view only.

Menu

Each component is assigned to a Menu Group.

This is the PeopleSoft Navigation you access in the application.

Navigation

The path by which you can get to any given page in PeopleSoft. It is generically referred to as the “navigation”.

The navigation appears at the top of your menus in the blue area. For example: Main Menu Student Financials Refunds

Permission Lists, Roles and User Profiles

Just as it is important to understanding how Menus, Pages, and Components are developed, it is also important to understand how they are secured.

Permission lists

Permission Lists – controls access to particular or combination of page(s)/screen(s), access time, query and process security.

Building block or “heart” of PeopleSoft Security. All page access is defined on a Permission List Level. This is where page access is granted as well as other security options. Permission lists are then assigned to Roles, which are then assigned to Users. You cannot give page access to a user directly.

Permission List contains pages and their access options.

For example, there is a page called, “MyPage”. You add the page to a Permission List with specifications for its access (Add, Update/ Display, Update/Display All, or Correction)

Role

A collection of permission lists.

Permission list(s) is assigned to a Role. The Role is simply a structure that “holds” one or more Permission Lists. Roles are the intermediary step between Permission Lists and User Profiles. They allow groups of Permission Lists, usually based on a user’s job role, which are then assigned to User

Let’s say we assigned the “MyPage” page to a Permission List called MyPermissionList. You would then assign MyPermissionList to the MyRole.

Note: A Role can contain multiple Permission lists.

Profiles.

User Profile

A definition that represents an application user.

The User Profile is the actual “account” for a user in PeopleSoft.

Assign role(s) to a User Profile.

MyPage is assigned to MyPermissionList. MyPermissionList is assigned to MyRole. MyRole is assigned to my User Profile.

User now has access to MyPage.

See Diagram 1.1 – Diagram 3.1 and Appendix A at the end of this document for visuals on PS security: user ID, roles, and permission lists.

Emplid

Pronounced EMPULL-ID, it is the student and/or employee number assigned to every person in the PS system.

Emplid is the number that PeopleSoft uses to identify an individual person in the system.

Every person in the Campus Solutions  system will have a unique Emplid assigned to them. At ctcLink , your 9 digit number will serve as your Emplid.

It is not the student’s or employee’s social security number.

Emplid is assigned to the user profile.

User

Controls access to application pages, functions, and business components.

Overview of Row Level Security

Controls data access by the institution/college, business unit, department, etc. an application user belongs to. This term could be used differently in

PeopleSoft determines Row Level Security by using settings associated with both the Primary and Row Security Permission Lists. These Permission Lists are used to control the actual data within a table that can be accessed by a particular user based on an attribute such as Department,

different applications, for example,

Campus Solutions: row level or SACR (Student Administration Contributor Relations) security.

HCM: core row level security (transaction data security)

Financials: row level security

Row level access can be controlled by user or by Primary Permission list for groups of users needing the same access.

Business Unit, or SetID.

CS row level security is assigned to individual users but can be assigned using a tool.

HCM and FS use a primary permission list to control row level security.

Row Level Security

Controls access to the subset of data rows within tables that the user is authorized to review or update.

Individuals are assigned row level security based on their job functions.

Field Level

Controls access to individual fields on pages.

National ID DOB masking

Social Security Number and Date of Birth (DOB) are masked in your searches. Last 4 digits of the SSN and year in birthdate. You can do most person look-ups by national ID when it is provided to you.

999-99-5231 masked: XXX-XX-5231

07/11/1954 masked: 07/11

In Campus Solutions SSN DOB masking are controlled via a Primary Permission List that is attached to user profiles. Three primary permission lists control masking:

MASK ALL – Mask fields of National ID and Birth Date

MASK PARTIAL – Mask partial fields of National ID and Birth Date

MASK NONE – No masking of fields National ID and Birth dateDefault masking for most users is MASK PARTIAL

Campus Solutions SACR Row level security

Institution Structure

Institution, Academic Career, Programs, Plans and Degrees.

Assign a specific Institution to a user as well as other Academic data such as Career, Programs, and Plans. This provides access to the data that users need to do their jobs.

