Exercises - PeopleSoft Security Administration Canvas Course
Purpose: Enough reading, enough talking, it's time for some action! You've completed the 9.2 PeopleSoft Fundamentals Canvas course; you're working your way through the six modules in the PeopleSoft Security Administration Canvas course; and you're working your way through your college's GoogleSheets Security Workbook. These exercises will allow you to practice your new skills in a real PeopleSoft environment filled with your college's data.
Audience: ctcLink Local Security Administrators
Prerequisites: 9.2 PeopleSoft Fundamentals Canvas course completion;
PeopleSoft Security Administration Canvas course module completion;
View access to your college's GoogleSheets Security Workbook;
DG5 colleges: Login credentials to the PeopleSoft SVX environment
DG6 colleges: Login credentials to the PeopleSoft SVL environment
Purpose: How do I log in and out of the PeopleSoft SVX or SVL environment? How do I move from the Gateway (aka Portal) to the three Pillars and back again? How do I log out gracefully?
Audience: Local Security Administrators
Prerequisites: DG5 colleges: Login credentials to the PeopleSoft SVX environment
DG6 colleges: Login credentials to the PeopleSoft SVL environment
Please follow the OKTA: Activate Account and Reset Password in UAX or SVX QRG.
- Click this link to the ctcLink SVL login page.
- The ctcLink SVL login page displays.
- Enter your ctcLink ID and Password.
- Click the Sign In button.
- The Gateway page, aka Portal, displays. We'll leave the Gateway page open, and open new windows for each of the three Pillars:
- HCM = Human Capital Management;
- FSCM = Financials/Supply Chain Management;
- CS = Campus Solutions.
- Click the HCM link at the top of the Gateway page.
- The HCM landing page - in this example, the Employee Self Service page - displays in a brand new window.
- Leave the brand new HCM window open. Return to your Gateway page window.
- The Gateway page window displays. Click the FSCM link at the top of the Gateway page.
- The FSCM landing page - in this example, the Employee Self Service page - displays in a brand new window. Now we have three windows open.
- Leave the brand new FSCM window open. Return to your Gateway page window.
- The Gateway page window displays. Click the CS link at the top of the Gateway page.
- The CS landing page - in this example, the ctcLink CS Staff Homepage - displays in a brand new window. Now we have four windows open.
- To log off gracefully, close each of the three pillar windows. Now only the Gateway page is open.
- The Gateway page window displays. Click the Sign Out link at the top of the Gateway page.
- The Gateway page window closes. The ctcLink SVX or SVL Login page displays.
- Section complete.
Purpose: Now that we know how to log in, and how to work in each of the three Pillars, let's look at our own login User Profile in each of the three Pillars. In each Pillar, we'll view our User Profile and our Distributed User Profile. We'll view each of the three tabs in those Profiles. We'll get some experience navigating.
Then, we'll learn some alternate searching tricks, and add/delete a Role!
Audience: Local Security Administrators
Prerequisite: DG5 colleges: SVX login to the Gateway page
DG6 colleges: SVL login to the Gateway page
Purpose: Let's navigate from the Gateway to our HCM User Profile and Distributed User Profile pages.
- The Gateway page displays. Click the HCM link at the top of the page.
- The HCM landing page displays. Click the NavBar icon on the top right of the page.
- The NavBar tray displays. Click the Navigator icon
- The Navigator menu displays. If necessary, scroll down until you find the PeopleTools menu item.
- Click the PeopleTools menu item.
- The PeopleTools menu displays. Click the Security menu item.
- The Security menu displays. Click the User Profiles menu item.
- Notice that we have two menu items of interest:
- Distributed User Profiles - maintained by college Local Security Administrators
- User Profiles - maintained by SBCTC, viewable by college Local Security Administrators
- Click the Distributed User Profiles menu item.
- The Distributed User Profile search page displays.
- Enter your login User ID, then click the Search button
- The General tab displays. We'll review it in much more detail later. For now, I've highlighted the interesting fields on this tab.
- Click the ID tab.
- The ID tab displays. We'll review it in much more detail later. For now, I've highlighted the interesting fields on this tab.
- Click the User Roles tab.
- The User Roles tab displays. We'll review it in much more detail later. For now, I've highlighted the interesting fields on this tab. Note the number of User Roles shown on this tab.
- Click the NavBar icon on the top right of the page.
- So that was the Distributed User Profiles page, wherein college Local Security Administrators can view/add/update/delete information. Now let's look at the User Profiles page for the same User ID, wherein college Local Security Administrators can view only.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the User Profiles menu item.
- The User Profile General tab displays for the same User ID we were just examining on the Distributed User Profile page. Notice we did not have to search for the User ID; PeopleSoft carried the User ID along when we navigated.Notice how those "interesting fields" are not available for modification? Again, this User Profile page is view-only for colleges.
- Click the ID tab.
- The ID tab displays. "Interesting fields" are view-only.
- Click the Roles tab.
- The Roles tab displays. The count of Roles on this tab is greater by three than on the Distributed User Profiles tab, because we're seeing Roles that only SBCTC can assign. And, there's no Add a New Row [+] or Delete a Row [+] icon. View only!
- Close your HCM window. Leave your Gateway window open.
- Section complete.
Purpose: Let's navigate from the Gateway to our FSCM User Profile and Distributed User Profile pages.
- The Gateway page displays. Click the FSCM link at the top of the page.
- The FSCM landing page displays. Click the NavBar icon on the top right of the page.
- The NavBar tray displays. Click the Navigator icon
- The Navigator menu displays. If necessary, scroll down until you find the PeopleTools menu item.
- Click the PeopleTools menu item.
- The PeopleTools menu displays. Click the Security menu item.
- The Security menu displays. Click the User Profiles menu item.
- Notice that we have two menu items of interest:
- Distributed User Profiles - maintained by college Local Security Administrators
- User Profiles - maintained by SBCTC, viewable by college Local Security Administrators
- Click the Distributed User Profiles menu item.
- The Distributed User Profile search page displays.
- Enter your login User ID, then click the Search button
- The General tab displays. We'll review it in much more detail later. For now, I've highlighted the interesting fields on this tab.
- Click the ID tab.
- The ID tab displays. We'll review it in much more detail later. For now, I've highlighted the interesting fields on this tab.
- Click the User Roles tab.
- The User Roles tab displays. We'll review it in much more detail later. For now, I've highlighted the interesting fields on this tab. Note the number of User Roles shown on this tab.
- Click the NavBar icon on the top right of the page.
- So that was the Distributed User Profiles page, wherein college Local Security Administrators can view/add/update/delete information. Now let's look at the User Profiles page for the same User ID, wherein college Local Security Administrators can view only.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the User Profiles menu item.
- The User Profile General tab displays for the same User ID we were just examining on the Distributed User Profile page. Notice we did not have to search for the User ID; PeopleSoft carried the User ID along when we navigated.Notice how those "interesting fields" are not available for modification? Again, this User Profile page is view-only for colleges.
- Click the ID tab.
- The ID tab displays. "Interesting fields" are view-only.
- Click the Roles tab.
- The Roles tab displays. The count of Roles on this tab is greater by four than on the Distributed User Profiles tab, because we're seeing Roles that only SBCTC can assign. And, there's no Add a New Row [+] or Delete a Row [+] icon. View only!
- Close your FSCM window. Leave your Gateway window open.
- Section complete.
Purpose: Let's navigate from the Gateway to our CS User Profile and Distributed User Profile pages.
- The Gateway page displays. Click the CS link at the top of the page.
- The CS landing page displays. Click the NavBar icon on the top right of the page.
- The NavBar tray displays. Click the Navigator icon
- The Navigator menu displays. If necessary, scroll down until you find the PeopleTools menu item.
- Click the PeopleTools menu item.
- The PeopleTools menu displays. Click the Security menu item.
- The Security menu displays. Click the User Profiles menu item.
- Notice that we have two menu items of interest:
- Distributed User Profiles - maintained by college Local Security Administrators
- User Profiles - maintained by SBCTC, viewable by college Local Security Administrators
- Click the Distributed User Profiles menu item.
- The Distributed User Profile search page displays.
- Enter your login User ID, then click the Search button
- The General tab displays. We'll review it in much more detail later. For now, I've highlighted the interesting fields on this tab.
- Click the ID tab.
