Security



SECURITY

                                                                                   

How Many Ways we Can Implement Security In People soft?
We can Implement security in People soft in 6 ways:
1.    Signon and time-out security.
2.    Page and dialog security.
3.    Batch environment security.
4.    Definition security.
5.    Application data security.
6.    PeopleSoft Internet Architecture security

What is Permission List?
A Permission List is a list of authorizations that we assign to roles.

What is a Role?
A role is an intermediate object that links the user profiles to the permission lists. Roles enable you to add permissions to users dynamically.

What is user profile?
A User Profile is a set of data about a particular user. And is useful to define the individual PeopleSoft users. We define User Profiles and then link them to one or more Roles. Typically, We link a User Profile to at least one Role in order to be a valid profile. The majority of values that make up a User Profile are inherited from the linked Roles.

What type of permissions can contains a Permission List?
Permission List stores the Sign-On times, Menus, People Tool access, such as access to Application Designer.

Can we assign multiple roles to user profile?
Yes.

Can we assign multiple permission lists to roles?
Yes.

What is Single sign on?
At a time we connect to more than one database. Means if we are in HR database, after completion of the transactions if we want to enter into FIN database, for this we need not reenter the password.
What is a sign on time?
A sign on time is an adjustable interval during which a user is allowed to sign on to PeopleSoft.
How we specify the sign on times and time-out interval?
Using Maintain Security we can specify both the sign on times and time-out interval.

Is it possible to restrict some users to access specific actions?
Yes.

How we execute the batch process?
By using the Process Scheduler. But we should assign the appropriate Process Profile to the User Profile and create process groups for our processes.

Can we add the Process Profile Permission List directly to the User Profile?
Yes. We can add the Process Profile Permission List directly to the User Profile, not to an intermediary Role.

What is User ID?
A PeopleSoft User ID is an ID which we enter at the PeopleSoft sign on dialog box. Using the User Id we can enter into the PeopleSoft system.

How can we assign a User Id and Password to a PeopleSoft user?
Using the PeopleTools Security.

What is Connect ID?
Using the Connect Id we can connect to the Database.

How can we create the Connect IDs?
By running the Connect.SQL and Grant.SQL scripts.

What is User ID?
A PeopleSoft User ID is the ID we enter at the PeopleSoft signon dialog box. Using People Tools Security, we assign each PeopleSoft user a User ID and password. The combination of these two items grants users online access to the PeopleSoft system. The system can also use a User ID stored within an LDAP directory server.
The User ID is the key used to distinctly identify the User Profile definition.

What is Connect ID?
Connect ID is a valid user ID that, when used during login, takes the place of PeopleSoft User IDs for the logon process. Using Connect ID means we don't have to create a new database user for every PeopleSoft user that we add to the system.
Connect ID is required for a direct connection (two-tier connection) to the database. So application servers and two-tier Windows Clients require a Connect ID. We specify the Connect ID for an application server in the Signon section of the PSADMIN utility, and for Windows Clients we specify the Connect ID in the Startup tab of the Configuration Manager. We can create a Connect ID by running the Connect and Grant’s scripts.

What is Symbolic ID?
We use Symbolic ID as a search key for retrieving the encrypted value of Access ID, which is stored in PSACCESSPRFL.
Also, the Symbolic ID acts as an intermediary entity between the User ID and the Access ID. All the User IDs are associated with a Symbolic ID, which in turn are associated with an Access ID.
For example if we had to change the Access ID, then we need to update only the reference of the Access ID to Symbolic ID in the PSACCESSPRFL table rather than updating with each and every User Profile in the PSOPRDEFN table.
What is Access ID?
While creating a User ID, we will assign a Access Profile to the user id, which specifies an Access ID and password.
PeopleSoft Access ID is the RDBMS ID with which PeopleSoft applications are ultimately connected to the database after the PeopleSoft system connects using the Connect ID and validates the User ID and password. An Access ID typically has administrator-level database access; that is, it has all the RDBMS privileges necessary to access and manipulate data for an entire PeopleSoft application. The Access ID should have SELECT, UPDATE, and DELETE access.
It's important to understand that users do not know their corresponding Access ID. They just signon with their User ID and password and—behind the scenes—the system logs them onto the database using the Access ID.
Should they try to access the database directly with a query tool using their User or Connect ID, they have limited access. User and Connect IDs only have access to the few PeopleSoft tables used during signon, and that access is SELECT-level only. Furthermore, PeopleSoft encrypts all sensitive data that resides in those tables.

