PeopleSoft Security                                                         Andreas Faruki                                ...
Session Topics                                                                   PeopleSoft Securitys    PeopleSoft Contro...
Database System Components                                                                                              Pe...
Database System Components                                                                                              Pe...
Database System Components                                                                                                ...
Database System Components                                                                                                ...
Network Security                                                                                         PeopleSoft Securi...
Operating Systems Security                                                                                      PeopleSoft...
PeopleSoft Security                                                   Operator Security © 1998 Deloitte Touche Tohmatsu. A...
Configurable Components                                                        PeopleSoft SecurityBackground disconnect In...
Functionality                                                                     PeopleSoft Security               Operat...
Functionality                                                                                PeopleSoft Security          ...
Functionality                                                                    PeopleSoft Security           Administer ...
Functionality                                                                                                    PeopleSof...
Functionality                                                                   PeopleSoft Security                Process...
Functionality                                                                    PeopleSoft Security                Operat...
PeopleSoft Security                                               Financials Security© 1998 Deloitte Touche Tohmatsu. All ...
Control Environment Components                                                                                           P...
Configurable Components                                           PeopleSoft SecuritynVision Security Row level security p...
Control Features                                    PeopleSoft Securitys   Business Unit Security                        S...
Control Environment Components                                                                                         Peo...
Control Features                                       PeopleSoft SecurityPayables                           Session 7    ...
Control Features                                                                                          PeopleSoft Secur...
Control Environment Components                                                                                           P...
Control Features                                                               PeopleSoft Security    Field Securitys   Pe...
PeopleSoft Security                                                        HRMS Security© 1998 Deloitte Touche Tohmatsu. A...
Control Environment Components                                                                                            ...
Configurable Components                                                                                         PeopleSoft...
Configurable Components                                                                         PeopleSoft SecurityTree Ma...
Functionality                                                                       PeopleSoft Security                  H...
Control Environment Components                                                                                          Pe...
Control Environment Components                                                                                          Pe...
Auditability                                                                          PeopleSoft Security      •          ...
Control Environment Components                                                                                        Peop...
Functionality                                                                                    PeopleSoft Security      ...
Functionality                                                                   PeopleSoft Security        Query Profile© ...
Auditability                                                                   PeopleSoft Security    s       Ensure that ...
Control Environment Components                                                                                        Peop...
Control Environment Components                                                                                          Pe...
Control Environment Components                                                                                         Peo...
Configurable Components                                                                                          PeopleSof...
Configurable Components                                                                                PeopleSoft Security...
Functionality                                                                      PeopleSoft Security            Defines ...
Functionality                                                                     PeopleSoft Security© 1998 Deloitte Touch...
Functionality                                                                                       PeopleSoft Security   ...
Control Environment Components                                                                                         Peo...
Functionality                                                                   PeopleSoft Security           Assigning an...
Control Environment Components                                                                                      People...
Auditability                                                                   PeopleSoft Securitys      Ensure that Opera...
Configurable Components                                                                                      PeopleSoft Se...
Functionality                                                                   PeopleSoft Security         Assign Process...
Functionality                                                                   PeopleSoft Security         Process Job Se...
Auditability                                                                          PeopleSoft Security   s      Ensure ...
Session Topics                                                                        PeopleSoft Securitys    PeopleSoft C...