- The ID tab displays. We'll review it in much more detail later. For now, I've highlighted the interesting fields on this tab.
- Click the User Roles tab.
- The User Roles tab displays. We'll review it in much more detail later. For now, I've highlighted the interesting fields on this tab. Note the number of User Roles shown on this tab.
- Click the NavBar icon on the top right of the page.
- So that was the Distributed User Profiles page, wherein college Local Security Administrators can view/add/update/delete information. Now let's look at the User Profiles page for the same User ID, wherein college Local Security Administrators can view only.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the User Profiles menu item.
- The User Profile General tab displays for the same User ID we were just examining on the Distributed User Profile page. Notice we did not have to search for the User ID; PeopleSoft carried the User ID along when we navigated.Notice how those "interesting fields" are not available for modification? Again, this User Profile page is view-only for colleges.
- Click the ID tab.
- The ID tab displays. "Interesting fields" are view-only.
- Click the Roles tab.
- The Roles tab displays. The count of Roles on this tab is greater by five than on the Distributed User Profiles tab, because we're seeing Roles that only SBCTC can assign. And, there's no Add a New Row [+] or Delete a Row [+] icon. View only!
- Close your CS window. Leave your Gateway window open.
- Section complete.
Purpose: Let's navigate from the Gateway to our HCM Distributed User Profile pages. Let's practice some searching techniques. Let's add, then delete, a Role.
- The Gateway page displays. Click the HCM link at the top of the page.
- The HCM landing page displays. Click the NavBar icon on the top right of the page.
- The NavBar tray displays. Click the Navigator icon
- The Navigator menu displays. If necessary, scroll down until you find the PeopleTools menu item.
- Click the PeopleTools menu item.
- The PeopleTools menu displays. Click the Security menu item.
- The Security menu displays. Click the User Profiles menu item.
- Notice that we have two menu items of interest:
- Distributed User Profiles - maintained by college Local Security Administrators
- User Profiles - maintained by SBCTC, viewable by college Local Security Administrators
- Click the Distributed User Profiles menu item.
- The Distributed User Profile search page displays.
- Enter your login User ID, then click the Search button
- The General tab displays. Notice the Description of this User ID.
- Let's try a different way of searching. Click the Return to Search button.
- The Distributed User Profile Search page displays.
- Let's search by Description this time. Click the Search by dropdown.
- The "Search by" dropdown unfurls. Click Description.
- In "begins with", type "harbor", then click the Search button.
- "No matching values were found."? What gives? Oh, yeah, our Description contains "harbor", but doesn't begin with "harbor".
- In "begins with", type "%harbor". That's "harbor" with a wildcard percent sign in front of it. Click the Search button.
- Our search returned three values, each of which contains the string "harbor" in its Description. We want the first one, with the User ID of SEC_WA020_1. Click that first row's Description.
- The General tab displays. Let's add, then delete, a Role. Click the User Roles tab.
- The User Roles tab displays. To add a new User Role, click any of the Add a New Row [+] icons.
- A new, empty row displays below the Add a New Row [+] icon that you clicked. Let's have more fun with searching. Click the new row's spyglass icon.
- The Look Up Role Name popup displays. We could search by Role Name...
- ...or we could search by Description...
- ...or both! Click the Advanced Lookup link.
- The advanced Look Up Role Name popup displays. Let's search for a Role that would be needed by one of your UAT Sprint 1 testers working on the HH.001.1..3 - Creating a New Position test. Looks like either ZZ HR Position Management or ZC HR Position Management would work, based on your GoogleSheets Security Workbook's UAT Sprint 1 tab for that test.
- In Role Name "begins with", type "Z".
- In Description "begins with", type "%position".
- Click the Search button.
- The search returned three Roles. If we want our UAT tester to have the most flexibility, we'll click on the ZC HR Position Management role.
- The Look Up Role Name popup disappears. The new row is populated.
- Click the Save button.
- The new row is saved. Now, just to see how it works, let's delete our new Role.
- Click the new Role's Delete a Row [-] icon.
- A confirmation message displays. Click the OK button.
- The confirmation message disappears. The new Role disappears. Click the Save button.
- Close your HCM window. Sign Out of the Gateway.
- Module complete.
Purpose: Now that we know how to log in, and how to work in each of the three Pillars, let's see if we can look more deeply into Roles and their associated Permission Lists.
Then, let's practice resetting a user's password reset challenge questions.
Audience: Local Security Administrators
Prerequisite: DG5 colleges: SVX login to the Gateway page
DG6 colleges: SVL login to the Gateway page
We recall from Module 2 of our PeopleSoft Security Administration Canvas course that User Profiles are comprised of a bunch of Roles, and that Roles are comprised of a bunch of Permission Lists. As Local Security Administrators, we can assign some, but not all, Roles to our users.
And we recall that only Oracle and SBCTC can manage Roles and Permission Lists. Are we, as Local Security Administrators, allowed to look inside Roles and Permission Lists?
- The SVX ctcLink Gateway page displays.
- Let's see if we can inspect Roles and Permission Lists in a Pillar. Click the FSCM link.
- The FSCM Homepage displays.
- Click the NavBar icon in the upper-right of the page.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the PeopleTools menu item. You might have to scroll down to find it.
- The PeopleTools menu displays.
- Click the Security menu item.
- The Security menu displays. We should see a menu item labeled "Permissions & Roles", but we don't. Why?
- Click the Back to Root icon.
- The Navigator root menu displays.
- Let's do something that we'll learn much more about in Module 6 of our PeopleSoft Security Administration course. Let's ask PeopleSoft "why can't I navigate to a particular page?". Click the Reporting Tools menu item. You might have to scroll down to find it.
- The Reporting Tools menu displays.
- Click the Query menu item.
- The Query menu displays.
- Click the Query Viewer menu item.
- The Query Viewer search page displays. Query Viewer is kind of like DataExpress/DataX, in that it allows us to run reports. There are billions of different query reports in ctcLink.
- In the begins with textbox, type "qfs_sec_role_navigation_access". It's not case-sensitive.
- Click the Search button.
- The Search Results section populates. As Local Security Administrators, we're gonna run this query darn near every day, so let's bookmark it. Click Favorite.
- The My Favorite Queries section populates. We'll never again have to type "qfs_sec_role_navigation_access" to locate this very handy query.
- We've searched for and found the query; we've bookmarked it; now let's run it. Recall the question we're trying to answer: "why can't we see the Permission & Roles>Roles menu item in PeopleTools?". Click HTML.
- The QFS_SEC_ROLE_NAVIGATION_ACCESS query opens in a new window. In the Navigation like (%EXPENSES%) textbox, type "%PERMISSIONS & ROLES>ROLES". It's case-sensitive.
- In the Role Name like % textbox, type "Z%". It's case-sensitive.
- Click the View Results button.
- The Results section of the page populates. Note that the column labeled Role Name says "ZZ Security Administration". We must have that Role in order to navigate to Permission & Roles>Roles in PeopleTools. Recall from Module 1 Exercise 4 that we do not have the ZZ Security Administration Role.
- Note that the column labeled Local Security Grant Role is blank. That means that we, as Local Security Administrators, can't grant that Role to ourselves or anyone else; only SBCTC can do that.
- Close the QFS_SEC_ROLE_NAVIGATION_ACCESS window.
- Close the FSCM Query Viewer window.
- The ctclink Gateway page displays.
This exercise is for DG6 colleges only.
DG5 colleges, please follow the OKTA: Activate Account and Reset Password in UAX or SVX QRG.
We recall from Module 2 of our PeopleSoft Security Administration Canvas course that we, as Local Security Administrators, don't manage our users' ctcLink login passwords. Rather, each and every user assigns themselves a password. If they forget or want to change their password, they must answer some self-assigned password challenge questions first.
But what if the user forgets both their password and their password challenge answers? As Local Security Administrators, we can delete the password challenge answers, which then allows the user to go through the First Time User login process. Therein, the user will select a new password and will establish new password challenge answers.
Let's delete someone's password challenge answers.
Note: you might want to poke around your Security Workbook to find a likely EmplID or two to use for this exercise. Or, you can use the Delete Challenge Questions search page's searching features - your choice!
- The ctcLink Gateway page displays.
- Click the Delete Challenge Questions link.
- The Delete Challenge Questions search page displays.
- Enter User ID.
- Click the Search button.
- The verification page displays.
