HRMS Security – Modifying PeopleTools Definitions
May 24, 2011 Leave a comment
In PeopleSoft HRMS, Application Data security is implemented in multiple levels:
1. Table Level
2. Row Level
3. Field Level
Table Level – PeopleSoft Query is used to build queries and retrieve data from tables. The access to certain tables are controlled through Query Access Groups (the navigation to query access group is: PeopleTools > Security > Query Security > Query Access Manager)
Row Level – Row-level security is implemented through data permission lists for each user who has access to PeopleSoft through security views.
Field Level – Field level security, to restrict access to certain fields in PeopleSoft pages are done through peoplecode.
Have you heard of the term Definition Security?
With the usage of permission lists we can restrict access to certain delivered objects in PeopleSoft. However to restrict access to the delivered PeopleTools meta-data we go in for Definition security. There might be scenarios where we have to customize the delivered objects but the standard permissions will stop us showing the below message:
Inorder to skip this message and proceed with the changes to the delivered objects follow the steps below:
- Goto Go > Definition Security in application designer. Access to this tool is granted through the definition security checkbox in the peopletools page in permission list component.
- In definition security window, goto File > Open > Group > PEOPLETOOLS
- Select the definition that you want to change access from the definition drop down list.
- The left pane shows the definitions that have restricted access. The right pane contains the objects that are modifiable.
- Select the definition of your choice and press the right arrow (>).
- Save the changes. File > Save
Now the definition which you have modified will be accessible in application designer in change mode.
Once the changes are done, revert it to the original state. If not changed back, any user who has access to app designer can modify the tools definitions.
The best practice to accommodate these changes is to create a separate permission list, tag it to a role and assign it only to the users who are authorized to make these changes. To do this:
- Goto Go > Definition Security in application designer.
- In definition security window, goto File > New Group
- Add objects to this group
- Save the group using File > Save
- To add the group to the permission list: Goto File > Open > Permission List
- Add or exclude groups from the permission list.
- Save the permission list