Upcoming SlideShare
Loading in …5
×

Erppeoplesoftsecurity

670 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
670
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Erppeoplesoftsecurity

  1. 1. PeopleSoft Security Andreas Faruki Scott Jorgensen Deloitte & Touche ISACA Spring Conference April 28, 1999 Session Learning Objectives PeopleSoft Securitys To present the security components and audit considerations within the PeopleSoft environments At the end of this session, the participant should be able to: – Understand the control architecture of PeopleSoft in the client server environment – Understand the key components of PeopleSoft security that administrators must consider – Understand audit considerations of each security component of PeopleSoft© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 2 1
  2. 2. Session Topics PeopleSoft Securitys PeopleSoft Control Architectures Operator Securitys Financials Securitys HRMS Securitys Query Securitys Other Reporting Toolss Object Securitys Process Scheduler Security© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 3 PeopleSoft Security PeopleSoft Control Architecture© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 4 2
  3. 3. Database System Components PeopleSoft Security PeopleSoft stores data in what is known as a Table. APVENDOR - Table Vendor # Vendor Name Address State City Bank Account 132 Burns Inc. 2 Main Connecticut Bethel 067543252 133 JPB Co. 47 White Connecticut Stamford 045356772 134 Burns Cons. 15 South Connecticut Hartford 657438792 152 Jim Trucking 77 Maple Connecticut Stamford 749900172© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 5 Database System Components PeopleSoft SecurityColumn security represents the same data field across all recordsin a table. (i.e. Vendor #) Vendor # Vendor Name Address State City Bank Account 132 Burns Inc. 2 Main Connecticut Bethel 067543252 133 JPB Co. 47 White Connecticut Stamford 045356772 134 Burns Cons. 15 South Connecticut Hartford 657438792 152 Jim Trucking 77 Maple Connecticut Stamford 749900172© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 6 3
  4. 4. Database System Components PeopleSoft Security A field on a PeopleSoft screen allows an user to view or update a column of data in a table.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 7 Database System Components PeopleSoft SecurityRow security represents all fields within a specific record.(i.e. all rows of data for vendor 132) Vendor # Vendor Name Address State City Bank Account 132 Burns Inc. 2 Main Connecticut Bethel 067543252 133 JPB Co. 47 White Connecticut Stamford 045356772 134 Burns Cons. 15 South Connecticut Hartford 657438792 152 Jim Trucking 77 Maple Connecticut Stamford 749900172© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 8 4
  5. 5. Database System Components PeopleSoft SecurityFinancials and HRMS offer row level security. Row security canrestrict an user’s access to a subset of records based upon a valuewithin a field in the record. (i.e. all rows of data for Ledger Budget) © 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 9 Database System Components PeopleSoft Security Field security represents a value for a field within a record in a table. (i.e. Bank Accounts should not be displayed on the default Panel) Vendor # Vendor Name Address State City Bank Account 132 Burns Inc. 2 Main Connecticut Bethel 067543252 133 JPB Co. 47 White Connecticut Stamford 045356772 134 Burns Cons. 15 South Connecticut Hartford 657438792 152 Jim Trucking 77 Maple Connecticut Stamford 749900172 © 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 10 5
  6. 6. Database System Components PeopleSoft Security Field security is implemented by: • Modifying Panels to remove a specific field • Adding PeopleCode to a record definition to perform a certain action based upon the value in the field or the Operator performing the action. PeopleSoft comes with no Field level security. © 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 11 PeopleSoft Control Environment PeopleSoft Security Network Security PeopleSoft User Authentication 7 Financials HRMS Reporting & Query Objects Query PS/nVision SQR Menu Security 7 Menu Security 7 Trees Menu Security 7 Row Security 7 Tree Security 7 Access Preferences Preferences 7 Groups Operator Menu Object Groups SecurityWorkflow Security 7 Workflow Security7 Preferences Process Custom Panels or Custom Panels or Security 7 Scheduler Change Control 7 PeopleCode PeopleCode Records Database Security Operating System Security 7 - Denotes Changes in Version 7 © 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 12 6
  7. 7. Network Security PeopleSoft Security Network Security • Standard Network Security found in any client server environment. • PeopleSoft does provide a hook to allow a single sign-on solution. • Three-tier Application Server provides additional points of access© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 13 Database Security PeopleSoft Security Database SecuritySingle Sign-on RBDMS uses common login user id (connect id) which results in no audit trail on activity at the database level.User Id PeopleSoft Operators require only read access to a limited number of tables to validate their login.Server LogonSecurity If not enabled users have the ability to change their password in PeopleSoft and the RBDMS© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 14 7