- Click the I have verified the identity of this user button.
- The confirmation page displays.
- Click the Yes button.
- A status message window displays.
- Click the OK button.
- The status message window disappears.
- Click the Return to Search button.
- The Delete Challenge Questions search page displays.
- Just to confirm that the deletion took, re-enter the original User ID, then click the Search button.
- The "No matching values were found" message displays, which is a good thing.
- To log out of SVL, click the Sign Out link.
Purpose: A Dynamic Role is one which is assigned to, or removed from, the user based on the state of the user's data. An SBCTC batch process runs periodically, scanning data in each of the three Pillars, then assigning or removing Roles as the data dictates.
A good example starts in the CS Pillar's Instructor/Advisor Table. If a user is in the table as an Instructor, the batch process assigns her the ZZ SS Faculty Role. If a user is in the table as an Advisor, the batch process assigns her the ZZ SS Advisor Role. Conversely, the batch process deletes those Roles from the user if her Instructor/Advisor Table data so dictates.
The ZZ SS Faculty Role spawns the Faculty Center tile on the user's ctcLink Gateway page.
The ZZ SS Advisor Role spawns the Advisor Homepage tile on the user's ctcLink Gateway page.
Let's mimic, as closely as we can, the work of the SBCTC batch process. First, we'll assign ourselves access to the Instructor/Advisor Table, and make ourselves both an Instructor and an Advisor.
Second, we'll mimic the SBCTC batch process by manually assigning the ZZ SS Faculty Role to ourselves, then look for the Faculty Center tile on our ctcLink Gateway page.
Third, we'll mimic the SBCTC batch process by manually assigning the ZZ SS Advisor Role to ourselves, then look for the Advisor Homepage tile on our ctcLink Gateway page.
By the time we're done with all that, we'll be appreciative of the work the SBCTC batch process does on our behalf!
Audience: Local Security Administrators
Prerequisite: DG5 colleges: SVX login to the Gateway page
DG6 colleges: SVL login to the Gateway page
First, we'll assign ourselves Role access to the Instructor/Advisor Table, and give ourselves both the Instructor and the Advisor data conditions in the Table.
- The ctcLink Gateway page displays. Note the navigation tiles on the left side of the page. For me, they're Canvas, Student Homepage, CS Staff Homepage, HCM Self-Service, Financials Self-Service, and Delete Challenge Questions. Yours may differ.
- Let's open up the CS Pillar. Click the CS link at the top of the page.
- The CS Pillar homepage displays. Let's navigate to NavBar > Navigator > Curriculum Management > Instructor/Advisor Information > Instructor Advisor Table
- I don't have that navigation path available to me! Let's see if I'm missing a Role.
- Let's run our "which Role do I need to navigate to a particular page?" query. Click the Reporting Tools menu item.
- The Reporting Tools menu displays.
- Click the Query menu item.
- The Query menu displays.
- Click the Query Viewer menu item.
- The Query Viewer search page displays.
- If you've not previously bookmarked the query, do so thusly:
- in the begins with textbox, enter "QCS_SEC_ROLE_NAVIGATION_ACCESS". It's not case-sensitive.
- click the Search button.
- in the Search Results section, click Favorite.
- We've found and bookmarked the query. Now, let's run it. Click HTML.
- The QCS_SEC_ROLE_NAVIGATION_ACCESS query displays in a new window.
- In the Navigation like (%ADMIT%) textbox, type "%INSTRUCTOR/ADVISOR TABLE%". It's case-sensitive.
- In the Role Name like % texbox, type "Z%". It's case-sensitive.
- Click the View Results button.
- The results section of the page displays. We're looking in the Role Name column for a ZZ or ZC Role, so we can add/update the Instructor/Advisor Table. We're looking in the Local Security Grant Role column for a ZZ Local Security Admin value, so that we can assign the Role to ourselves.
- Row 11 fits the bill, as do several others. Jot down "ZZ CM Local Configuration".
- Close the QCS_SEC_ROLE_NAVIGATION_ACCESS window.
- Next, we'll assign ourselves the ZZ CM Local Configuration Role. Navigate to NavBar> Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
- The Distributed User Profile search page displays.
- Enter your login User ID.
- Click the Search button.
- The General tab displays.
- Click the User Roles tab.
- The User Roles tab displays. I currently have 12 Roles.
- Click any of the Add a New Row [+] icons.
- A new, blank row displays.
- In the Role Name textbox, type "ZZ CM Local Configuration". It's case-sensitive.
- Click the Save button.
- Now I've got 13 Roles.
- I happen to know that the Instructor/Advisor Table is keyed by EmplID, not ctcLink login ID. Let's look up our EmplID. Click the ID tab.
- The ID tab displays. Jot down your Attribute Value.
- Now can we add ourselves to the Instructor/Advisor Table? Navigate to NavBar > Navigator > Curriculum Management > Instructor/Advisor Information > Instructor Advisor Table.
- The navigation path still doesn't exist! What gives? Oh yeah, I recall from the 9.2 PeopleSoft Fundamentals Canvas course that we must clear browser cache after changing our Distributed User Profile.
- Close your CS window.
- Sign Out from SVX or SVL.
- Clear your browser cache.
- Log in to SVX or SVL.
- Open your CS window.
- Navigate to NavBar > Navigator > Curriculum Management > Instructor/Advisor Information > Instructor Advisor Table.
- At last, the Instructor/Advisor Table search page displays!
- Enter your ID. Recall that this is not your ctcLink login User ID; rather, it's the Attribute Value from your Distributed User Profiles ID tab.
- Click the Search button.
- The Instructor/Advisor Table page displays. Now, be forewarned that I'm going to spring yet another 'gotcha' in a minute; we'll sell it as a 'learning experience', yes?
- Click the Instructor Type dropdown.
- Click Instructor.
- We shall make ourselves both an Instructor and an Advisor. Click the Advisor checkbox.
- Click the Primary Acad Org spyglass.
- The Look Up Primary Acad Org popup displays.
- Click the Academic Organization of your choice.
- The Look Up Primary Acad Org popup disappears. The Primary Acad Org populates.
- Now here comes the 'gotcha'. Click the Save button.
- The "You are not allowed to update your own data" message box screeches. I guess it makes sense that there are some functions within PeopleSoft that we can't perform on ourselves, like giving ourselves pay raises and 4.0 GPAs and such. This is one of them.
- Click the OK button. We'll pretend that we assigned ourselves both the Instructor and the Advisor data conditions.
- The "You are not allowed..." message box disappears.
- Click the Return to Search button.
- The "Do you want to save your changes?" message box displays.
- Click, sadly, the No button.
- The "Do you want to save your changes?" message box disappears.
- The Instructor/Advisor Table search page displays. Remember, we're pretending that we successfully made ourselves both an Instructor and an Advisor!
- Close your CS Pillar window.
Second, we'll mimic the SBCTC batch process by manually assigning the ZZ SS Faculty Role to ourselves, then look for the Faculty Center tile on our ctcLink Gateway page. Do recall that we're pretending to have assigned ourselves Instructor status on the Instructor/Advisor Table page
- The ctcLink Gateway page displays. Note the navigation tiles on the left side of the page. For me, they're Canvas, Student Homepage, CS Staff Homepage, HCM Self-Service, Financials Self-Service, and Delete Challenge Questions. Yours may differ.
- Let's open up the CS Pillar. Click the CS link at the top of the page.
- The CS Pillar homepage displays. Navigate to NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
- The Distributed User Profiles search page displays.
- Enter your SVX or SVL logon User ID.
- Click the Search button.
- The General tab displays.
- Click the User Roles tab.
- The User Roles tab displays. Right now, I have 13 Roles.
- Click any of the Add a New Row [+] icons.
- A new, blank row displays.
- In the Role Name textbox, enter "ZZ SS Faculty". It's case-sensitive.
- Click the Save button.
- We've altered our Distributed User Profile, so we must log out, clear cache, and log back in again. Close your CS Pillar window.
- Sign Out of the SVX or SVL Gateway.
- Clear your browser cache.
- Log in to SVX or SVL.
- The ctcLink Gateway page displays. Well, looky here! The Faculty Center has been added to our collection of navigation tiles!
- Click the Faculty Center tile.
- The Faculty Center page displays in a new window. Yay!
- Close your Faculty Center window.
