1.) The use of Permission lists, Roles, Data Permissions
and User Profiles are now the heart of PeopleSoft security. Data Permissions
(Row Level Security), Primary Permission lists (Primary Class) and Permission
lists (Class) are all created within the same page for easy maintenance.
Though all levels of permissions are maintained on the same page, be aware that
each of these permissions has a different use in the system. Steps must be
taken to ensure they are used in the correct situations.
PeopleSoft 8 requires a new naming convention be followed.
All data permissions have to be prefixed with “DP” and all primary
permission lists have to be prefixed with “PP”. All pages used with these
permissions have a search record that filters by these prefixes. One step
of the upgrade process copies the old values into the permissions tables and
should have a “PP” or a “DP”. Once established, the new values with the new
prefixes, clean up the old values can be accomplished using SQL. Sometimes the
only way to create the new value in PeopleSoft 8 is to use SQL and change one
of the old values to the new standard, updating the user profile to match the
required changes.
Primary permission lists are used to default field values
for each user in PeopleSoft. The primary permission lists are set up on the
permission list page just like any other permission list. What’s unique about
them is that no security is added to this permission list. Though this
permission list appears on the User Profile, none of the security will be used
in the profile. The permissions will not carry forward to the User Profile
unless the permission list is passed through a role. It’s better to leave
the primary list as a blank placeholder for primary permission default values
only.
Global security is a maintenance page that enables the country
specific flags associated with all global pages to be functional.
The global security is associated with the Primary permission list. If not
prefixed with “PP” or “DP”, the same problems may occur when accessing global
security to maintain these flags. There is always a large group of
non-usable information in the table that doesn’t need to be there after the
upgrade process is run. Using SQL, update one row to the new “PP” row.
Clean up the rest of the rows by adding “PP” or deleting. (Make sure the search
record for this page is set to ORPDEFN_SRCTY4.)
2) PeopleSoft determines which data permissions to grant a
user by looking at the users' Primary
Permission List and Row Security Permission List. Which one is used varies by application and data entity (Employee,
Customer, Vendor, Business Unit etc).
3) Other than role-permission lists,
there are 4 permission lists which are directly attached to the user and not
via role.
Those are set on the user profiles
page. One of them is primary permission list.
4.) Create a Permission list that will give access only fo a
couple of Business Units. Now this can be done by creating suitable Primary
Permission List.