  8. 8. Operating Systems Security PeopleSoft Security Operating System SecurityNo additional security issues based upon a PeopleSoft solution.Same concerns as would exist in any application.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 15 PeopleSoft Control Environment PeopleSoft Security PeopleSoft ID/Password Security 7 Operator ID / Password Unique string of alpha numeric characters used to identify and authenticate a PeopleSoft user. Owner ID / Password Unique string of alpha numeric characters used to identify the owner of the PeopleSoft RDBMS tables. Access ID / Password Unique string of alpha numeric characters used to identify and authenticate a user called to the PeopleSoft tables. Access Profile 7 Version 7 specific, serves same purpose as Access ID in v5 &v6.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 16 8
  9. 9. PeopleSoft Security Operator Security © 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 17 Configurable Components PeopleSoft SecurityOperator ID String of alpha-numeric characters which uniquely identifies a PeopleSoft user.Operator Class String of alpha-numeric characters which uniquely identifies a group of PeopleSoft Operator Ids.Primary Operator Class The Operator Class which takes precedence when multiple Operator class are assigned to an Operator Id.Operator Password String of alpha-numeric characters used to authenticate a PeopleSoft Operator Id. Session 5 18 9
  10. 10. Configurable Components PeopleSoft SecurityBackground disconnect Interval Length of time a database connection will stay active with no activity.Timeout Minutes Length of time a PeopleSoft session will remain active with no activity.Access Profile Database User Id and password used by PeopleSoft when processing an Operator’s database calls.Sign-on Times Days and times that a PeopleSoft Operator Id is authorized to sign-on. Session 5 19 Configurable Components PeopleSoft SecurityBusiness Process Map Graphical presentation of a business process, used by an Operator to navigate through PeopleSoft panels. Does not supercede Menu/Panel Security.Process Group Logical grouping of PeopleSoft batch jobs which is used to restrict which Operators can submit them.Menu / Panel Graphical presentation of PeopleSoft fields which are used in a common business process or function.Row Level Security Class The Operator Class which will be used for restricting an Operator’s row level access. (Does not work system uses Primary class) Session 5 20 10
  11. 11. Functionality PeopleSoft Security Operator Id or Operator Class Definition Session 5 21 Functionality PeopleSoft Security Background Disconnect & Time-Out Minutes© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 22 11
  12. 12. Functionality PeopleSoft Security Access Profile© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 23 Functionality PeopleSoft Security Menu Name / Bar Name / Item Name / Actions / Panels / Display Only© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 24 12
  13. 13. Functionality PeopleSoft Security Administer Base Benefits / Use / Benefit Program Participation© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 25 Functionality PeopleSoft Security Benefit Program Participation© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 26 13
  14. 14. Functionality PeopleSoft Security Within a Panel the following actions can be granted Add Add current effective dated records only. Update/Display Insert effective dated rows which are greater than the current and display current and future effective dated rows. Update/Display All Insert effective dated rows which are greater than the current and display all historical, current and future effective dated rows. Correction Add, change or delete historical, current and future effective dated rows. YOU LOSE THE AUDIT TRAIL!!!! Additionally, you may override an actions by assigning: Display Only Display only current effective dated records and overrides the action/panel access.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 27 Functionality PeopleSoft Security Sign-on Times© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 28 14
  15. 15. Functionality PeopleSoft Security Process Groups© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 29 Functionality PeopleSoft Security Process Group Listing© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 30 15
  16. 16. Functionality PeopleSoft Security Operator Class / Row-Level Operator Class© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 31 Auditability PeopleSoft Security s Ensure that PeopleSoft Operator Ids are valid and authorized. s Ensure that PeopleSoft Operator Ids are restricted to appropriate days and times of operation. s Ensure that PeopleSoft Operator Ids are timed out after an appropriate period of inactivity. s Ensure that PeopleSoft Operator Ids access to Menus, Panels, Actions is appropriate based upon assigned job duties. Session 5 32 16
  17. 17. PeopleSoft Security Financials Security© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 33 Control Environment Components PeopleSoft Security Financials Menu Security 7 Row Security Preferences Workflow Security Custom Panels or PeopleCode Menu Security Controls the menus / panels which a PeopleSoft Operator can access and the actions they can perform. This translates into controlling the columns of data which appear on the panel. Multiple Classes allowed per Operator in Version 7.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 34 17