Third, we'll mimic the SBCTC batch process by manually assigning the ZZ SS Advisor Role to ourselves, then look for the Advisor Homepage tile on our ctcLink Gateway page. Do recall that we're pretending to have assigned ourselves Advisor status on the Instructor/Advisor Table page
- The ctcLink Gateway page displays. Note the navigation tiles on the left side of the page. For me, they're Canvas, Student Homepage, Student Services Center, Faculty Center, CS Staff Homepage, HCM Self-Service, Financials Self-Service, and Delete Challenge Questions. Yours may differ.
- Let's open up the CS Pillar. Click the CS link at the top of the page.
- The CS Pillar homepage displays. Navigate to NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
- The Distributed User Profiles search page displays.
- Enter your SVX or SVL logon User ID.
- Click the Search button.
- The General tab displays.
- Click the User Roles tab.
- The User Roles tab displays. Right now, I have 14 Roles.
- Click any of the Add a New Row [+] icons.
- A new, blank row displays.
- In the Role Name textbox, enter "ZZ SS Advisor". It's case-sensitive.
- Click the Save button.
- We've altered our Distributed User Profile, so we must log out, clear cache, and log back in again. Close your CS Pillar window.
- Sign Out of the SVX or SVL Gateway.
- Clear your browser cache.
- Log in to SVX or SVL.
- The ctcLink Gateway page displays. Well, looky here! The Advisor Homepage has been added to our collection of navigation tiles!
- Click the Advisor Homepage tile.
- The Advisor Homepage displays in a new window. Yay!
- Close your Advisor Homepage window.
- Sign Out of SVX or SVL.
Purpose: The Campus Solutions pillar has its own way of securing data. That's called SACR (Student Administration Contributor Relations) Security. The Roles in a User Profile grant navigation access; SACR Security grants data access.
Let's assign basic SACR Security, which is required for all administrative staff with 'Z' security Roles.
Let's assign Academic Program/Plan security, which is required for staff who manage a student's program/plan stack.
Let's assign Service Indicator security, which is required for staff who manage what Legacy calls 'unusual actions' and 'punitive actions'.
Audience: Local Security Administrators
Prerequisites: PeopleSoft Security Administration Module 04
DG5 colleges: SVX Login to the Gateway page
DG6 colleges: SVL Login to the Gateway page
Navigation from the Gateway page to the CS Pillar
Purpose: Let's assign basic SACR Security to ourselves. That includes Academic Institution, Institution/Campus, Institution/Career, and Academic Org security.
If you'd like, you can refer to this ctcLink Reference Center QRG:
- The CS homepage displays.
- Click the NavBar icon in the upper-right corner of the page.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the Set Up SACR menu item.
- The Set Up SACR menu displays.
- Select the Security menu item.
- The Security menu displays.
- Select the Secure Student Administration menu item.
- The Secure Student Administration menu item displays.
- Select the User ID menu item.
- The User ID menu displays.
- Select the Academic Institution Security menu item.
- The Academic Institution Security search page displays.
- Enter your ctcLink User ID.
- Click the Search button.
- The Academic Institution Security page displays.
- Click the spyglass to display a list of institutions.
- The Look Up Academic Institution window displays.
- Click your Academic Institution.
- The Look Up Academic Institution window disappears.
- The Academic Institution field populates with your institution.
- Click the Save button.
That was Academic Institution security. Now let's move on the second of our four basic SACR Security tasks: Institution/Campus Security.
- Click the NavBar icon in the upper-right part of the page.
- The NavBar tray unfurls. Click the Navigator icon.
- Mercifully, PeopleSoft remembers where we were in the Navigator menu structure, so we don't have to work our way from the root to where we want to be. Click the Institution/Campus Security menu item.
- The Institution/Campus search page displays.
- If your User ID field is not auto-populated, enter your User ID - the same one you entered in the Academic Institution Security search page above.
- Click the Search button.
- The Institution/Campus Security page displays. Notice that your Academic Institution displays.
- Click the Campus spyglass.
- The Look Up Campus search page displays.
- Click your Campus.
- The Look Up Campus search page disappears.
- Campus is populated with your campus.
- Click the Save button.
That was Institution/Campus security. Now let's move on the third of our four basic SACR Security tasks: Institution/Career Security.
- Click the NavBar icon in the upper-right of the page.
- The NavBar tray unfurls. Click the Navigator icon.
- Mercifully, PeopleSoft remembers where we were in the Navigator menu structure, so we don't have to work our way from the root to where we want to be. Click the Institution/Career Security menu item.
- The Institution/Career Security page displays, bypassing its Search page entirely.
- Click the Academic Career spyglass.
- The Look Up Academic Career search page displays.
- It's likely that your institution offers both Continuing Ed and Undergrad careers. Mine does, so I'll add each of them to my SACR security. Click CNED.
- The Look Up Academic Career search page displays. The Academic Career field populates.
- Now let's add that second Career. Click the Add a New Row [+] icon.
- A new, blank row displays.
- Click the new, blank row's spyglass.
- The Look Up Academic Career search page displays.
- Click UGRD.
- The Look Up Academic Career search page disappears.
- The new, blank row's Academic Career populates.
- Click the Save button.
That was Institution/Career security. Now let's move on the fourth of our four basic SACR Security tasks: Academic Org Security.
- Click the NavBar icon in the upper-right of the page.
- The NavBar tray unfurls. Click the Navigator icon.
- Mercifully, PeopleSoft remembers where we were in the Navigator menu structure, so we don't have to work our way from the root to where we want to be. Click the Academic Org Security menu item.
- The Academic Org Security page displays, bypassing its Search page entirely.
- Click the Acad Org spyglass.
- The Look Up Acad Org search page displays. I get access to each and every Academic Organization at my institution, so I'll search for the umbrella Acad Org value so I don't have to enter each and every Acad Org.
- Enter the three-digit code for your college in the "begin with" box.
- Click the Look Up button.
- Values for your institution display. The umbrella, all-inclusive value takes the form "nnnAAAAAAAA", where nnn is your three-digit institution code, and AAAAAAA in the name of your institution. Example: 140CLARK
- Scroll until you locate your umbrella value.
- Click the umbrella value.
- The Look Up Acad Org search page disappears.
- The Acad Org value populates. Click the Save button.
- All done! Return to your CS homepage.
Purpose: Let's assign Academic Program and Plan Security to ourselves.
If you'd like, you can refer to these ctcLink Reference Center QRGs:
- The CS homepage displays.
- Click the NavBar icon in the upper-right corner of the page.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the Set Up SACR menu item.
- The Set Up SACR menu displays.
- Select the Security menu item.
- The Security menu displays.
- Select the Secure Student Administration menu item.
- The Secure Student Administration menu item displays.
- Select the User ID menu item.
- The User ID menu displays.
- Select the Academic Program Security menu item.
- The Academic Program Security search page displays.
- Enter your User ID. You can type it in or spyglass it.
- Enter your Academic Institution. You can type it in or spyglass it.
- Enter your Academic Career. You can type it in or spyglass it.
- Click the Search button.
- The Academic Program Security page displays.
- To award security to specific Academic Programs, click the spyglass. To award security to all Academic Programs, click the All Access button.
- I gave myself All Access.
- Click the Save button.
That's it for Academic Program Security. Now let's add Academic Plan Security.
- Click the NavBar icon in the upper-right of the page.
- The NavBar tray unfurls. Click the Navigator icon.
- Mercifully, PeopleSoft remembers where we were in the Navigator menu structure, so we don't have to work our way from the root to where we want to be. Click the Academic Plan Security menu item.
- The Academic Plan page displays. The Academic Plan Search page is bypassed entirely.
- Again, you can use the spyglass to select individual Academic Plan(s), or click the All Access button to award, well, access to all academic plans.
- I chose the All Access button.
- Click the Save button.
- All done! Return to your CS homepage.
Purpose: Let's assign Service Indicator Security to ourselves.
If you'd like, you can refer to this ctcLink Reference Center QRG:
- The CS homepage displays.
- Click the NavBar icon in the upper-right corner of the page.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the Set Up SACR menu item.
- The Set Up SACR menu displays.
- Select the Security menu item.
- The Security menu displays.
- Select the Secure Student Administration menu item.
- The Secure Student Administration menu item displays.
- Select the User ID menu item.
- The User ID menu displays.
