree Based Security |
SEC_PROJECT_OPR |
|
Grant access by user ID to project role. There are two versions of the page, depending on whether Use List or Use Tree is selected as the project security type on the Security Options page. |
|
Project Security Page |
SEC_PROJLST_CLS |
|
This is a second version of the page. Grant access by permission list to project role. |
|
BU Book/Perm List Page (business unit book by permission list) |
SEC_BUBOOK_CLS |
|
Grant access to a business unit book by using a permission list. |
|
BU Book by User ID Page (business unit book by user ID) |
SEC_BUBOOK_OPR |
|
Grant access to a business unit book by using a user ID. |
|
Pay Cycle by Permission List Page |
SEC_PYCYCL_CLS |
|
Grant access to a pay cycle by using a permission list. |
|
Pay Cycle by User ID Page |
SEC_PYCYCL_OPR |
|
Grant access to a pay cycle by using a user ID. |
|
Grants Operator Security Page |
GM_SEC_DEPT_OPR |
|
Grant access by departments by user ID. |
|
Proposal Management Security Page |
GM_PM_SEC_DEPT_OPR |
|
Grant access by departments by user ID. |
|
Planning Instance Page |
SEC_PRBINS_OPR |
|
Grant access to planning instance by user ID. |
|
Planning Instance Page |
SEC_PRBINS_CLS |
|
Grant access to planning instance by permission list. |
Use the following components to define row-level security:
Unit Security by Perm List (unit security by permission list) (SEC_BU_CLS)
Unit Security by User ID (SEC_BU_OPR)
TableSet Security by Perm List (tableset security by permission list) (SEC_SETID_CLS)
TableSet Security by User ID (SEC_SETID_OPR)
Ledger Security by Perm List (ledger security by permission list) (SEC_LEDGER_CLS)
Ledger Security by User ID (SEC_LEDGER_OPR)
nVision Ledger Security (LEDGER_SECURITY)
Pay Cycle by user ID (SEC_PYCYCL_OPR)
Pay Cycle by permission list (SEC_PYCYCL_CLS)
Project Security (SEC_PROJECT)
Use the following component interfaces to load data into the respective component tables:
Use the SEC_BU_CLS component interface to load data into the tables for the Unit Security by Perm List component.
Use the SEC_BU_OPR component interface to load data into the tables for the Unit Security by User ID component.
Use the SEC_LEDGER_CLS component interface to load data into the tables for the Ledger Security by Perm List component.
Use the SEC_LEDGER_OPR component interface to load data into the tables for the Ledger Security by User ID component.
Use the SECURITY_NVISION_LEDGER component interface to load data into the tables for the nVision Ledger Security component.
Once you select security options and, if necessary, update security view names, define the secured field values for each user or permission list. You grant access to business units, tablesets, ledgers, business unit books, and pay cycles by using permission lists or user IDs. When securing key fields in your application, the page that you use depends on which level of system security you select. If you select permission list security, secure fields on the permission list security pages. If you select user-level security, secure fields on the user ID security pages.
Note: When granting row-level access for business unit, SetID, ledger, book, planning instance, and pay cycle to permission lists, the system uses the user's primary permission list.
Warning! Values entered in secured fields are not checked against row-level security permissions when run controls are reused. After a user initially creates a run control, the user can still run processes on a secured field value even if row-level security access to that field is subsequently taken away. If you make security profile changes, verify the run controls that use secured data and remove run controls for secured field values to which a user should no longer have access.