  18. 18. Control Environment Components PeopleSoft Security Financials Menu Security Row Security 7 Preferences Workflow Security Custom Panels or PeopleCode Row Security Controls which rows of information will be displayed on the menus / panels which a PeopleSoft Operator can access. The row criteria which can be filtered include Analysis Group, Ledger, nVision, Project, TableSet, Business Unit, Book and Pay Cycle. Separate Operator Class allowed for Row Security.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 35 Configurable Components PeopleSoft Security Row Level Security s Seven fields can be used to implement security at the ID or Class level. – Business Unit - determines the tables of information that can be accessed. – SetId - determine the set of accounting structures and rules (chart of accounts) that can be accessed. – Ledger - determines which general ledgers can be accessed. – Book - determines asset books which can be accessed. – Project - determines which project trees can be accessed. – Analysis Group - determines what resource transactions can be processed in project costing. – Pay Cycle - determines the vendors which can be accessed. Session 7 36 18
  19. 19. Configurable Components PeopleSoft SecuritynVision Security Row level security provided by creating combinations of Business Units and Ledgers and assigning Operator ID / Class. Session 7 37 Control Features PeopleSoft Security Row Level Security Options Session 7 38 19
  20. 20. Control Features PeopleSoft Securitys Business Unit Security Session 7 39 Control Features PeopleSoft Securitys nVision Security Session 7 40 20
  21. 21. Control Environment Components PeopleSoft Security Financials Menu Security Row Security Preferences 7 Workflow Security Custom Panels or PeopleCode Preferences Controls the default values of some key fields which a PeopleSoft Operator can access and some actions they can perform. (i.e. Voucher Amount Limits)© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 41 Configurable Components PeopleSoft Securitys Operator Preferences – Payables – Purchasing General Defaults – Requisition Authorizations – Purchase Order Authorizations – Receivables Data Entry – Vendor Maintenance Session 7 42 21
  22. 22. Control Features PeopleSoft SecurityPayables Session 7 43 Control Features PeopleSoft SecurityPurchase Order Authorizations Session 7 44 22
  23. 23. Control Features PeopleSoft Security Vendor Maintenance Session 7 45 Control Environment Components PeopleSoft Security Financials Menu Security Row Security Preferences Workflow Security 7 Custom Panels or PeopleCode Workflow Controls can be implemented to require messaging or approval verifications based upon pre-defined system events. When a PeopleSoft Operator updates an invoice amount, workflow can cause an approval limit check to occur and a message to be routed to a manager if limits are exceeded. Version 7 enhanced functionality and usability of product.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 46 23
  24. 24. Control Environment Components PeopleSoft Security Financials Menu Security Row Security Preferences Workflow Security Custom Panels or PeopleCode Custom Panels or PeopleCode Default menus / panels can be modified to remove specific fields. Additionally, PeopleCode can be written and attached to a field to cause specific processing to occur based upon the Operator performing the process or a value in the field.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 47 Configurable Components PeopleSoft SecurityField SecurityPeopleCode Security can be added by writing PeopleCode and attaching it to the data table definition. When the table is access PeopleCode would be invoked.Custom Panels PeopleSoft delivered panels can be customized to not show certain fields. If this is done all users of the customized panel are still presented with the same options. Custom Panels can not be user specific unless different ones are created for each user. Session 7 48 24
  25. 25. Control Features PeopleSoft Security Field Securitys People Code ****************************************************/ if %OperatorClass = "APADM" and %PanelGroup = "VCHR_STD" then gray_apprvl_flds(); UnGray(MATCH_STATUS_VCHR); UnGray(BUSPROCNAME); UnGray(APPR_RULE_SET); Hide(BUSPROCNAME); Hide(APPR_RULE_SET); end-if; /***************************************************/ Session 7 49 Auditability PeopleSoft Securitys Ensure that users access to financial information is appropriate based upon assigned job duties.s Ensure that users ability to produce nVision reports is appropriately restricted based upon assigned job duties.s Ensure that controls defined within Operator Preferences is appropriate based upon assigned job duties. Session 7 50 25
  26. 26. PeopleSoft Security HRMS Security© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 51 Control Environment Components PeopleSoft Security HRMS Menu Security 7 Row / Tree Security Global Preferences Workflow Security Custom Panels or PeopleCode Menu Security Controls the menus / panels which a PeopleSoft Operator can access and the actions they can perform. This translates into controlling the columns of data which appear on the panel. Multiple Classes allowed per Operator in Version 7.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 52 26
