peoplesoft data security - ardenterp.com … · setting up hrms row level security ... security...
TRANSCRIPT
-
Putting Customer First
PeopleSoft Data Security
23rd July 2009
-
SOA ITPutting Customer First
Agenda
PeopleSoft Security Introduction
Data Security Fundamentals
Types of Security Data
Setting Up HRMS Row Level Security
User Security & Transaction Security Join records
Security Maintenance
Appendix : PeopleSoft Delivered Security Views
-
SOA ITPutting Customer First
PeopleSoft Security Introduction
Why should you secure organization information ??
Restrict exposure to sensitive Information such
as compensation and National ID numbers
Deter theft of company proprietary information such as sales,
revenue forecast, customer information
Prevent accidental or malicious falsification of data
Improve performance and efficiency i.e. no information overload
Goes with the premise of right information for the right people !
-
SOA ITPutting Customer First
PeopleSoft Security Introduction
Internet security controls access to the PeopleSoft application sign-in
page and secures the information to and from the web browser
Database access secures access to the application database server
Application security controls access within the application
HRMS data permission controls access to HRMS data in the application
-
SOA ITPutting Customer First
Agenda
PeopleSoft Security Introduction
Data Security Fundamentals
Types of Security Data
Setting Up HRMS Row Level Security
User Security & Transaction Security Join records
Security Maintenance
Appendix : PeopleSoft Delivered Security Views
-
SOA ITPutting Customer First
Data Security Fundamentals
Data Permission security (or Row Level Security) refers to controlling
access to the rows of data in your system
The system enforces data permission security with security search views
-
SOA ITPutting Customer First
Core Security Views
Security Join Tables (SJT) are used in Core Security Views,
to control the data access
The core Security Views are used in
Component Search records
Query Security records
SQR Security records
Security prompt views
The core Security search views also use additional fields
which are used for the search criteria.
Data Security Fundamentals
-
SOA ITPutting Customer First
Working of a Core
Security view.
Mark the SJT Records
which are joined to filter
the data according to the
permission of the User.
Data Security Fundamentals
-
SOA ITPutting Customer First
Data Security Fundamentals
Features of HRMS Row Level Security
Ability to use more than one-way of securing your data.
Better performance and flexibility for refreshing security tables.
Real-time updates to security tables.
Ability to Secure access to Job Openings, Department Data and
Person Data.
Easier setup of global and additional appointment security.
-
SOA ITPutting Customer First
Agenda
PeopleSoft Security Introduction
Data Security Fundamentals
Types of Security Data
Setting Up HRMS Row Level Security
User Security & Transaction Security Join records
Security Maintenance
Appendix : PeopleSoft Delivered Security Views
-
SOA ITPutting Customer First
Types of Security Data
Security Data is the set of Data which is used to implement data
security
Data security is implemented from two aspects
User Security data
Transaction Security data
-
SOA ITPutting Customer First
User Security Data defines the users security access. User Security
data includes
The Row Security Access assigned to a permission list (role-based or dept
tree based security)
Which Permission List is assigned to which user profiles.
Types of Security Data
-
SOA ITPutting Customer First
Transaction Data is the data that is being secured
Fields which are used for securing the data are called as transaction
security data
Users enter the Transaction security data when they maintain the
Transaction records in HRMS
Types of Security Data
-
SOA ITPutting Customer First
Agenda
PeopleSoft Security Introduction
Data Security Fundamentals
Types of Security Data
Setting Up HRMS Row Level Security
User Security & Transaction Security Join records
Security Maintenance
Appendix : PeopleSoft Delivered Security Views
-
SOA ITPutting Customer First
Flow Diagram for Data Security Set Up
Setting Up HRMS Row level Security
-
SOA ITPutting Customer First
HRMS Security Installation settings
Set the installation settings on the Security Installation
Settings component
Decide if you will want to use global security
or the additional assignment security versions
Decide what actions you want to include in future dated
security rows
Navigation to access the Security Installation page:
Set Up HRMS > Security > Core Row level security > Security installation settings
Setting Up HRMS Row level Security
-
SOA ITPutting Customer First
Security installation Set Up Page
HRMS Security Installation settings
Setting Up HRMS Row level Security
-
SOA ITPutting Customer First
Security Sets :
A Security set is a set of HRMS data that is being secured with
data permission.