See Diagrams 4.1 Academic Structure Chart for an understanding of Academic Structure and securing Institution, Academic Career, Academic Program, and Academic Plan row level security.

Academic Institution Security

Grants users access to Institutional data

Assign value(s) based on user’s Institution and access

WA171 – Spokane CC WA172 – Spokane Falls WA220 – Tacoma CC

Can assign multiple values to one user

Institution/Campus Security

Grants users access to Campus

Campus value is “Main” regardless of the Institution

If a user is in multiple Institutions assign Campus security for each Institution.

Institution/Career Security

Grants users access to Careers

Values: CNED (Continuing Education) and UGRD (Undergraduate)

User may only be assigned responsibility for the CNED career.

Academic Program Security

Grants “all” or specific programs to a user. User cannot change a student’s program without security to that program.

Can assign “All” programs to a user or limit programs by only assigning security to the programs that the user needs to access.

User may only have access to accounting programs for the accounting department.

Must be done for each Institution.

Academic Plan Security

Grants Plan security to users

Can assign ”All” plans to a user or specific plans. For instance, user may only have responsibility for accounting plans.

User cannot assign or remove a plan from a user without security to that plan.

Academic Org Security

Grants access to specific departments and Schools

Schools such as Arts, Humanities/Soc Sciences

Admissions Action Security

Grants Admission Actions used to process a student’s application and progress through the application process

“All” Admissions Action Security or security to specific Program Actions:

Program Action Security

Grants Program Actions used on Students

Can assign “All” Program Actions Security or security to

student’s Program/Plan page - identifies the status of the program – Active, Discontinued, or Completed.

specific Program Actions:

Application Center Security

Grants users access to Application Center by Institution

Values:

W171- Academic Applicant W172 – Academic Applicant W220 – Academic Applicant

Recruiting Center Security

Grants users access to Recruiting Center by Institution

Value “PRSF” – Academic Prospect” UGRD career.

Campus Community 3C’s Group Security

3Cs Comments, Communications and Checklists) are a flexible way to track and analyze correspondence, lists of requirements, and notes about the students, staff, and external organizations in the PeopleSoft database.

Users are assigned 3C’s group security for the comments, communications, and checklists that a user needs.

Comment Management– enables you to enter notes in the database about individuals, organizations, or events.

Communication Management– enables you to manage the institution’s incoming and outgoing contacts with students, prospects, recruits, staff, alumni, donors, and organizations.

Checklist Management– enables you to create lists to track activities and dues dates, and identify their status at any time.

Enrollment Security

Grants users enrollment security. This allows users to enroll students during the registration period. It controls when and who can enroll students.

Enrollment Security IDs: CNV Conversion

RALL Registrar – All Access

Service Indicator Security

Provide or limit access to services for a student. Service Indicators can be holds that prevent a student from receiving certain services or positive indicators that designate special services to be provided.

This functionality allows college’s to protect information based on state and federal guidelines.

FERPA (Family Educational Rights and Privacy Act)

Americans with Disabilities Act of 1990 HIPAA (Health Information Privacy Accountability Act)

A “hold” transaction on a student account.  Service Indicators have service impacts such as Add Enrollment (do not add). Some Service Indicators have no impact and are for information only, others prevent enrollment, releasing a transcript, and/or issuing a refund.

Row level security allows you to grant “Placement” and “Release” options for individual Student Groups per user.

Student Groups Security

Student Groups enables you to define groups of similar students at a high-level.

Scenario:

Spokane Community College would to like to identify

Creating groups of students enables you to track and use the students within a group for campus-wide processing, such as billing, academic advising, or financial aid awarding.

Student group security defines the user’s access to view or update student group data based on each of their academic institutions.

If users are not setup with student group security, they will not have access to view or update student group information.

Academic Institution security must be granted to a user prior to student group security being setup.

students who are physically handicapped and may need assistance evacuating in case of an emergency.

SCC currently does not have a way to identify these students without violating their privacy.

Student Services can now maintain a student group of physically handicapped students and secure visibility only to Campus Security.