  27. 27. Control Environment Components PeopleSoft Security HRMS Menu Security Row / Tree Security7 Global Preferences Workflow Security Custom Panels or PeopleCode Row / Tree Security Organization Tree controls which rows of information will be displayed on the menus / panels which a PeopleSoft Operator can access. An Operator is given access to a node on the tree and as a result all employee records which fall below that node. Separate Operator Class allowed for Row Security and a choice of Tree’s key field.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 53 Configurable Components PeopleSoft SecurityRow Security Controls which rows of information will be displayed on the menus / panels which a PeopleSoft Operator can access. The row criteria which can be filtered includes Analysis Group, Ledger, nVision, Project, TableSet, Business Unit, Book and Pay CycleHierarchical Single field row access control which allows the cascading of rights within the field structure. Department ID is delivered field but can substitute other single-fields.Non-Hierarchial Single or multiple field table access which does not cascade rights.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 54 27
  28. 28. Configurable Components PeopleSoft SecurityHierarchical StructureHR Row Security Using organizational authority, controls which rows of information will be displayed on the menus / panels which a PeopleSoft Operator can accessSecurity Tree A security structure that graphically represents the hierarchy of your organization.Tree Level Represents a logical division in your business hierarchy (eg. department, branch or region).© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 55 Configurable Components PeopleSoft SecurityTree Node Represents an organizational entity on the tree.Department ID String of alpha-numeric characters which uniquely identifies a department.Access Code For trees, the access codes are Read/Write Access or No Access.Tree Effective Date Date which Trees are effective for row security.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 56 28
  29. 29. Configurable Components PeopleSoft SecurityTree Manager A PeopleSoft tool that provides a visual means to build a hierarchy of security for all organizational entities.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 57 Functionality PeopleSoft Security Hierarchical Security, Department Tree© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 58 29
  30. 30. Functionality PeopleSoft Security Hierarchical Security, Tree Structure Definition© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 59 Functionality PeopleSoft Security Hierarchical Security, Department Table© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 60 30
  31. 31. Control Environment Components PeopleSoft Security HRMS Menu Security Tree Security Global Preferences 7 Workflow Security Custom Panels or PeopleCode Global Preferences Controls the screen functionality associated with global panels / menus that a PeopleSoft Operator can access.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 61 Functionality PeopleSoft SecurityGlobal Security, Installation Table 3(Which Global Security to Implement)© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 62 31
  32. 32. Control Environment Components PeopleSoft Security HRMS Menu Security Tree Security Global Preferences 7 Workflow Security Custom Panels or PeopleCode Workflow Controls can be implemented to require messaging or approval verifications based upon pre-defined system events. When a PeopleSoft Operator updates an invoice amount, workflow can cause an approval limit check to occur and a message to be routed to a manager if limits are exceeded. Version 7 enhanced functionality and usability of product.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 63 Control Environment Components PeopleSoft Security HRMS Menu Security Tree Security Global Preferences 7 Workflow Security Custom Panels or PeopleCode Custom Panels or PeopleCode Default menus / panels can be modified to remove specific fields. Additionally, PeopleCode can be written and attached to a field to cause specific processing to occur based upon the Operator performing the process or a value in the field.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 64 32
  33. 33. Auditability PeopleSoft Security • Ensure that Global Security Panels are appropriately restricted. • Ensure that access to HR data is authorized and appropriate based upon assigned job duties.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 65 PeopleSoft Security Query Security© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 66 33
  34. 34. Control Environment Components PeopleSoft Security Query Trees Access Groups Profiles Security Record Definitions 7 Query Trees Graphical representation of Tables to which you wish to control query access. Access Groups Nodes in Query Trees where you would group Operators and assign them access to all tables under the node.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 67 Functionality PeopleSoft Security Query Tree© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 68 34
  35. 35. Functionality PeopleSoft Security Operator Id Access Groups© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 69 Control Environment Components PeopleSoft Security Query Trees Access Groups Profiles Security Record Definitions 7 Query Profiles Controls what query options or functions are available to an Operator. Security Record Definition Set as part of the record definition and performs row level security filtering.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 70 35
  36. 36. Functionality PeopleSoft Security Query Profile© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 71 Functionality PeopleSoft Security Query Security Record© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 72 36