PeopleSoft delivers five security sets
PPLJOB
PPLUSF
PPLPOI
DEPT
RSOPN
Additional Security sets can be defined on demand
Navigation to access the Security Set, Set Up Page
Set Up HRMS > Security > Core Row Level Security > Security Sets
Setting Up HRMS Row level Security
-
SOA ITPutting Customer First
Security Sets :
Setting Up HRMS Row level Security
-
SOA ITPutting Customer First
Security Set Up Page
Security Sets :
Setting Up HRMS Row level Security
-
SOA ITPutting Customer First
Security Access Types :
Security Access Types defines exactly which transaction
fields will be used to secure the data in the security set
PeopleSoft already delivers a set of access types for every
Security sets.
Security Access Types can be enabled or disabled
depending on the Data Security needs of the Organization
Additional Security Access Types can be defined on
Demand.
Navigation to access the Security Access Type page:Set Up HRMS > Security > Core Row Level Security > Security Access
Types
Setting Up HRMS Row level Security
-
SOA ITPutting Customer First
Security Access Type Page
Security Access Types :
Setting Up HRMS Row level Security
-
SOA ITPutting Customer First
Delivered Security Access Types for each Security Sets
Security Access Types
-
SOA ITPutting Customer First
Steps to follow to implement Security by Dept Tree:
Create Department Security Tree.
Create Permission List (Row Security permission List).
Set up Security by Dept Tree (assign department access to permission list).
Navigation for the Set Up:
Set UP HRMS > Security > Core Row Level Security > Security by Dept Tree
Manual Refresh of the process: Refresh SJT_CLASS_ALL.
Navigation for the refresh process:
Set UP HRMS > Security > Core Row Level Security > Refresh SJT_CLASS_ALL
Associate the Permission list with the User.
Refresh the Process: Refresh SJT_OPR_CLS.
Navigation for the Refresh process:
Set UP HRMS > Security > Core Row Level Security > Refresh SJT_OPR_CLS
Security by Dept Tree
-
SOA ITPutting Customer First
Security by Dept Tree
Online Page to set up Department Tree. Access to Data is based on the hierarchy structure in the Tree.
-
SOA ITPutting Customer First
Online page for Security by Dept Tree. Access to the data by
department is defined here.
Security by Dept Tree
-
SOA ITPutting Customer First
Online page to refresh SJT_CLASS_ALL
Uncheck Refresh all rows option to avail all the Refresh Sets. Select from the drop
down All Trees or Specific Trees to Refresh the SJT Record only with Security data
based upon Department Tree.
Security by Dept Tree
-
SOA ITPutting Customer First
Online page to refresh SJT_CLS_OPRThis refresh process maps all Users with the associated row security permission list.
Usually this SJT record is Populated when the security by Dept Tree is saved. The
component, Security by Dept Tree updates the SJT record only when it finds an user
associated with the permission list
Security by Dept Tree
-
SOA ITPutting Customer First
Security by Permission List
Security by Permission List is based upon non-hierarchical data
Steps to follow to Set Up Security by permission list
Create Permission List (Role based Security Permission List).
Create Roles to assign the Security Permission List.
Set Up Security by Permission List (non-dept Tree).
Navigation for the Set Up:
Set UP HRMS > Security > Core Row Level Security > Security by Permission List
Refresh the process: Refresh SJT_CLASS_ALL
Navigation for the Refresh process:
Set UP HRMS > Security > Core Row Level Security > Refresh SJT_CLASS_ALL
Associate the Security Role with the User.
Refresh the Process: Refresh SJT_OPR_CLS.
Navigation for the Refresh process:
Set UP HRMS > Security > Core Row Level Security > Refresh SJT_OPR_CLS
-
SOA ITPutting Customer First
Online page to Set Up the security by permission list.Select the Security Set from the list and the Security access types to define the data permission for the
Data security Permission List. On saving the component the SJT records SJT_CLASS_ALL and
SJT_CLS_OPR are updated.
Security by Permission List
-
SOA ITPutting Customer First
Access the Refresh process Refresh SJT_CLASS_ALL and select the refresh
set Permission List or Security Type to refresh the SJT record with the Non-dept
tree based user security data.
Security by Permission List
-
SOA ITPutting Customer First
Online page to refresh SJT_CLS_OPR. This refresh process maps all Users with the associated row security
permission list. Usually this SJT record is Populated when the security by
Permission list is saved. The component, Security by permission list updates
the SJT record only when it finds an user associated with the permission list
Security by Permission List
-
SOA ITPutting Customer First
Security by Dept Tree Vs Non Dept Tree
-
SOA ITPutting Customer First
Agenda
PeopleSoft Security Introduction
Data Security Fundamentals
Types of Security Data
Setting Up HRMS Row Level Security
User Security & Transaction Security Join records
Security Maintenance
Appendix : PeopleSofivered Security Views
-
SOA ITPutting Customer First
User Security Join Records
When to Run SJT_OPR_CLS process:
When not to Run SJT_OPR_CLS process:
The permission List is already added to the User (Both Row Security & Role
based Permission List).
