User, Tree-Based Security

Three factors determine access to data in user, tree-based security:

• Access to a tree node (project).

• Position of the node on the tree.

• Project security profile.

You specify the project tree on the Project Security page that the system uses for controlling project security. Grant each user access to nodes on this project tree to define the projects to which the user has access. The user's security profile defines the degree and type of access that the user has to project data.

PeopleSoft delivers the PROJECT_BU tree structure for use in creating project security trees for row-level security.

Restricting and Allowing Access to Child Projects

With tree-based security, users have the same degree and type of access to the child projects of the selected project. Denying access to a project (node) on a project tree can also deny access to all of its child projects.

To restrict access to a parent project, but allow access to specific child projects:

1. Select a security profile that has No Access to the project for the parent project.

2. Select a security profile that has Read/Write or Read only access to the project for each child project.

To allow access to a parent project, but restrict access to specific child projects:

1. Select a security profile that has Read/Write or Read only access to the project for the parent project.

2. Select a security profile that has No Access to the project for each child project.

Note:

The default security for new trees is No Access. To implement minimal security, grant users access to the top node on each tree so that all of the nodes below it are accessible.