  37. 37. Auditability PeopleSoft Security s Ensure that Query Operator Preferences are appropriate. s Ensure that data which an Operator can access through the use of Query is authorized and appropriate based upon assigned job duties. s Ensure that Operator Ids with access to Query Menus / Panels / Activities are valid and their access is authorized and appropriate based upon assigned job duties.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 73 PeopleSoft Security Other Reporting Tools© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 74 37
  38. 38. Control Environment Components PeopleSoft Security PS/nVision Operator Security Operator Security Operator Ids are granted access to Business Units and Ledgers.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 75 Control Environment Components PeopleSoft Security SQR Menu Security Process Scheduler Menu Security Controls the menus / panels which a PeopleSoft Operator can access and the actions they can perform. This translates into controlling the columns of data which appear on the panel. Process Security Groups Logical grouping of process definitions for the sole purpose of assigning access rights. One process definition can belong to multiple Process Security Groups. Operators are made members of these groups.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 76 38
  39. 39. Control Environment Components PeopleSoft Security SQR Menu Security Process Scheduler Process Scheduler PeopleSoft automated process scheduling tool. Process Definitions Defines processing characteristics of the SQR Operator Profile Defines processing capabilities of the Operator.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 77 PeopleSoft Security Object Security© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 78 39
  40. 40. Control Environment Components PeopleSoft Security Objects Menu Security 7 Object Groups Change Control 7 Menu Security Controls the menus / panels which a PeopleSoft Operator can access and the actions they can perform. This translates into controlling the columns of data which appear on the panel. The introduction of Application Designer has included functionality to control access to various object types.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 79 Configurable Components PeopleSoft Security Object PeopleSoft entity created using PeopleTools. Object Type A classification code used to differentiate the objects which can be created. Object Groups Collection of one or more objects that form a logical group for security purposes. Object Security Rules Set of rules which dictates how the system interprets object security settings.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 80 40
  41. 41. Configurable Components PeopleSoft Security PeopleTools PeopleSoft’s utility and development software. Application Designer PeopleSoft’s development utility Change Control PeopleSoft’s system development control software. Upgrade PeopleSoft’s development tool to perform application upgrades. Tree Manager Utility for creating trees and tree structures. Import Manager Utility for creating import definitions.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 81 Configurable Components PeopleSoft Security 12 Object TypesImport Definitions (I) Specifications for importing filesMenu Definitions (M) Menus used by usersPanel Definitions (P) Panels used by usersPanel Group Definitions (G) Logical group of related panelsRecord Definitions (R) TablesTrees (E) Trees for defining data relationshipsTree Structure Definitions (S) Logical structure of a treeProjects (J) Logical groups of other objectsTranslate Tables (X) Table layouts used to import dataQuery Definitions (Q) QueriesBusiness Process Maps (U) Menus linked into a logical orderBusiness Processes (B) Links business process maps into one process© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 82 41
  42. 42. Configurable Components PeopleSoft Security Object Security Rules1. Is the Object assigned to any object group? If not anyone has update access to it; access is granted.2. Is the Object a part of an object group assigned to the operator’s security profile? If not, the system denies access and displays a access not allowed message.3. Do all of the object groups, of which the object is a member, have the display-only option disabled? If not, the system displays a message that says it is not an object that you are authorized to update. The object is then displayed with the File, Save option grayed. (If object is an Application Designer Object then additional security checks are performed.)© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 83 Functionality PeopleSoft Security Menu Access© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 84 42
  43. 43. Functionality PeopleSoft Security Defines whether an Operator can access Application Designer© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 85 Functionality PeopleSoft Security Within the Application Designer Menu access to Object Types is defined No Access Read-only Access Full Access Update Translates Only (Fields only) Data Admin Only (Records only)© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 86 43
  44. 44. Functionality PeopleSoft Security© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 87 Functionality PeopleSoft Security If change control locking is enabled this setting overrides your Object Type settings. Restricted Access - Operators can only view Application Designer definitions not create, modify or delete. Develop Access - Operators can lock and unlock their own locked objects. Supervisor Access - Operators can unlock and lock any object.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 88 44