Transcript Type Security

Grants a user access to transcript types

Types:

Unofficial Transcript Official Transcript

Test ID Security

Grants users to Test Ids

Test IDs:

ACPLC – ACCUPLACER

ACT – ACT Assessment AP – Advance Placement ASSET – ASSET

CLEP – College Level Examination Prg COMPS – COMPASS

DSST – DANTE Standardized Subject Tst IB – International Baccalaureate

IELTS – International English Language PTE – Person Test of English

SAT – Scholastic Assessment Test

TOEFL – Test of Engl as a Foreign Lang

You can assign users to “all” test IDS or specific Test IDs.

Advisement Report Security

Grants user access to advisement reports Defines the user’s access to advisement reports based on each of their academic institutions.

Users can be setup for:

-All access

-access to specific report type Users not set up will have no access

Provides additional privacy for student information Restricts advisors to specific advisement reports

Population Update Security

The Population Update is a process that uses the Population Selection utility to update values in selected fields.

Grants users access to Population Update records and fields for running processes with the Population Update functionality.

After choosing the records and fields to make available for update, set user security to identify who can update the records.

This is a powerful tool; however it also has the potential to be dangerous.

Population update should only be granted to the users that have had training and are experienced in creating queries.

Student Financials Security – row level

Item Type Security

A transaction code. Item types are categorized as charges, payment, financial aid, refund and waiver.

Grants specific Item Type security to cashiers for posting charges and payments on student accounts.

HCM Row Level Security

Restricting Data to the Persons who are not authorized to see and also providing access to the data who are authorized to see is

Transaction Security Data is the data that is being secured. Certain transaction fields on a transaction data row are used to secure access to that row of data. The data in these

called Data Security. Row level security prevents the user from being able to access data they are not allowed via the search page.

fields is called transaction security data. When the value of the transaction security data matches the value that a user can access (user security data), the system makes the entire row of data available to the user.

See Diagrams 5.1. 6.1 7.1 for an example of HCM transactional data and security.

Fields available for transaction security data:

Financials Row Level Security

Row Level Security in PS Financials

To establish row level security, you must first decide the level that you want, which key fields to secure, and whether security will be defined through user IDs or permission lists. With row-level support, you can implement security to restrict individual users or permission lists from specific rows of data that are controlled by the following key fields:

Financials row level security is secured using a primary permission list that is attached to User Profiles.

· Business Unit

· SetID

· Ledger (and ledger group)

· Book

· Project

· Pay cycle

· Planning Instance

Other Security Roles needed to perform functions within the PeopleSoft applications.

Query and Process group security

Query and Process Group roles are controlled by permission lists that are then attached to roles.

Query

The graphical tool for building on-line reports of information stored in the database.

Defines table row sets accessible for performing system queries.

Process Group

Grants users the ability to run processes in the system – can restrict based on job function.

Process Monitor

All jobs that run in PeopleSoft are listed in the process monitor under your User ID.

Process monitor works with process scheduler to manage your nightly job stream as well as on-demand tasks.

Process security gives users access to run processes within the PeopleSoft system.

Report Manager

Grants users access to the Report Manager

Instance

A database is housed in an instance (environment)

Production Test Development

Security Matrix defined

Collection of navigation, menus,

1.   Identify for each role the pages that the role has

components, pages and actions for mapping to roles.

Excel spreadsheet

Rows - navigation, menus, components, and pages and actions

Columns – lists the navigation: Folder, Menu Item/Content Reference, Page Display Name, Security Menu, Security Component, Security Page, Action and the remaining columns represents the “role(s)” such as CTC_REGISTRAR.

Identify the actions that can be performed on the component and page in the column under the role that you want to assign the page access to. Use letter codes to designate the action. For example: A for Add, C for Correction, U for Update/Display, UL for Update/Display All, and D for Display only.

access to and the actions that can be performed on those pages:

Add, Update/Display, Update/Display All, Correction, Display only.

2. Displays all the PS navigation available to a given group of roles.

3. Tool for designing managing user “role” and “row”- level security.

4. Based on Business Process Diagrams (BPD) for example, the BPDS answer: who does this function at your college or district or which department owns this task or function?

5. User may have several roles depending on the hat(s) they wear.