Security Rule Assignment

Once you have defined your security rules and applied those rules to events and business units, you are ready to attach the rules to users. You have the option to attach rules to single user IDs, to permission lists, or to dynamic rule groups.

Attaching Rules to User IDs

Assigning security rules to user IDs enables you to attach specific security rules to individuals. This can be tedious and can require a lot of maintenance for a large number of users, but it does provide a useful method for attaching special rules (such as a super user rule) to select users.

Attaching Rules to Permission Lists

Often you need to assign the same budget security to all the users of a permission list. While you could assign the security rule to each individual user, this would produce a maintenance issue in that if you needed to add a new security rule, you would have to add this rule multiple times. By taking advantage of the permission lists set up as part of your standard PeopleSoft application security, you can attach rules to a permission list, which then enables these rules for all users associated with the permission list.

Attaching Rules to Dynamic Rule Groups

In cases where a user is associated with a particular ChartField value, such as a manager and a department ID, you can create dynamic security rules and dynamic rule groups. Dynamic rule groups use a SQL view that you must define yourself, called the dynamic rule record, that joins the user ID and the ChartField value. Each user in the dynamic rule group has access to the budgets that include the ChartFields that the user is associated with in the dynamic rule record, for the security events defined in the dynamic security rule. This is far more convenient than creating and maintaining separate rules and attaching them individually to each user.

To set up dynamic rule groups, do the following:

Define a dynamic security rule in the Rule Definitions component.

This rule assigns a bind variable to the ChartField that is resolved by the dynamic rule record.
Use Application Designer to define a dynamic rule record, a SQL view that includes the user ID field and the ChartField that uses the parameter Bind in the dynamic rule.

For an example of a dynamic rule record, see the delivered record KK_DYN1 by opening the record in the PeopleSoft Application Designer.
Define a dynamic rule group by attaching the dynamic security rule to the dynamic rule record on the Attach Dynamic Rules page.

The Commitment Control Security (KK_SEC_FLAT) process creates security rows using the user ID and ChartField values from the dynamic rule record rows.

Dynamic Rule Group Example

Assume that you want to allow department managers to inquire only on their own departmental budgets. Do the following:

Define a dynamic security rule with department ID (DEPTID) defined as a bind variable and apply it to the Budget Inquire security event.
Define a dynamic rule record with the fields user ID (OPRID) and department ID, based on a join of the DEPT_TBL, the PERSONAL _DATA table, and the OPRALIAS table:
```
SELECT a.deptid 
```
```
, C.OPRID 
```
```
FROM PS_DEPT_TBL A 
```
```
, PS_PERSONAL_DATA B 
```
```
, PSOPRALIAS C 
```
```
WHERE A.MANAGER_NAME = B.NAME 
```
```
AND B.EMPLID = C.EMPLID
```
Define a dynamic rule group by attaching the dynamic security rule to the dynamic rule record.
Run the Commitment Control Security process.

Related Topics

Assigning Commitment Control Security Rules