SOAIS - Data Security v3.1

Putting Customer First

PeopleSoft Data Security

23rd July 2009

SOA ITPutting Customer First

Agenda

PeopleSoft Security Introduction

Data Security Fundamentals

Types of Security Data

Setting Up HRMS Row Level Security

User Security & Transaction Security Join records

Security Maintenance

Appendix : PeopleSoft Delivered Security Views



Why should you secure organization information ??

Restrict exposure to sensitive Information such

as compensation and National ID numbers

Deter theft of company proprietary information such as sales,

revenue forecast, customer information

Prevent accidental or malicious falsification of data

Improve performance and efficiency i.e. no information overload

Goes with the premise of right information for the right people !



Internet security controls access to the PeopleSoft application sign-in

page and secures the information to and from the web browser

Database access secures access to the application database server

Application security controls access within the application

HRMS data permission controls access to HRMS data in the application


Agenda










Data Permission security (or Row Level Security) refers to controlling

access to the rows of data in your system

The system enforces data permission security with security search views


Core Security Views

Security Join Tables (SJT) are used in Core Security Views,

to control the data access

The core Security Views are used in

Component Search records

Query Security records

SQR Security records

Security prompt views

The core Security search views also use additional fields

which are used for the search criteria.



Working of a Core

Security view.

Mark the SJT Records

which are joined to filter

the data according to the

permission of the User.




Features of HRMS Row Level Security

Ability to use more than one-way of securing your data.

Better performance and flexibility for refreshing security tables.

Real-time updates to security tables.

Ability to Secure access to Job Openings, Department Data and

Person Data.

Easier setup of global and additional appointment security.


Agenda










Security Data is the set of Data which is used to implement data

security

Data security is implemented from two aspects

User Security data

Transaction Security data


User Security Data defines the users security access. User Security

data includes

The Row Security Access assigned to a permission list (role-based or dept

tree based security)

Which Permission List is assigned to which user profiles.



Transaction Data is the data that is being secured

Fields which are used for securing the data are called as transaction

security data

Users enter the Transaction security data when they maintain the

Transaction records in HRMS



Agenda









Flow Diagram for Data Security Set Up

Setting Up HRMS Row level Security


HRMS Security Installation settings

Set the installation settings on the Security Installation

Settings component

Decide if you will want to use global security

or the additional assignment security versions

Decide what actions you want to include in future dated

security rows

Navigation to access the Security Installation page:

Set Up HRMS > Security > Core Row level security > Security installation settings



Security installation Set Up Page

HRMS Security Installation settings



Security Sets :

A Security set is a set of HRMS data that is being secured with

data permission.

PeopleSoft delivers five security sets

PPLJOB

PPLUSF

PPLPOI

DEPT

RSOPN

Additional Security sets can be defined on demand

Navigation to access the Security Set, Set Up Page

Set Up HRMS > Security > Core Row Level Security > Security Sets



Security Sets :



Security Set Up Page

Security Sets :



Security Access Types :

Security Access Types defines exactly which transaction

fields will be used to secure the data in the security set

PeopleSoft already delivers a set of access types for every

Security sets.

Security Access Types can be enabled or disabled

depending on the Data Security needs of the Organization

Additional Security Access Types can be defined on

Demand.

Navigation to access the Security Access Type page:Set Up HRMS > Security > Core Row Level Security > Security Access

Types



Security Access Type Page

Security Access Types :



Delivered Security Access Types for each Security Sets

Security Access Types


Steps to follow to implement Security by Dept Tree:

Create Department Security Tree.

Create Permission List (Row Security permission List).

Set up Security by Dept Tree (assign department access to permission list).

Navigation for the Set Up:

Set UP HRMS > Security > Core Row Level Security > Security by Dept Tree

Manual Refresh of the process: Refresh SJT_CLASS_ALL.

Navigation for the refresh process:

Set UP HRMS > Security > Core Row Level Security > Refresh SJT_CLASS_ALL

Associate the Permission list with the User.

Refresh the Process: Refresh SJT_OPR_CLS.

Navigation for the Refresh process:

Set UP HRMS > Security > Core Row Level Security > Refresh SJT_OPR_CLS

Security by Dept Tree



Online Page to set up Department Tree. Access to Data is based on the hierarchy structure in the Tree.


Online page for Security by Dept Tree. Access to the data by

department is defined here.



Online page to refresh SJT_CLASS_ALL

Uncheck Refresh all rows option to avail all the Refresh Sets. Select from the drop

down All Trees or Specific Trees to Refresh the SJT Record only with Security data

based upon Department Tree.



Online page to refresh SJT_CLS_OPRThis refresh process maps all Users with the associated row security permission list.

Usually this SJT record is Populated when the security by Dept Tree is saved. The

component, Security by Dept Tree updates the SJT record only when it finds an user

associated with the permission list



Security by Permission List

Security by Permission List is based upon non-hierarchical data

Steps to follow to Set Up Security by permission list

Create Permission List (Role based Security Permission List).

