3 Easy Steps To Resolve A Row-level Security Issue In Peoplesoft

By Author: appsian
Total Articles: 115
Comment this article

Let’s take an example of one of the most common PeopleSoft security issues. Suppose an HR user reports a problem that he is unable to view data of one employee on the Job Data page. There are three easy steps to solve the problem using Pure Internet Architecture.

Step 1: Inquiring the Security Data for the Employee

To access the security configuration, open the Security Data Inquiry page (Navigation: Main > Setup HRMS > Security > Core Row Level Security > Security Data Inquiry). Enter the employee ID for which the problem is identified, then press the 'Display Security Definitions' button.

This will show you all the Protection Forms that have access to the data records of the employee. Select all rows and click on the 'Display Permit List' button to open all lists of permissions with access to the selected form of protection.
Select all the lists of permissions and then click on the 'Show Users' button to see the list of users assigned to their user profile above.

We now have a list of users who have access to data about the employee about whom the issue is identified. Click on Find, ...
... and search if the HR user Id exists.

When the HR user is on the list, that means he has access to the employee’s data, and maybe it's a cache problem that can be fixed if we log out of the program, clear the browser cache, and log back in again.

If the HR user is not on the list, we need to change the user’s security configuration to provide access to the employee's data. So, let's proceed to the next step.

Step 2: Updating Row-level Security Configuration

In PeopleSoft data security, once we know that the HR user cannot see the employee's data, we need to focus on how and when to change the configuration of the row-level security (also known as information protection).

The configuration of the row-level protection is delegated to a list of permissions, and this could be:
• The 'Row Security Permit List' available on the User Profile page's 'General' tab, or
• Any list of permissions applied to a particular function that occurs on the User Profile page 'Roles' tab.

In either case, the protection configuration is updated/added from below two positions on the permission list:
1. Security by Department Tree (Navigation: Main > Setup HRMS > Security > Core Row Level Security > Security By Dept Tree). Department Tree is used on this page to enforce row-level security in PeopleSoft.

2. Security by permission list (Navigation: Main > Setup HRMS >
Security > Core Row Level Security > Security By Permission List). On this page, security configuration is done on the basis of Security Sets and Security Types. Here, we set up all the Security Types that a permission list will have access to. Further access to employee records (basis Security Types) is defined in transaction SJT table SJT_PERSON.

It can be taken as a reference as most organizations use this page to configure the data or row-level security in PeopleSoft.
After completing the second step, we'd be sure the HR user doesn't have access to the employee's data, and it's not a cache problem. So, now how to fix that? Let's proceed to the last step.

Step 3: Assigning the data/row security to the HR User

• Search if any existing relevant role is there that has access to that employee, which can be assigned to the HR user. Ensure that the role does not have access to unintended data.

• If no such role exists, then check whether any permission lists have the same access. Also, make sure that it has no access to unintended data. Figure out an existing role to which this permission list can be assigned. If such a role is found, then assign the permission list to the role and then assign the role to the HR user.

• If there is no such permission list, then we must create a new permission list as the last option, and assign it to either an existing or a new role, and finally assign that role to the HR user.
Before introducing any change in PeopleSoft security, one must ensure that the changes do not affect, in any manner, existing data access of other users.

Appsian One of the leading ERP data security,compliance,implementation solutions provider that gives organizations to complete control and visibility over their ERP data.