A summary of the main PeopleTools security records.
Operators
| Record | Description |
|---|---|
| PSOPRDEFN | Stores all operators (users) in the PeopleSoft system. Also stores their employee ID (EMPLID), encrypted password, primary permission list, default navigator home page, process profile permission list and row security permission list. |
| PSROLEUSER | The highest level of security access is defined by roles (think of them as groups). This table stores the roles the user belongs to. |
| PSOPRCLS | Roles link together permission lists which are the security objects that define access to components, pages, and other areas of the system. This view returns the permission lists that a user has access to via their roles. Note that prior to PeopleTools 8, permission lists were synonymous with classes and most of the security tables still use this convention. |
| PSOPRALIAS | Aliases can be mapped to a particular operator ID (user). The obvious alias is employee ID (EMPLID) but others include external organisation ID (EXT_ORG_ID) and customer ID (CUST_ID). All ways of referring to the same entity. |
| PSOPRALIASTYPE | This is the setup table for operator aliases |
| PSOPRALIASFIELD | This is the setup table that maps operator aliases to records & fields |
| PSUSERATTR | User attributes store the a hint password question & response for a user (if this is enabled) |
| PSUSEREMAIL | Email addresses for users. |
Roles
| Record | Description |
|---|---|
| PSROLEDEFN | Stores roles and their properties. Roles can be assigned dynamically through Query, PeopleCode or LDAP. Roles are also used in conjunction withWorkflow and routing. |
| PSROLECLASS | Roles are made of up of one or permission lists, and this table links the two together. Very handy. |
Permission Lists
| Record | Description |
|---|---|
| PSCLASSDEFN | Permission lists are where the security really happens. They provide access to menus, components and pages and a host of other security including PeopleTools, Process security, Component Interfaces, Web Libraries, Web Services, Personalisations, Query and Mass Change. |
| PSAUTHITEM | The link between permission lists and menus |
| PSAUTHBUSCOMP | The link between permission lists and component interfaces and their methods |
| PSAUTHOPTN | The link between permission lists and personalisations |
| PSAUTHPRCS | The link between permission lists and process groups |
| PSAUTHSIGNON | The link between permission lists and signon times |
| PSAUTHWEBLIBVW | A view linking permission lists and access to web libraries (really just Menus in PSAUTHITEM that begin with WEBLIB_). |
| PSAUTHWS | The link between permission lists and web services (service operations) |
| PS_SCRTY_ACC_GRP | The link between permission lists, trees and query access groups |
| PS_MC_OPR_SECURITY | The link between permission lists and mass change templates. This is an odd table, it uses the field OPRID but really it links permission lists |
Check out this forum post for details about how to check which users have access to PeopleTools.
Portal
The PeopleSoft Enterprise Portal basically refers to the navigation system that links menus and components to the PeopleSoft online interface, navigation and search functionality. Access to anything in the online application is handled through portal security. The records associated with this include:
| Record | Description |
|---|---|
| PSPRSMDEFN | Stores the structure of the portal registry. This data is stored in a hierarchical (tree) structure within the table. The field PORTAL_URI_SEG1 is the menu, PORTAL_URI_SEG2 is the component, and PORTAL_URI_SEG3 is the market. |
| PSPRSMPERM | Stores permission lists associated with access to everything within the portal registry |
Useful Queries
Find out which users (and from what permission lists) have access to a particular page:
select distinct OPRID, OPRCLASS from PSOPRCLS where OPRCLASS in ( select distinct CLASSID from sysadm.PSAUTHITEM where PNLITEMNAME = '<PAGENAME>' );
扫一扫
282
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