What is the procedure to create a Permission List?
             
  • Go to PeopleTools, Security, Permission & Roles, Permission List.
  • On the Search page click Add New Value.
  • In the Permission List edit box enter the Permission List name as xy. And click Add.
  • Give the description if required and then click Save.
  • Go to Web Libraries Tab include all the 27 libraries. Click Save. (Then we can enter into the browser environment).
  • Go to any tab specify the required options then save.

What is the Procedure to create a new Role?


  • Go PeopleTools, Security, Permission & Roles, Roles.
  • On the Search page click Add New Value.
  • In the Role Name edit box enter the Role name as xyz. And click Add.
  • Give the description if required and then click Save.
  • Go to Permission List Tab and specify the Permission list name as XY, then click Save.
  • Go to any tab specify the required options then save.

What is the Procedure to create a new User Profiles?

  • Go PeopleTools, Security, User Profiles, User Profiles.
  • On the Search page click Add New Value.
  • In the User Id edit box enter the User Profile name as xy. And click Add.
  • In the General Tab specify the symbolic id as sa1.
  • Go to Role Tab and specify the Role Name as xy. Then Save

What is the Procedure to implementing Definition Security?
Go, Definition Security in Application Designer.
File, New Group (Here we can specify all the objects which we want give the permission to access the user). After creating new groups if we want to modify the group then go to File, Open, Group Then specify the Group Id.
File, save (save the new group).
File, Open, Permission List. Then specify the Permission List. Then assign groups to the permission list. Then Save.
Close Application Designer and Definition Security. Reenter with the new user profile and observe all the things.
What is a Access Group?
Access groups are nodes in a query tree, which are built with PeopleSoft Tree Manger. After we build a query tree, we give users access to one or more of its access groups. Then they can generate queries on any tables in the access groups accessible to them.
When we open Query Manager, it displays either an access group structure or an alphabetical list of records to which we have access. Access groups enable us to logically organize the record components to control security access within Query. It is not a physical representation of database. The record components shown are those that the user has been granted access to.
Adding a Access Group:
Open the desired Permission List and select Query, Access Groups Permissions.
Select a Tree Name.
Use the drop-down list boxes to find the Tree Name that we need.
  Select the highest Access Group that the user can access.
Use the drop-down list boxes to find the Access Group. The system displays only the access groups in the selected query tree.
The Access Group selected should be the highest-level tree group to which this Permission List needs access. The Accessible check box is selected by default. For example, users in the ALLPANLS permission list have access to all record components in the EIS_ACCESS_GRP and all access groups below it in the QUERY_TREE_EIS query tree—in other words, to all record components in the tree.
Clear the Accessible check box, if desired.
Save.
What is a Process Group?
Process groups are collections of Process Definitions that we create using PeopleSoft Process Scheduler. We add process groups to permission lists on the Process Group Permission page.
Typically, we group Process Definitions according to work groups within our organization, and typically that work group would have a particular role associated with it. Regardless of how we organize our Process Definitions, we must assign process groups to a permission list.
Users can run only those processes through Process Scheduler that belong to process groups assigned to their role.
What is a Process Profile?
The process profile definition (defined in Process Scheduler) determines the default Process Scheduler settings for a user.
For example, with the process profile, we specify such settings as where the system delivers the output of the process, whether the user can update the process request, and so on.
What is Primary Permission List?
Data permissions, or row-level security, appear either through a Primary Permissions List or a Row Security Permissions list.         
What is Object Security?
Object / Definition Security is a separate People Tool that is used to restrict access of application developers. We use Definition Security to govern access to the individual database object definitions, such as Record definitions, Field definitions, and Page definitions. We use Definition Security to protect particular object definitions from being modified by certain developers.

What is a Row Level Security?

