Kelvin

Clarity on PeopleSoft Securities

Hi,

 

Can anyone guide me on creating a robust security model that will give every user appropriate access? For instance, a functional user should not have access to administrative pages like People Tools. I know that PeopleSoft has already provided list of Permission list corresponding to modules. But how can we find the list of permission lists.

 

I would be much pleased if someone could guide to from scratch and share some of the best practices

 

Regards,

Kelvin.

Views: 105

Reply to This

Replies to This Discussion

Dale RathgeberPermalink Reply by Dale Rathgeber on March 4, 2010 at 10:14am
I find it is best to start from scratch and design, build and use all custom roles and permission lists. Some of the basics, like PeopleSoft User can just be cloned.
Simon OuPermalink Reply by Simon Ou on March 4, 2010 at 11:38am
I agree with Dale. Most of the delivered roles and permission lists are too generic so it's better to start from scratch. You first need to divide users into functional groups then determine what access each group should have. From there you create (or clone) permission lists and then group the permission lists to build roles that fit the needs.

Simon
KelvinPermalink Reply by Kelvin on March 4, 2010 at 11:44am
Thanks Dale & Simon.

Is there is way to find the entire list of permission list for a specific module. For ex, is there a way to find all the permission list related to the module General Ledger. And what are the permission list pertaining to the menu People Tools which gives access to administrative pages. I need to revoke this access to the users. Please assist.

Kelvin
Simon OuPermalink Reply by Simon Ou on March 4, 2010 at 12:07pm
Hi Kelvin,

PeopleSoft delivered permission lists named PTPT1100 and PTPT1200 which grant access to most items under the People Tools menu. Keep in mind though that if you modify a permission list then any role that contains this PL will be affected by your change.

To find all the permission lists related to a module you need to query the PT security tables. I will see if I could dig out queries I built a while ago.

Cheers,
Simon
PradnyaPermalink Reply by Pradnya on March 4, 2010 at 12:39pm
Hi,
To find all permission list for a perticular module,U should knw navigation for that miodule.
Go to peopletool->portal structure
In this select the folder under which your module component is registered,after selection folder
there is tab folder security click on it,it will show all permission list required to get access to for this folder
For more details u could also go to all components registered under tht folder and then select component security tab
u will get all permission list for it.
For ex. To find permission list for 'self service' menu
go to portal structure then select self service folder thr and got to folder security tab in tht u will get all permission listed
thr.
KelvinPermalink Reply by Kelvin on March 5, 2010 at 6:33am
Thanks Pradnya.

The user currently have access to certain pages in PeopleTools. I need to revoke access to the entire folder PeopleTools. What is the correct procedure to implement this.

Kelvin
Simon OuPermalink Reply by Simon Ou on March 5, 2010 at 2:48pm
Assuming that this is for one user and that you have access to PeopleTools/Security and PeopleTools/Portal, I would do the following:

- Do as Pradnya suggested - Navigate to PeopleTools/Portal/Structure and Content and click the Edit link for PeopleTools. Then click the Folder Security tab and a list of all permission lists that can access this folder will be displayed. Save the list in an Excel file.

- Navigate to PeopleTools/Security/User Profiles/User Profiles and enter the user id
- Click the "User ID Queries" tab (the last tab)
- Click the "User ID's Roles, Permission Lists and Page Access" link
- Compare the list that you get for this user to the Excel file earlier to determine which permission list(s) and role(s) that give the user access to the PeopleTools folder

Now you know the role(s) and permission list(s) that give the user access to the PT folder you have to decide what to do. Here are some options:
1. make changes to the roles/permission lists; or
2. remove the perm list from the role; or
3. remove the role(s) from the user profile; or
4. remove the role(s) from the user profile and replace them with new roles that have no access to the PT folder but retain other access.

Be very cautious if you go with option 1 or 2 since it will have an impact on other users. Personally I would go with option 4.

Simon

Kelvin said:
Thanks Pradnya.
The user currently have access to certain pages in PeopleTools. I need to revoke access to the entire folder PeopleTools. What is the correct procedure to implement this. Kelvin

RSS

© 2012   Created by PSoftPros.

Badges  |  Report an Issue  |  Terms of Service