- Select the Service Indicator Security menu item. You might have to scroll down to find it.
- The Service Indicator Security search page displays.
- Enter your User ID.
- Click the Search button.
- The Service Indicator Security page displays.
- Let's grant ourselves two Service Indicators. Click the Service Indicator Code spyglass.
- The Look Up Service Indicator Code search page displays.
- Click a Service Indicator Cd of your choosing.
- The Look Up Service Indicator Code search page disappears. The Service Indicator Code value populates.
- Why will we be assigning this Service Indicator to a student? Click the Reason spyglass.
- The Look Up Reason search page displays.
- Click a Service Ind Reason Code of your choice.
- The Look Up Reason search page disappears. The Reason value populates.
- Can I place this Service Indicator on a student's record? Click the Placement checkbox.
- Once placed, by me or someone else, can I release this Service Indicator from a student's record? Click the Release checkbox.
- Click the Save button.
- Let's grant ourselves security to place/release a second Service Indicator. Click the Add a New Row [+] icon.
- A new, blank row displays.
- Click the Service Indicator spyglass and select a Service Indicator Code.
- Click the Reason spyglass and select a Reason code.
- Click the Placement and Release checkboxes. Your page will look something like this...
- Everything look ok? Click the Save button.
- All done! Close your CS window. Log out of SVX or SVL. Accept my congratulations.
Purpose: How do we learn which Roles are needed by a PeopleSoft page? There's a handy query that lets us enter the page navigation path, then displays the Role(s) that grant navigation access to that page.
The query exists in each of the three Pillars, albeit with a slightly different name prefix. Let's see how it works in the CS Pillar.
- The CS homepage displays.
- Click the NavBar icon in the upper-right corner of the page.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the Reporting Tools menu item. You might have to scroll to find it.
- The Report Tools menu displays.
- Click the Query menu item.
- The Query menu displays.
- Click the Query Viewer menu item.
- The Query Viewer search page displays.
- In the begins with textbox, enter "%sec_role_nav". It's not case-sensitive.
- Click the Search button.
- The Search Results section of the page populates. We're hunting for Query Name = "QCS_SEC_ROLE_NAVIGATION_ACCESS".
- We're going to use this query nearly every day for the rest of our lives, so let's bookmark it. Click Favorite in the far-right cell.
- The My Favorite Queries section of the page displays. Next, let's run the query.
- Click HTML.
- The QCS_SEC_ROLE_NAVIGATION_ACCESS query parameters page displays in a new window.
- Let's look up three different pages we're going to need for the next few exercises. In the Navigation like (%ADMIT) textbox, enter "%VALID CASHIERS%". It's case-sensitive.
- In the Role Name like % textbox, enter "Z%". It's case-sensitive.
- Click the View Results button.
- We'll study this query's columns in another exercise. For now, make note of the fourth row, fifth column, whose cell reads "ZC SF SACR Local Configuration". We'll need to assign that Role to ourselves in a bit.
- Now let's look up our next page. In the Navigation like (%ADMIT%) textbox, enter "%OPEN OFFICES%". It's case sensitive.
- Click the View Results button.
- We'll study this query's columns in another exercise. For now, make note of the second row, fifth column, whose cell reads "ZZ SF Head Cashier". We'll need to assign that Role to ourselves in a bit.
- One more page to look up. In the Navigation like (%ADMIT%) textbox, enter "%VIEW CUSTOMER ACCOUNTS%". It's case sensitive.
- Click the View Results button.
- We'll study this query's columns in another exercise. For now, make note of the third row, fifth column, whose cell reads "ZD SF Customer Accounts". We'll need to assign that Role to ourselves in a bit.
- How many "Z" Roles do you think there are in ctcLink? Let's find out. In the Navigation like (%ADMIT%) textbox, type "%".
- Click the View Results button. I got 9,748 Roles!
- That's a lot of Roles! Let's dump them down to Excel, just so we know how. Click Excel Spreadsheet.
- The browser's Open/Save dialog box displays. You know what to do from here to open/save the search results to Excel, yes?
Now here are those three pages and Roles we've just harvested:
- Navigation path: Set Up SACR>Product Related>Student Financials>Cashiering>Valid Cashiers
- Role: ZC SF SACR Local Configuration
- Navigation path: Student Financials>Cashiering>Cash Management>Open Offices
- Role: ZZ SF Head Cashier
- Navigation path: Student Financials>View Customer Accounts
- Role: ZD SF Customer Accounts
- All done! Return to your CS homepage.
Purpose: Let's assign Student Financials SACR Security to ourselves. That includes Business Unit, Institution Set, Origin, and SetID
If you'd like, you can refer to this ctcLink Reference Center QRG:
- The CS Pillar homepage displays.
- Click the NavBar icon in the upper-right corner.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the Set Up SACR menu item.
- The Set Up SACR menu displays.
- Click the Security menu item.
- The Security menu displays.
- Click the Secure Student Financials menu item.
- The Secure Student Financials menu displays.
- Click the User ID menu item.
- The User ID menu displays.
- Click the Business Unit menu item.
- The Business Unit search page displays.
- Enter your ctcLink User ID. It's not case-sensitive.
- Click the Search button.
- The Business Unit page displays.
- Click the Business Unit spyglass.
- The Look Up Business Unit window displays.
- Click your Business Unit.
- The Look Up Business Unit window disappears. The Business Unit value populates.
- Click the Cashier's Office spyglass.
- The Look Up Cashier's Office window displays.
- Click an appropriate Cashier's Office.
- The Look Up Cashier's Office window disappears. The Cashier's Office populates.
- Click the Save button.
- A warning message box displays. We'll learn about it later. For now, click the OK button.
- We're done with Business Unit. Now on to our second SF SACR item: Institution Set. Click the NavBar icon.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the Institution Set menu item.
- The Institution Set page displays, bypassing its search page.
- Click the Institution Set spyglass.
- The Look Up Institution Set window displays.
- Click your Institution Set.
- The Look Up Institution Set window disappears. The Institution Set populates.
- Click the Save button.
- There's that Security Change message box again. Click the OK button.
- Two down, two to go. Let's try Origin next. Click the NavBar icon.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the Origin IDs menu item.
- The Origin search page displays.
- Enter your Business Unit and User ID.
- Click the Search button.
- "No matching values were found"? Oh yeah, we're adding our SACR Origin IDs, meaning they don't exist yet, so cannot be found via search. Click the Add a New Value tab.
- The Add a New Value page displays. It drags along our Business Unit and User ID.
- Click the Add button.
- The Origin page displays,
- Click the Origin ID spyglass.
- The Look Up Origin ID window displays.
- Click an appropriate Origin ID.
- The Look Up Origin ID window disappears. The Origin ID populates.
- Click the Save button.
- As we've come to expect, the Security Change message box displays. Click the OK button.
- Now for our final SF SACR item: SetID. Click the NavBar icon.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the SetID menu item.
- The SetID page displays, bypassing its search page.
- Click the SetID spyglass.
- The Look Up SetID window displays.
- Click your SetID. You might have to scroll to find it.
- The Look Up SetID window disappears. The SetID populates.
- Click the Save button.
- The pesky Security Change message box displays. Click the OK button.
- All done! Return to your CS homepage.
Purpose: Let's assign Financial Aid SACR Security to ourselves. That includes User Defaults 1, User Defaults 2, User Defaults 4, and Communication Speed Keys.
If you'd like, you can refer to this ctcLink Reference Center QRG:
- The CS Pillar homepage displays.
- Click the NavBar icon in the upper-right corner.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the Set Up SACR menu item.
- The Set Up SACR menu displays.
- Click the User Defaults menu item.
- The User Defaults 1 tab of the User Defaults page displays. Notice that there is no search page, and that the User Defaults page automatically fetches your ctcLink logon User ID? This group of SACR settings is for each CS staff member, including Student Financials and Financial Aid staff, to set for herself.
- Click the Academic Institution spyglass.
- The Look Up Academic Institution window displays.
- Click your Academic Institution.
- The Look Up Academic Institution window disappears. The Academic Institution, Career Group SetID and Facility Group SetID populate.
- Click the Save button.
- That's it for the User Defaults 1 tab. Click the User Defaults 2 tab.
- The User Defaults 2 tab displays.
- Click the SetID spyglass.
- The Look Up SetID window displays.
- Click your SetID.
