Managing Definition Group Security (Browser Client)

This topic provides an overview of managing definition group security and discusses how to:

  • Use the Definition Types page.

  • Use the Group Users page.

  • Use the Group Permission page.

  • Enable Secure by Default for a definition type.

  • Define component row-level security for a definition type.

  • Define permission list access to a definition group.

There are three mechanisms for securing definition types and definition groups: secure by default, component row-level security, and permission lists.

Term

Definition

Secure by Default (Definition Type)

When you enable “secure by default” for a definition type, definitions of the type are only accessible by the OPRID that last updated it (creator), or if it is associated with the primary permission list to which the OPRID belongs.

Note: When you enable secure by default for a definition type you must explicitly grant permission list access to users.

Use the Definition Types page described later in the topic to enable Secure by Default for definition types.

Component Row-Level Security (Definition Type)

Associate component row-level security with definition types to limit access to data.

You can specify dynamic views for a record for a definition type to control access.

Use the Definition Types page described later in the topic to specify dynamic views for definition types.

Permission Lists (Definition Group)

You can assign permission list access to definition groups, providing users assigned to a permission list full or read-only access to a definition group.

Use the Group Users page described later in this topic to view the permission lists and their associated users with access to a definition group.

Use the Group Permission page described later in this topic to define this access.

Use the Definition Types page (PTDEFSECTYP) to enable Secure by Default and set row-level security for definition types.

To access the page select PeopleTools > Security > Definition Security > Security Definition Types.

This example illustrates the fields and controls on the Definition Types page. You can find definitions for the fields and controls later on this page.

 Definition Types page

Field or Control

Description

Definition Type

Displays the name of the definition type.

Secure by Default

Select the box to enable Secure by Default for the definition type.

When you select this control the definitions of the definition type are accessible only to those given access.

Row-Level Security View

From the drop-down list, select the record to which to apply row-level security.

Note that only dynamic view records are available to select.

Use the Group Permissions page (PTDEFSECPERM) to view and manage permission list access to definition groups.

Full access is the default for a permission list defined for a definition group.

To access the page:

  1. Select PeopleTools > Security > Definition Security > Security Definition Groups.

    The Definition Groups Search page appears.

  2. Search for a definition group or add one to the system.

    The Group Content Summary page appears.

  3. Click the Group Permissions tab.

This example illustrates the fields and controls on the Group Permissions page. You can find definitions for the fields and controls later on this page.

 Group Permissions page

Field or Control

Description

Permission List

Click the Lookup button to search for a permission list to assign to the definition group.

Display Only

Select the box to allow read-only access to the definition group for users belonging to the permission list.

Use the Group Users page (PTDEFSECGRPUSERS) to view the user IDs with access to a definition group and the associated permission list with which they have gained access.

To access the page:

  1. Select PeopleTools > Security > Definition Security > Security Definition Groups.

    The Definition Groups Search page appears.

  2. Search for a definition group or add one to the system.

    The Group Content Summary page appears.

  3. Click the Group Users tab.

This example illustrates the fields and controls on the Group Users page. You can find definitions for the fields and controls later on this page.

 Group Users page

Field or Control

Description

User ID

The user ID of a user with access to the definitions in the definition group.

Permission List

The name of the permission list to which the user belongs and with which the user is gaining access to the definition group.

Remember that if you enable secure by default for a definition type, you must explicitly set permission list access to the definition type for users to be able to access the definitions of that type.

To enable Secure by Default for a definition group:

  1. Access the Definition Types page.

    To access the page select PeopleTools > Security > Definition Security > Security Definition Types.

  2. Select the Secure by Default box for each definition type to apply secure by default.

  3. Click the Save button.

To set component row-level security for definition types:

  1. Access the Definition Types page.

    To access the page select PeopleTools > Security > Definition Security > Security Definition Types.

  2. In the Row Level Security View field, enter the name of a dynamic view record defined for component row-level security, or click the Lookup button to search for one.

  3. Click the Save button.

To define permission list access to a definition group:

  1. Access the Group Permission page:

    1. Select PeopleTools > Security > Definition Security > Security Definition Groups.

      The Definition Groups Search page appears.

    2. Search for a definition group or add one to the system.

      The Group Content Summary page appears.

    3. Click the Group Permissions tab.

  2. In the Permission List field, select a permission list to assign to the definition group.

  3. (Optional) Select the Display Only box to limit access to read-only.

  4. Click the Save button.

To view permission lists and associated users with access to a definition group, use the Group Users page.