  45. 45. Functionality PeopleSoft Security No Access - will disable all of Application Designers Tools, Upgrade menu items. Users can still view and modify the upgrade settings but can not run any upgrade process.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 89 Functionality PeopleSoft Security No Access Operator cannot access the Build menu items or the Tools, Data Administration menu items. Build Scripts Only Operators can use the Build dialog, but the Execute SQL now and Execute and Build scripts options are disabled. Build Online Operator can use all Build dialog options but access to the Tools, Data Administration menu items is disabled. Full Data Admin Access Operator can use all Build dialog options and use the the Tools, Data Administration menu items.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 90 45
  46. 46. Control Environment Components PeopleSoft Security Objects Menu Security 7 Object Groups Change Control 7 Object Groups Logical grouping of objects for the sole purpose of assigning access rights by operator class.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 91 Functionality PeopleSoft Security Creating an Object Group© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 92 46
  47. 47. Functionality PeopleSoft Security Assigning an Operator ID / Class Access to an Object Group© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 93 Functionality PeopleSoft Security s **ALL OBJECTS** Group – Default “supergroup” maintained by the system, that includes all system objects. – Access to this group overrides any other group ID assignments you make. – Restricting access to this group has no security effect. – Display only mode only applies to the object groups in the Excluded Group ID list© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 94 47
  48. 48. Control Environment Components PeopleSoft Security Objects Menu Security 7 Object Groups Change Control 7 Change Control A PeopleTool used to manage and track development. Locking Programmers can lock objects to prevent concurrent changes. Change Control History Programmers can be required to provide comments when changing objects. Stamping Date and Operator ID are recorded on each object when changed.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 95 Control Environment Components PeopleSoft Security Objects Menu Security 7 Object Groups Change Control 7 Change Control Security Restricted Access overrides menu security to provide read only access. Developer Access provides locking and unlocking functionality Supervisor Access can override all locking and unlocking.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 96 48
  49. 49. Auditability PeopleSoft Securitys Ensure that Operator access to PeopleTool Objects is authorized and appropriate based upon assigned job duties.s Ensure that PeopleSoft Change Control functions are implemented in a manner which prevents concurrent changes of Objects.s Ensure that Operator Ids with access to Development tools are valid and their access is authorized and appropriate based upon assigned job duties.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 97 PeopleSoft Security Process Scheduler Security© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 98 49
  50. 50. Configurable Components PeopleSoft SecurityProcess A single run request, such as a COBOL program or a report.Process Type A global process definition which allows related process definitions to share common parameters.Process Job A logical linking of processes to accomplish a task.Process Security Groups A logical grouping of processes that have the same security requirements.Process Request A process that has been submitted to the process scheduler.Recurrence Definition A schedule that can be assigned to a process. © 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 99 Functionality PeopleSoft Security Operator Profile Allow Process Request Update By defines who can update a process request. Update Server Status allow a user to suspend, restart or bring down a server. Override Server Parms allows a user to change the server name and run date/time. Update Recurrence Definition allows a user to change the time a process occurs. © 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 100 50
  51. 51. Functionality PeopleSoft Security Assign Processes to Process Security Groups© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 101 Functionality PeopleSoft Security Process Job Definition© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 102 51
  52. 52. Functionality PeopleSoft Security Process Job Security© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 103 Functionality PeopleSoft Security Assign Process Security Groups to Operators or Classes© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 104 52
  53. 53. Auditability PeopleSoft Security s Ensure that Operator’s access to submit processes is authorized and appropriate based upon assigned job duties. s Ensure that Operator Process Profiles are defined in a manner which safeguards the processing of batch jobs.© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 105 PeopleSoft Security Session Recap© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 106 53
  54. 54. Session Topics PeopleSoft Securitys PeopleSoft Control Architectures Operator Securitys Financials Securitys HRMS Securitys Query Securitys Other Reporting Toolss Object Securitys Process Scheduler Security© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 107 PeopleSoft Security Questions© 1998 Deloitte Touche Tohmatsu. All rights reserved. fico.ppt 108 54

×