- The Look Up SetID window disappears. The SetID populates.
- Click the Aid Year spyglass.
- The Look Up Aid Year window displays.
- Click the appropriate Aid Year.
- The Look Up Aid Year window disappears. The Aid Year populates.
- Click the Business Unit spyglass.
- The Look Up Business Unit window displays.
- Click your Business Unit.
- The Look Up Business Unit window disappears. The Business Unit populates.
- Click the Institution Set spyglass.
- The Look Up Institution Set window displays.
- Click your Institution Set.
- The Look Up Institution Set window disappears. The Institution Set populates.
- Click the Save button.
- We've got no business in the User Defaults 3 tab, so click the User Defaults 4 tab.
- The User Defaults 4 tab displays.
- Click the Carry ID checkbox until it has a checkmark in it. Don't leave it empty.
- Click the Save button.
- We have no business in the Enrollment Override Defaults tab, so click the Communication Speed Keys tab.
- The Communication Speed Keys tab displays.
- Select the Academic Institution spyglass.
- The Look Up Academic Institution window displays.
- Click your Academic Institution.
- The Look Up Academic Institution window disappears. The Academic Institution populates.
- Click the Administrative Function spyglass.
- The Look Up Administrative Function window displays.
- Click FINA (DG5) or GEN (DG6).
- The Look Up Administrative Function window disappears. The Administrative Function populates.
- Click the Communication Key spyglass.
- The Look Up Communication Speed Key window displays.
- Select an appropriate Communication Speed Key. If no Communication Speed Keys display, click the Cancel button. We'll delve into this at the end of this exercise (for EXTRA CREDIT!).
- The Look Up Communication Speed Key window disappears. If you clicked a Communication Speed Key, the Communication Key populates.
- Click the Save button.
Why mightn't the Communication Key spyglass return any values? Probably because your User ID hasn't had 3C Group Security applied yet.
Hungry for some extra credit?
- Follow the steps listed in the SACR-3Cs Group Security section of 9.2 SACR-3Cs Group Security (Financial Aid). No need to do the After Set Up Log In section of the QRG.
- Come back to your User Defaults page, Communication Speed Keys tab.
- Look up and select a Communication Key.
- Save your Communication Speed Keys tab.
- Take tomorrow off.
- All done! Return to your CS homepage.
Purpose: We've assigned ourselves CS Core basic SACR, Student Financials SACR, and Financial Aid SACR. We recall that Roles grant us navigation to pages, and that SACR grants us access to the data on those pages.
Let's grant ourselves a Role, and see if our SACR assignments worked. The View Customer Accounts page might be useful to your Financial Aid advisors. It requires the ZD SF Customer Accounts Role. Let's give it a spin.
If you'd like, you can refer to this ctcLink Reference Center QRG:
- The CS Pillar homepage displays.
- Click the NavBar icon in the upper-right of the page.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays. The navigation path we're looking for is
Student Financials > View Customer Accounts
- Click the Student Financials menu item.
- The Student Financials menu displays. We should see View Customer Accounts as a menu item. We don't. Let's check our Roles to see if we have ZD SF Customer Accounts.
- Click the Back to Root icon.
- The Navigator root menu displays.
- Click the PeopleTools menu item. You might have to scroll to find it.
- The PeopleTools menu displays.
- Click the Security menu item.
- The Security menu displays.
- Click the User Profiles menu item.
- The User Profiles menu displays.
- Click the Distributed User Profiles menu item.
- The Distributed User Profiles search page displays.
- Enter your ctcLink User ID.
- Click the Search button.
- The General tab displays.
- Click the User Roles tab.
- The User Roles tab displays. I don't see the ZD SF Customer Accounts Role; I'm betting that you don't either. Let's assign it to ourselves.
- Click any of the Add a New Row [+] icons.
- A new, blank row displays.
- Click the new, blank row's Role Name spyglass.
- The Look Up Role Name window displays.
- In the begin with textbox, enter "ZD SF Cust".
- Click the Search button.
- The Search Results display.
- Click ZD SF Customer Accounts.
- The Look Up Role Name window disappears. The Role Name populates.
- Click the Save button.
- Depending on how you've spoofed your EmplID in the ID tab, you might get a Warning message box. If you do, click the OK button.
- Now let's search for NavBar > Navigator > Student Financials > View Customer Accounts again.
- Still not there. Ah yes, we recall from our 9.2 PeopleSoft Fundamentals Canvas course that changes to a User Profile, like adding a new Role, require that we clear browser cache.
- Close your CS window.
- Log off gracefully from the Gateway page.
- Clear your browser's cache.
- Log on to SVX or SVL.
- Open a CS Pillar window.
- The CS Pillar homepage displays. Hey, mine has a Student Financials tile on it now!
- Click the NavBar icon.
- The NavBar tray unfurls.
- Click the Navigator icon.
- The Navigator menu displays.
- Click the Student Financials menu item.
- The Student Financials menu displays.
- It's here! It's here! Click the View Customer Accounts menu item!
- The View Customer Accounts search page displays.
- Enter/search/spyglass your Business Unit.
- Enter/search/spyglass one of your college's student IDs.
- Click the Search button.
If you're struggling to find one of your valid student IDs, please feel free to move on. Searching for students who qualify for some particular page or query is an artful science that we'll cover in more detail later.
- The Customer Accounts page displays! Feel free to poke around, if you wish. Or not. We've achieved the goal of this exercise.
- All done! Return to your CS homepage.
Purpose: We've assigned ourselves CS Core basic SACR, Student Financials SACR, and Financial Aid SACR. We recall that Roles grant us navigation to pages, and that SACR grants us access to the data on those pages.
We've granted ourselves the ZD SF Customer Accounts Role so we could use the View Customer Accounts page. So far so good.
For this exercise, we'll once again grant ourselves a Role - or two - so we can view and update and correct history on another Student Financials page - or two.
And, just like that fateful moment in Driver's Ed class, you're going to drive! I'll be in the passenger's seat, in the form of a QRG; otherwise, it's on you to assign your new Roles, clear cache, then follow the QRG.
- In the CS Pillar, use the Distributed User Profiles page to assign yourself the ZC SF SACR Local Configuration Role
- In the CS Pillar, use the Distributed User Profiles page to assign yourself the ZZ SF Head Cashier Role.
- Close your CS Pillar window.
- Log out of SVX or SVL.
- Clear browser cache.
- Log in to SVX or SVL.
- Open your CS Pillar window.
- Follow the steps in 9.2 Add a New Cashier and Assign to a Valid Tender to set yourself up as a cashier at your college. Please read the note below before you begin the QRG!
Note: In the QRG's Adding Tender Keys section, between steps 2 and 3, please check the Correct History checkbox! It should look like this:
- All done. Close your CS Pillar window. Log out of SVX or SVL gracefully.
Purpose: The Financials/Supply Chain Management pillar has its own way of securing data. That's called User Preference Definition (UPD) security. The Roles in a User Profile grant navigation access; User Preference Definition security grants data access.
Let's assign basic Overall Preference security, which is required for all administrative staff with 'Z' security Roles.
Let's assign Product Preference security, which is required for staff who process a particular type of transaction, e.g., Billing, Contracts, Paycycles et al.
Let's assign Process Group security, which is required for staff who process payments.
Audience: Local Security Administrators
Prerequisites: PeopleSoft Security Administration Module 05
DG5 colleges: SVX Login to the Gateway page
DG6 colleges: SVL Login to the Gatway page
Navigation from the Gateway page to the FSCM Pillar.
Each employee will be granted the ZZ PeopleSoft User Role automatically, then must have their Overall Preferences defined in FSCM for Expenses to work. All employees are assigned access to the Expenses tile for Travel Authorizations, Cash Advance Requests and Expense Reporting. The entered values become the user's default values in the Business Unit and SetID search fields.
Let's assign our own Overall Preference security. Feel free to refer to Define User Preferences in FSCM.
- First, let's verify that we have the ZZ PeopleSoft User role. Navigate to NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
- The Distributed User Profile search page displays.
- Enter your ctcLink User ID.
- Click the Search button.
- The General tab displays.
- Click the User Roles tab.
- The User Roles tab displays.
- Looks like I've got the ZZ PeopleSoft User role. Do you?
- Now let's assign our Overall Preferences. Navigate to NavBar > Navigator > Set Up Financials/Supply Chain > Common Definitions > User Preferences > Define User Preferences.