With row-level security, users can have access to a table without having access to all rows on that table. This type of security is typically applied to tables that hold sensitive data.
People Soft applications implement row-level security by using a SQL view that joins the data table with an authorization table.
How to implement row level security by operator id?
You can design special types of SQL views security views to control access to individual rows of data stored within your application database tables. People soft applications are delivered with built-in row level security functions, tailored to the specific application.  
                                                                                             
What is the use of PeopleSoft Internet security?
PeopleSoft Internet security controls the user access to shared hardware and software          resources, So that only authorized users can connect to the web and application servers. This is also called Runtime Security.
What is the use of Web server/Application server security?
Web server/Application server security controls access to system objects and resources, So that only authorized users can connect to a given database.
What is the use of Database security?
Database security controls the access to database tables.
What is the use of PeopleSoft application security?
At what level we can setup the PeopleSoft application security?
User Level
Row-Level
Field-Level
Object level.
Tell about User Level security?
By using the Maintain security PeopleTool we can establish the user security. Using the User Security we can controls the user access into PeopelSoft applications.

How can we implement the Row-Level Security? What is the use of Row-Level Security?
For this we don’t have any PeopleTool. Row-Level Security is implemented by using the SQL Views.
Using the Row-Level Security we can controls the rows of data that can be accessed by each user.

How we implement the Field-Level security? What is the use of Field-Level security?
By assigning the PeopleCode to the field. Like Hide Unhide, Gray, Ungray.
Using the Field-Level security we can control the user access to specific data filed.

How can we establish the Object security?
By using the Definition Security PeopleTool.

What is the purpose of the Definition Security?
Using the Definition Security we can restrict particular objects from application developers. But not for the end users.
How many objects we can develop using the Definition Security?
Only one objects that is Group ID.

Can we run the Definition Security in Browser environment?
No. it is applicable only in windows environment.

What is the difference between Maintain security and Object Security (Definition)?
      By using the Maintain Security we can restricts the users to access the particular functions like some pages, some records, but using the Object security we restrict the total objects.
Ex: if we don't want a developer to touch Application Engine programs, don't allow them to access Application Engine.

What is Batch Environment Security? or How do you give security to batch programs like SQR and A.E?

There are three levels of security for batch programs:
·         Each batch program has a run control that we define before we can run the batch program. The run controls are set up using PeopleSoft Process Scheduler

·         Also using PeopleSoft Process Scheduler, you set up Process Groups, which are groups of batch processes. Then in PeopleTools Security you add Process Groups to a security profile. Users can run processes that belong to the Process Groups assigned to their security profile.

·         In your RDBMS environment, you can restrict off-line access to batch processes using the security tools described in your platform manuals.
Note: You add the Process Profile Permission List directly to the User Profile, not to an intermediary Role.The PeopleSoft Internet Architecture is in the category of PeopleSoft online security, also known as runtime security. Only authorized users can connect to the web and application server, and only authorized application servers can connect to a given database.

What is 

Understanding Configuration ManagerConfiguration Manager

The Configuration Manager is a PeopleTool designed to simplify workstation administration by providing a way to adjust the PeopleSoft registry settings from one central location. With the Configuration Manager you can set up one workstation to reflect the environment at your site, and then you can export the configuration file, which can be shared among all the workstations at your site.
The Configuration Manager contains a variety of setting controls that allow you to set up your workstations for connecting to the database, using workflow, and so on. It enables you to define separate "profiles" for connecting to different PeopleSoft databases.
What is Query Manager?
Visual representations of your PeopleSoft database, without writing Structured Query Language (SQL) statements.  Using the Query Manager we can develop only one object that is Query.
Uses of the Query Manager 

  • Display data in a grid for review purpose.
  • We can send the output to the Windows Excel or Crystal reports.
  • For creating the Dimensions in the Cube Manager.
  • We can create the data structure for Peoplesoft nVision.
  • We can create the basic structure of online analytical processing (OLAP) dimensions.
  • Run Query from any PeopleSoft application page.
  • To determine to whom to forward information. This type of query is called role query.
  • Searching the records based on sophisticated search criteria. This type of query is called a search query, For Creating Views.


2 comments:

Subscribe to: Posts (Atom)