Add a permission list with data permission, or delete one from, a role not
yet assigned to a user.
Modify the data permission of a role based or tree based permission list.
User Security & Transaction Security Join records
Add/Remove a permission list with data permission to/from a role that is already
assigned to one or more users.
Add/delete a row security permission list to/from a User.
Add/delete a role with data permission to/from a User.
Clone an existing profile which has data permission either through roles or row security
-
SOA ITPutting Customer First
User Security Join Records
When to Run SJT_ CLASS_ALL process:
Set Up Security Initially.
Enable or modify a Security Access Type
Add or modify a Dept security Tree.
Add or modify a row security Permission list in Security by Dept Tree Component.
When not to Run SJT_CLASS_ALL process:
Refresh of this SJT is not required when the Security by permission List component
is updated. On saving the component this SJT is updated. However, in case of batch
update running this process for Permission List based on roles becomes a mandate.
User Security & Transaction Security Join records
-
SOA ITPutting Customer First
Transaction Security Join Records.
Transaction security Join Records stores the transaction data required to secure
each row of data. The SJT Record saves data for each unique combination of key
fields.
Transaction SJT records are updated when the HRMS Transaction records are
updated.
PeopleSoft defines four types of Transaction SJTs. Each capturing a set of
transaction data to be secured.
Can also be refreshed by running the processes: Refresh Trans. SJT Tables &
Nightly SJT refresh process
Navigation for the refresh:
Set UP HRMS > Security > Core row Level Security > Refresh Trans. SJT Tables
Set UP HRMS > Security > Core row Level Security > Nightly SJT refresh process
-
SOA ITPutting Customer First
Transaction Security Join Records
PS Delivered Transaction Security Tables
User Security & Transaction Security Join records
-
SOA ITPutting Customer First
Transaction Security Join Records
Online page to Refresh Transaction record.
Access the page to refresh all Security sets or any particular security set. The
Security Transaction Record updated is displayed in the page.
User Security & Transaction Security Join records
-
SOA ITPutting Customer First
Transaction Security Join Records
Nightly refresh process for Transaction Security Records.
This process is scheduled to run on an automated basis. This process is run
to take into effect the future dated rows. Future dated rows are not updated
to the SJT record when the HRMS transaction components are saved.
User Security & Transaction Security Join records
-
SOA ITPutting Customer First
Transaction Security Join Records
When to run Refresh Trans. table process:
Set up Security Initially
Enable or modify Security Access Type
Disable a Security Access type
When future dated rows become effective
When the component save bypasses the PeopleCode update
User Security & Transaction Security Join records
-
SOA ITPutting Customer First
Agenda
PeopleSoft Security Introduction
Data Security Fundamentals
Types of Security Data
Setting Up HRMS Row Level Security
User Security & Transaction Security Join records
Security Maintenance
Appendix : PeopleSoft Delivered Security Views
-
SOA ITPutting Customer First
Security Maintenance
Refresh SJT_OPR_CLS whenever the relationship between
User profile and assigned permission list changes
Activate the Subscriptions on the User profile
(HCM_Refresh_SJT_OPR_CLS) & Role Maintenance
(HCM_Role_Refresh_SJT_OPR_CLS) for a real time update of the
SJT_OPR_CLS
For changes to the data permission list, refresh SJT_CLASS_ALL.
Refresh SJT_CLASS_ALL & appropriate Transaction SJT record for
changes in Security access types.
Changes to the Department tree, refresh SJT_CLASS_ALL.
Refresh by the nightly process for access to Future dated rows.
Batch upload of transaction record rows, refresh SJT Transaction
-
SOA ITPutting Customer First
Agenda
PeopleSoft Security Introduction
Data Security Fundamentals
Types of Security Data
Setting Up HRMS Row Level Security
User Security & Transaction Security Join records
Security Maintenance
Appendix : PeopleSoft Delivered Security Views
-
SOA ITPutting Customer First
Core Security Views
-
SOA ITPutting Customer First
Core Security Views
-
SOA ITPutting Customer First
Q & A
About SOAIS
SOAIS is a provider of Enterprise IT and Process outsourcing solutions. Since its inception SOAIS
has expanded at a tremendous pace and has garnered customers from both mid-market segment
and Fortune 100 companies. We have experience in managing ERP applications as well as in
providing high value services around packaged enterprise applications such as PeopleSoft and
Oracle. Our experience in the business process outsourcing area fully extends our services
footprint to provide end to end enterprise wide solutions. See www.soais.com for information.
You can also clarify queries or provide feedback on this presentation at http://www.soais.com/askexpert.html