- The User Preferences search page displays.
- Enter your ctcLink User ID.
- Click the Search button.
- The User Preferences page displays.
- Click Overall Preference.
- The Overall Preferences tab displays.
- Click the Business Unit spyglass.
- The Look Up Business Unit popup displays.
- Click your college's Business Unit.
- The Look Up Business Unit popup disappears. The Business Unit populates.
- The SetID populates as well, but with the wrong value. Click the SetID spyglass.
- The Look Up SetID popup displays.
- Click WACTC. No other value will do.
- The Look Up SetID popup disappears. The SetID populates.
- Click the Alternate Character Enabled checkbox. Checking this box activates alternate description buttons or links, which appear to the right of fields on many of the application pages. Click the button or link to enter or display alternate characters on the auxiliary page that appears. Not required for every employee, but recommended for administrative staff working in the finance pillar.
- Click the Display Debit/Credit Amounts in Subsystems checkbox. Checking this box displays debit and credit amounts of the default business unit on journal entry and inquiry pages. A subsystem is any PeopleSoft application, such as Payables or Receivables, that contributes entries to PeopleSoft General Ledger. Not required for every employee, but recommended for administrative staff working in the finance pillar.
- Click the Save button.
- And that's that for your Overall Preferences. Click the PeopleSoft Home icon.
There are a whole bunch of Product Preference security options. Let's focus on the Paycycle area.
Finance administrative system users who have been assigned the ZZ Payment Creation role will also require Overall Preferences defined and the Paycycle Product Preference defined.
The User Preference definition for Paycycle sets a default output destination for the Pay Cycle Manager and the Express Payment Manager components (PYCYCL_MGR and EXP_PYCYCL_MGR). These default values are not required to perform any pay cycle process.
Let's assign our own Paycycle Product Preference security. Feel free to refer to Define User Preferences in FSCM.
- First, let's verify that we have the ZZ Payment Creation role. Navigate to NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
- The Distributed User Profile search page displays.
- Enter your ctcLink User ID.
- Click the Search button.
- The General tab displays. If you've not done so, update your Symbolic ID thusly:
- Click the Symbolic ID dropdown.
- Click SYSADM1.
- Click the Save button.
- Click the User Roles tab.
- The User Roles tab displays. I don't have the ZZ Payment Creation role. I'll assign it to myself; if you don't have it either, please assign it to yourself thusly:
- Click any of the Add a New Row [+] icons.
- In the new, blank row's Role Name field, type "ZZ Payment Creation". It's case-sensitive.
- Click the Save button.
- Now that we've got the Role, let's set our Product Preference - Paycycle security. Navigate to NavBar > Navigator > Set Up Financials/Supply Chain > Common Definitions > User Preferences > Define User Preferences.
- The User Preferences search page displays.
- Enter your ctcLink User ID.
- Click the Search button.
- The User Preferences page displays.
- Click Paycycle.
- The Paycycle tab displays.
- Enter Server File Destination, in the format of
/FSOUT/I-506_PositivePay/WAnnn/BofA/Data/
- You'll substitute your college code in place of nnn, yes?
- Click the Server spyglass.
- The Look Up Server popup displays.
- Click PSUNX. No other value will do.
- The Look Up Server popup disappears. The Server populates.
- Enter the Email ID of the person who'll receive payment error notifications.
- Click the Save button.
- And that's that for your Product Preference - Paycycle security. Click the PeopleSoft Home icon.
This User Preference definition is relevant for staff who process payments in either Accounts Payable or Expense processing, specifically Processing an Ex Pay Cycle. With the ZZ Payment Processing Role, setting up the Process Group definition is required to set controls for the on-demand features.
Let's assign our own Process Group security. Feel free to refer to Define User Preferences in FSCM.
- First, let's verify that we have the ZZ Payment Processing role. Navigate to NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
- The Distributed User Profile search page displays.
- Enter your ctcLink User ID.
- Click the Search button.
- The General tab displays.
- Click the User Roles tab.
- The User Roles tab displays. I don't have the ZZ Payment Processing role, so I'll add it. You do the same, if need be.
- Now for the ZZ Payment Processing Process Group security. Navigate to NavBar > Navigator > Set Up Financials/Supply Chain > Common Definitions > User Preferences > Define User Preferences.
- The User Preferences search page displays.
- Enter your ctcLink User ID.
- Click the Search button.
- The User Preferences page displays.
- Click Process Group.
- The Process Group page displays.
- If it's not already checked, check the Allow Processing checkbox.
- Click the Source Transaction spyglass.
- The Look Up Source Transaction popup displays.
- Click PYMNCNCL. You might have to scroll to find it.
- The Look Up Source Transaction popup disappears. The Source Transaction populates.
- We need to assign five Process Group rows to this Source Transaction. Click the Process Group Add a New Row [+] icon four times.
- Now we have five blank Process Group rows. Let's fill 'em up.
- Click the first row's spyglass.
- The Look Up Process Group popup displays.
- Click PAYPOSTGL.
- The Look Up Process Group popup disappears. The Process Group populates.
- Repeat steps 22, 23, 24 and 25 for each of the remaining four empty Process Group rows. In step 24, assign the next of these four values from the Look Up Process Group popup:
- PAYVCHRJG
- PAYVCHRPST
- PYCNCLPOST
- PYMNTPOST
- It ought to look something like this:
- Click the Save button.
- And that's that for your Payment Processing Process Group security. Click the PeopleSoft Home icon.
There are at least 25 Product Preference areas, including Asset Management, Billing, Contracts, Procurement.... scads and scads of them. Let's take a quick tour through them, just to gain a bit of familiarity with their existence.
- Navigate to NavBar > Navigator > Set Up Financials/Supply Chain > Common Definitions > User Preferences > Define User Preferences.
- The User Preferences search page displays.
- Enter your ctcLink User ID.
- Click the Search button.
- The User Preferences page displays.
- What we're looking at here is the block of 25 Product Preference links. I'm recommending that you click each one, in turn, just to see what's inside.
- Let's click the first one - Asset Management.
- The Asset Management - User Preferences page displays.
- Feel free to poke around. When you're done, click the User Preferences tab.
- The User Preferences page displays.
- Continue clicking your way through each of the 25 Product Preference links.
- When you get to Procurement, you'll notice that the landscape changes. Now there are ten links at the bottom of the Procurement page, each of which opens up another page! Click and examine each of them. Feel free to refer to Define User Preferences in FSCM for some guidance.
- After you've clicked and examined everything, close your FSCM browser window. Sign off of your Gateway/Portal window.
Purpose: As Local Security Administrators, we have some tools to help us troubleshoot our college's security landscape. Several of these tools are queries. What do the queries do? How do we find them?
Let's first ensure that we have the Roles we need to run the troubleshooting queries.
Next, we'll run two queries that will diagnose the vast majority of query security issues.
Then, we'll run six additional queries that can help us manage query security.
Audience: Local Security Administrators
Prerequisites: PeopleSoft Security Administration Canvas course, Module 6
DG5 colleges: SVX Login to the Gateway page
DG6 colleges: SVL Login to the Gateway page
Navigation from the Gateway page to the CS Pillar.
The Roles required to see the troubleshooting queries discussed in this section are ZD_DS_QUERY_VIEWER and ZD_DS_QRY_SECURITY_TABLES. The troubleshooting queries are available in each of the three Pillars.
- The CS homepage displays.
- Navigate to the Distributed User Profile search page via NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
- Enter your ctcLink login User ID.
- Click the Search button.
- The General tab displays.
- Click the User Roles tab.
- The User Roles tab displays.
- I already have the ZD_DS_QUERY_VIEWER Role, but not the ZD_DS_QRY_SECURITY_TABLES Role, so I'll add it thusly:
- Click the Add a New Row [+] icon
- In the new, blank row, enter Role Name = "ZD_DS_QRY_SECURITY_TABLES".
- Click the Save button.
- We've just updated a Distributed User Profile. We know what comes next:
- Close your CS window.
- Sign Out from SVX or SVL.
- Clear browser cache.
- Log In to SVX or SVL.
- Open your CS window.