Create Roles to assign the Security Permission List.

Set Up Security by Permission List (non-dept Tree).

Navigation for the Set Up:

Set UP HRMS > Security > Core Row Level Security > Security by Permission List

Refresh the process: Refresh SJT_CLASS_ALL


Set UP HRMS > Security > Core Row Level Security > Refresh SJT_CLASS_ALL

Associate the Security Role with the User.

Refresh the Process: Refresh SJT_OPR_CLS.


Set UP HRMS > Security > Core Row Level Security > Refresh SJT_OPR_CLS


Online page to Set Up the security by permission list.Select the Security Set from the list and the Security access types to define the data permission for the

Data security Permission List. On saving the component the SJT records SJT_CLASS_ALL and

SJT_CLS_OPR are updated.



Access the Refresh process Refresh SJT_CLASS_ALL and select the refresh

set Permission List or Security Type to refresh the SJT record with the Non-dept

tree based user security data.



Online page to refresh SJT_CLS_OPR. This refresh process maps all Users with the associated row security

permission list. Usually this SJT record is Populated when the security by

Permission list is saved. The component, Security by permission list updates

the SJT record only when it finds an user associated with the permission list



Security by Dept Tree Vs Non Dept Tree


Agenda







Appendix : PeopleSofivered Security Views


User Security Join Records

When to Run SJT_OPR_CLS process:

When not to Run SJT_OPR_CLS process:

The permission List is already added to the User (Both Row Security & Role

based Permission List).

Add a permission list with data permission, or delete one from, a role not

yet assigned to a user.

Modify the data permission of a role based or tree based permission list.


Add/Remove a permission list with data permission to/from a role that is already

assigned to one or more users.

Add/delete a row security permission list to/from a User.

Add/delete a role with data permission to/from a User.

Clone an existing profile which has data permission either through roles or row security


User Security Join Records

When to Run SJT_ CLASS_ALL process:

Set Up Security Initially.

Enable or modify a Security Access Type

Add or modify a Dept security Tree.

Add or modify a row security Permission list in Security by Dept Tree Component.

When not to Run SJT_CLASS_ALL process:

Refresh of this SJT is not required when the Security by permission List component

is updated. On saving the component this SJT is updated. However, in case of batch

update running this process for Permission List based on roles becomes a mandate.



Transaction Security Join Records.

Transaction security Join Records stores the transaction data required to secure

each row of data. The SJT Record saves data for each unique combination of key

fields.

Transaction SJT records are updated when the HRMS Transaction records are

updated.

PeopleSoft defines four types of Transaction SJTs. Each capturing a set of

transaction data to be secured.

Can also be refreshed by running the processes: Refresh Trans. SJT Tables &

Nightly SJT refresh process

Navigation for the refresh:

Set UP HRMS > Security > Core row Level Security > Refresh Trans. SJT Tables

Set UP HRMS > Security > Core row Level Security > Nightly SJT refresh process


Transaction Security Join Records

PS Delivered Transaction Security Tables




Online page to Refresh Transaction record.

Access the page to refresh all Security sets or any particular security set. The

Security Transaction Record updated is displayed in the page.




Nightly refresh process for Transaction Security Records.

This process is scheduled to run on an automated basis. This process is run

to take into effect the future dated rows. Future dated rows are not updated

to the SJT record when the HRMS transaction components are saved.




When to run Refresh Trans. table process:

Set up Security Initially

Enable or modify Security Access Type

Disable a Security Access type

When future dated rows become effective

When the component save bypasses the PeopleCode update



Agenda










Refresh SJT_OPR_CLS whenever the relationship between

User profile and assigned permission list changes

Activate the Subscriptions on the User profile

(HCM_Refresh_SJT_OPR_CLS) & Role Maintenance

(HCM_Role_Refresh_SJT_OPR_CLS) for a real time update of the

SJT_OPR_CLS

For changes to the data permission list, refresh SJT_CLASS_ALL.

Refresh SJT_CLASS_ALL & appropriate Transaction SJT record for

changes in Security access types.

Changes to the Department tree, refresh SJT_CLASS_ALL.

Refresh by the nightly process for access to Future dated rows.

Batch upload of transaction record rows, refresh SJT Transaction


Agenda









Core Security Views


Q & A

About SOAIS

SOAIS is a provider of Enterprise IT and Process outsourcing solutions. Since its inception SOAIS

has expanded at a tremendous pace and has garnered customers from both mid-market segment

and Fortune 100 companies. We have experience in managing ERP applications as well as in

providing high value services around packaged enterprise applications such as PeopleSoft and

Oracle. Our experience in the business process outsourcing area fully extends our services

footprint to provide end to end enterprise wide solutions. See www.soais.com for information.

You can also clarify queries or provide feedback on this presentation at http://www.soais.com/askexpert.html

SOAIS - Data Security v3.1

Documents

Transcript of SOAIS - Data Security v3.1