PeopleSoft Row Security - An Complete Overview

Problem Statement: Implementing Row Level Security
Scope: Overview of the PeopleSoft Row level security.

Data Permission Security/Row-Level Security refers to controlling access to the rows of data in your system. In PeopleSoft HCM we can control following type of data:
1. Employees.
2. Contingent Workers.
3. POI Without Jobs.
4. POI With Jobs.
5. Departments.

How It Works ?

PeopleSoft data security is enforced by security views, but to understand this we have to check how data is retrieved when a component is accessed.

 

Soucre: http://docs.oracle.com/cd/E51994_01/hcm92pbr4/eng/hcm/hhaf/concept_UnderstandingDataPermissionSecurityforHCM-e32975.html

 Process Flow:

1. When a component is accessed we can see the search page having fields which are search keys or the alternate search keys of the record which is a search record for that component.

2. Value provided in the search keys along with the user profile(Oprid, Permission List) gets added to the system generated SQL select statement to fetch the data from the database based on those combination.

3. When you look at the above example, Component search page includes search keys like emplid and name.

4. If a user provides name = smith then, only the rows where department = 123 are fetched because user is restricted to department 123, he cannot access any other employee apart from 123.

Security Set VS Security Access Types

Security Set: It defines what data needs to be secured.

e.g. PPLJOB is the delivered security set to secure People with Jobs. PeopleSoft provides many other security sets like PPLJOB, PPLPOI, DEPT etc. 

 

Security Access Types: It defines how to access the secured data.

e.g. For Security set PPLJOB, security access type 002 is delivered to access the data based on security keys like business unit and location.

 

Detailed explanation of Security Sets and Security Access Types are discussed in the following posts.