There are two steps that Local Security Administrators can take that will diagnose the vast majority of security issues related to viewing and running queries. They are:
1. Determine if the Record is in the Query Tree
2. Determine if the user has the Roles to which the query is related
In step 1, we will find if the problem is related to a record not being in an access group within the query tree. If a record is not in an access group, it cannot be tied to a ZD_DS_QRY role, so users will be unable to use any query containing that record. These issues are rare and should be referred to SBCTC Data Services.
In step 2, we find the roles the user must have in order to view/run the query or report. This will be one of the most useful troubleshooting queries for Local Security Administrators.
Let's say that someone in Advising wants to run the QCS_AA_ENROLLED_NO_ADVISOR query, but can't even see it in the Query Viewer search page...
- The CS window displays. Navigate to Query Viewer via NavBar > Navigator > Reporting Tools > Query > Query Viewer.
- The Query Viewer search page displays. I've previously bookmarked a query in the My Favorite Queries section; perhaps you have as well, or not.
- In Query Name begins with, enter "QCS_DS_QUERY_RECORD_RPT". It's not case-sensitive.
- Click the Search button.
- The Query Search Results section populates.
- We're going to run this query all the time, so I'll bookmark it. Click the Favorites link.
- The query is added to the My Favorite Queries section.
- Now let's run it. Click HTML.
- The QCS_DS_QUERY_RECORD_RPT page opens in a new window.
- In the Query prompt, enter "QCS_AA_ENROLLED_NO_ADVISOR". It's not case-sensitive.
- Click the View Results button.
- The Results section populates.
- We see this query hits four records:
- SCC_PERDATA_QVW
- STDNT_ADVR_HIST
- STDNT_CAR_TERM
- STDNT_ENRL
- This is good news! It means each of the records is in a query tree, and thus accessible to our user if she has the proper Role. But which Role? Close your QCS_DS_QUERY_RECORD_RPT window.
- The Query Viewer search page displays.
- In Query Name begins with, enter "QCS_DS_QUERY_RECORD_USER_RPT". It's not case-sensitive.
- Click the Search button.
- The Search Results section populates.
- To bookmark this very useful query, click the Favorites link.
- To run this very useful query, click the HTML link.
- The QCS_DS_QUERY_RECORD_USER_RPT query opens in a new window.
- In the Query prompt, enter "QCS_AA_ENROLLED_NO_ADVISOR".
- In the User ID prompt, enter your ctcLink login User ID.
- Click the View Results button.
- The Results section populates.
- The column labeled Roleuser Record Access must contain our User ID, at least once, for each of our four Records, or the user won't see the query in the Query Viewer search page.
- This user has access to the SCC_PERDATA_QVW record via the ZD_DS_QRY_SECURITY_TABLES Role.
- This user has access to the STDNT_CAR_TERM record via the ZD_DS_QRY_SECURITY TABLES Role.
- This user does not have access to the STDNT_ADVR_HIST record, which requires the ZD_DS_QRY_STUDENT_RECORDS Role.
- This user does not have access to the STDNT_ENRL record, which requires either the ZD_DS_QRY_FACULTY_WORKLOAD, ZD_DS_QRY_STUDENT_FINANCE or ZD_DS_QRY_STUDENT_RECORDS Role.
- Your real-world task would be to decide which of the missing Roles must be assigned to the user, then assign them via the Distributed User Profiles component, then have the user log off, clear cache, log in and run the query!
- Close your QCS_DS_QUERY_RECORD_USER_RPT window.
If neither Step 1 nor 2 provides the solution to the issue there are other helpful query and security-related queries located in the SECURITY query folder. Each query is available in all three Pillars. For even more queries related to query security along with detailed descriptions, please see the Queries Available tab of the Query Tree Models with Role Definitions (Links to an external site.) spreadsheet.
This query answers the question "What are all the Roles currently assigned to a particular user?"
- The Query Viewer search page displays.
- In Query Name begins with, enter "QCS_DS_QUERY_ROLE_USER_RPT". It's not case-sensitive.
- Click the Search button.
- The Search Results section populates. We'll bookmark then run the query.
- Click the Favorite link.
- Click the HTML link.
- The QCS_DS_QUERY_ROLE_USER_RPT page displays in a new window.
- Role Name like % defaults to "ZD_DS_Q%", but we can change it if we wish.
- Enter EMPLID = your ctcLink EmplID from the Distributed User Profiles ID tab.
- Click the Institution spyglass, then select an institution.
- Click the View Results button.
- The Results section populates.
- Close your QCS_DS_QUERY_ROLE_USER_RPT window.
This query answers the question "What is the relationship between Query Tree, Access Group, Record, and Role, which field is highly sensitive?"
- The Query Viewer search page displays.
- In Query Name begins with, enter "QCS_DS_QUERY_TREE_RECORD_RPT". It's not case-sensitive.
- Click the Search button.
- The Search Results section populates. We'll bookmark then run the query.
- Click the Favorite link.
- Click the HTML link.
- The QCS_DS_QUERY_TREE_RECORD_RPT page displays in a new window.
- Role Name like % is optional. Enter something if you like.
- Record is optional. Enter something if you like.
- I've left the prompts blank, just to be ornery.
- Click the View Results button.
- The Results section populates.
- Close your QCS_DS_QUERY_TREE_RECORD_RPT window.
This query answers the question "What are all the Roles currently assigned to a particular user by a particular institution?"
- The Query Viewer search page displays.
- In Query Name begins with, enter "QCS_SEC_USER_ROLES_BY_UNIT". It's not case-sensitive.
- Click the Search button.
- The Search Results section populates. We'll bookmark then run the query.
- Click the Favorite link.
- Click the HTML link.
- The QCS_SEC_USER_ROLES_BY_UNIT page displays in a new window.
- Click the Institution spyglass, then select an institution.
- Role Name is optional. I left it blank.
- ID is optional. I gave it mine from the Distributed User Profiles ID tab.
- Supervisor ID is optional. I left it blank - can't nobody supervise me!!
- Click the View Results button.
- The Results section populates.
- Close your QCS_SEC_USER_ROLES_BY_UNIT window.
This query answers the question "Which Roles grant access to a particular navigation path?"
- The Query Viewer search page displays.
- In Query Name begins with, enter "QCS_SEC_ROLE_NAVIGATION_ACCESS". It's not case-sensitive.
- Click the Search button.
- The Search Results section populates. We'll bookmark then run the query.
- Click the Favorite link.
- Click the HTML link.
- The QCS_SEC_ROLE_NAVIGATION_ACCESS page displays in a new window.
- In Navigation like (%ADMIT%), enter the navigation path surrounded by wildcard percent signs.
- In Role Name like %, enter "Z%" to fetch Z-prefixed Roles.
- Click the View Results button.
- The Results section populates.
- Close your QCS_SEC_ROLE_NAVIGATION_ACCESS window.
This query answers the question "Which queries can this user see and run?"
- The Query Viewer search page displays.
- In Query Name begins with, enter "QCS_DS_QUERY_ACCESS_BY_USER". It's not case-sensitive.
- Click the Search button.
- The Search Results section populates. We'll bookmark then run the query.
- Click the Favorite link.
- Click the HTML link.
- The QCS_DS_QUERY_ACCESS_BY_USER page displays in a new window.
- Click the Institution spyglass, then select an institution.
- Enter the user's EMPLID.
- To look at SBCTC Campus Solution queries, leave Query like % alone.
- Click the View Results button.
- The Results section populates.
- Close your QCS_DS_QUERY_ACCESS_BY_USER window.
This query answers the question "What are the queries that can be run by this Role?"
- The Query Viewer search page displays.
- In Query Name begins with, enter "QCS_DS_QUERY_ACCESS_BY_ROLE". It's not case-sensitive.
- Click the Search button.
- The Search Results section populates. We'll bookmark then run the query.
- Click the Favorite link.
- Click the HTML link.
- The QCS_DS_QUERY_ACCESS_BY_ROLE page displays in a new window.
- In Role begins with ZD_DS_QRY, enter "ZD_DS_QRY_STUDENT_RECORDS", or a Role of your choosing, so long as the Role name begins with the string "ZD_DS_QRY".
- Click the View Results button.
- The Results section populates.
- Close your QCS_DS_QUERY_ACCESS_BY_ROLE window.
- Close your CS window.
- Sign out of SVX or SVL.
Donald Denney
When I attempt to run any query that wants the Institution, I enter WA040 but it says invalid. When I click the lookup to search by academic institution, it says no matching values were found.