Security is especially critical for core business applications. In light of the complex and diverse nature of the different PeopleSoft computing environments and the wide range of statutory and regulatory compliance requirements, the system’s security measures must be based upon the functional nature and the data involved.
Much of the vast amount of electronic data generated throughout the PeopleSoft environments are comprised of human resource and financial information which is in many cases subject to privacy and confidentiality regulations. Typically, every department in companies does not have access to all applications nor does everyone within a department have access to all functions and data of a particular application.
System security involves protecting data/information against modification, loss, unauthorized use and/or disclosure. A security framework can be defined by several key controls including:
- online access to data
- password management
- user account management
- authentication and authorization mechanisms
- traceability (audit logs)
PeopleSoft delivers security features and PeopleTools applications, to ensure that sensitive application data is protected. The three main PeopleSoft security definition object types are user profiles, roles, and permission lists. These three components work together in providing system security access through inheritance.
- Permission lists are groups of authorizations that are assigned to roles.
- Roles are intermediate objects that link user profiles to permission lists.
- User Profiles are security objects given to each user of the system which possesses all security access and other unique identification information for theuser
- Each user has a User Profile, which in turn is linked to one or more Roles.
- To each Role, you can add one or more Permission Lists, which ultimately control what a user can and can't access.
- So a user inherits permissions through the role
Data permissions control the application data that a user is allowed to access in the PeopleSoft system. With application data security, data permissions can be set at the table level, row level and field level.
Table-level security is set by using PeopleSoft Query to build SQL queries to specify the records the user is allowed to access when building and running queries.
Row-level security controls access to individual rows of data stored within application database tables through security views; and enables you to specify the data that a particular user is permitted to access.
Field-level security is set using PeopleCode, the proprietary language used in the development of PeopleSoft applications, to restrict access to particular fields or columns within application tables.
Row-level security controls access to individual rows of data stored within application database tables through security views; and enables you to specify the data that a particular user is permitted to access.
Field-level security is set using PeopleCode, the proprietary language used in the development of PeopleSoft applications, to restrict access to particular fields or columns within application tables.
Determines who has access to what data on an individual basis
- Which key fields should be secured
- Business Unit? SetID? Department?
There is a lot more to PeopleSoft security including different components of security such as Object security, PeopleTools Security, Report Security, and Query Security.
No comments:
Post a Comment