security

Published on June 2016 | Categories: Documents | Downloads: 46 | Comments: 0 | Views: 365
of 15
Download PDF   Embed   Report

Comments

Content

PeopleSoft Security Definitions
• A security definition refers to a collection of related security attributes that you create using PeopleTools Security. The three main PeopleSoft security definition object types are: • User profiles. • Roles. • Permission lists.

PeopleSoft Online Security
• The PeopleSoft system has many components, such as batch processes, object definitions, and application data. Use PeopleTools security tools to control access to most of these components. To secure other elements, you use applicationspecific interfaces, such as Administer Security. • This section discusses: • Sign-in and time-out security. • Page and dialog box security. • Batch environment security. • Definition security. • Application data security. • PeopleSoft Internet Architecture security.

Sign-in and Time-out Security
• When a user attempts to sign in to PeopleSoft, he or she enters a user ID and a password on the PeopleSoft Signon page. If the ID and password are valid, PeopleSoft connects the user to the application, and the system retrieves the appropriate user profile. • If the user attempts to sign in during an invalid sign-in time, as defined in the user's security profile, he or she is not allowed to sign on. A sign-in time is an adjustable interval during which a user is allowed to sign in to PeopleSoft. For example, if a given sign-in time is Monday through Friday from 7 a.m. to 6 p.m. for a set of users, those users cannot access a PeopleSoft application on Saturday or on Friday at 6:05 p.m.

Page and Dialog Box Security
• You can restrict access to PeopleSoft menus. You can set the access rights to the entire menu, such as Administer Workforce or PeopleTools Security, or just a specific item on that menu. Because the only way to access a PeopleSoft page is through a menu, if a user has no access to a particular menu or menu item, then you have effectively restricted that user's access to the corresponding page. • You can also restrict access to specific actions or commands on a page. For example, you may want a clerk in your sales office to be able to access contract data, but not be able to update the data. In this case, you grant access to the set of pages, but you allow display only access only. In this case, the clerk cannot update or correct any data. This approach enables users to get their work done while maintaining the security and integrity of your business data.

Batch Environment Security
• If a particular user must run batch processes using PeopleSoft Process Scheduler, assign the appropriate process profile to the user profile and create process groups for your processes. A user receives both process group and process profile authorizations through permission lists. A user gets permission to process groups through roles, and they get a process profile through the process profile permission list.

Definition Security
• Use Definition Security to govern access to database object definitions, such as record definitions, field definitions, and page definitions, and to protect particular object definitions from being modified by certain developers.

Application Data Security
• Definition security is a form of data security—you use it to control access to particular rows of data (object definitions) in PeopleTools tables. PeopleSoft also provides other methods to control the application data that a user is allowed to access in the PeopleSoft system. This task is also known as setting data permissions. • With application data security, you can set data permissions at the following levels:
– Table level (for queries only). – Row level. – Field level.



PeopleSoft Internet Architecture Security Client sends a request to connect.
Server responds to the connect request and sends a signed certificate.
Client verifies that the certificate signer is in its acceptable certificate authority list.







Client generates a session key to be used for encryption and sends it to the server encrypted with the server's public key (from the certificate received in step 2).
Server uses a private key to decrypt the client generated session key.

PeopleSoft Authorization IDs
• User IDs. • Connect ID. • Access IDs. • Symbolic IDs.

• Administrator access.

PeopleSoft Sign-in
• The basic steps in a PeopleSoft sign-in are: • Initial connection. • The application server starts, and uses the connect ID and user ID specified in its configuration file (PSAPPSRV.CFG) to perform the initial connection to the database. • The server performs a SQL Select statement on security tables. • After the connect ID is verified, the application server performs a Select statement on PeopleTools security tables, such as PSOPRDEFN, PSACCESSPRFL, and PSSTATUS. From these tables, the application server gathers such items as the user ID and password, symbolic ID, access ID, and access password. After the application server has the required information, it disconnects. • The server reconnects with the access ID. • When the system verifies that the access ID is valid, the application server begins the persistent connection to the database that all PIA and Windows three-tier clients use to access the database. Typically, the users signing in using a Microsoft Windows workstation are developers using PeopleSoft Application Designer or end users who need to access PeopleSoft Query or Tree Manager.

Security definition hierarchy

Home > PeopleTools > Maintain Security > Use > Permission Lists

...Enable Security

Component Permission

Home > PeopleTools > Maintain Security > Use > Permission Lists

Enable Security

Menu Permission

Home > PeopleTools > Maintain Security > Use > Permission Lists

...Enable Security

Page Permission

THANK YOU

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close