ctcLink Reference CenterResourcesPeopleSoft Security Project Security InformationExercises - PeopleSoft Security Administration Canvas Course

Exercises - PeopleSoft Security Administration Canvas Course

Purpose:  Enough reading, enough talking, it's time for some action!  You've completed the 9.2 PeopleSoft Fundamentals Canvas course; you're working your way through the six modules in the PeopleSoft Security Administration Canvas course; and you're working your way through your college's GoogleSheets Security Workbook.  These exercises will allow you to practice your new skills in a real PeopleSoft environment filled with your college's data.

Audience:  ctcLink Local Security Administrators

Prerequisites:   9.2 PeopleSoft Fundamentals Canvas course completion;

PeopleSoft Security Administration Canvas course module completion;

View access to your college's GoogleSheets Security Workbook;

DG5 colleges: Login credentials to the PeopleSoft SVX environment

DG6 colleges: Login credentials to the PeopleSoft SVL environment

SVX or SVL Login and Logout

Purpose:  How do I log in and out of the PeopleSoft SVX or SVL environment?  How do I move from the Gateway (aka Portal) to the three Pillars and back again?  How do I log out gracefully?

Audience:  Local Security Administrators

Prerequisites:    DG5 colleges: Login credentials to the PeopleSoft SVX environment

DG6 colleges: Login credentials to the PeopleSoft SVL environment

DG5 Colleges - SVX Login
DG6 Colleges - SVL Login
  1. Click this link to the ctcLink SVL login page.
  2. The ctcLink SVL login page displays.
ctcLink SVL login page
  1. Enter your ctcLink ID and Password.
  2. Click the Sign In button.
Enter ctcLink ID and Password
Either DG5 (SVX) or DG6 (SVL) Colleges
  1. The Gateway page, aka Portal, displays.  We'll leave the Gateway page open, and open new windows for each of the three Pillars:
    • HCM = Human Capital Management;
    • FSCM = Financials/Supply Chain Management;
    • CS = Campus Solutions.
  2. Click the HCM link at the top of the Gateway page.
Gateway Portal page
  1. The HCM landing page - in this example, the Employee Self Service page - displays in a brand new window.
Employee Self Service page
  1. Leave the brand new HCM window open.  Return to your Gateway page window.
  2. The Gateway page window displays.  Click the FSCM link at the top of the Gateway page.
Gateway Portal page
  1. The FSCM landing page - in this example, the Employee Self Service page - displays in a brand new window.  Now we have three windows open.
Employee Self Service page
  1. Leave the brand new FSCM window open.  Return to your Gateway page window.
  2. The Gateway page window displays.  Click the CS link at the top of the Gateway page.
Gateway Portal page
  1. The CS landing page - in this example, the ctcLink CS Staff Homepage - displays in a brand new window.  Now we have four windows open.
ctcLink CS Staff Homepage
  1. To log off gracefully, close each of the three pillar windows.  Now only the Gateway page is open.
  2. The Gateway page window displays.  Click the Sign Out link at the top of the Gateway page.
Gateway Portal page
  1. The Gateway page window closes.  The ctcLink SVX or SVL Login page displays.
ctcLink SVX Login page
  1. Section complete.
Module 1: Manage User Profiles

Purpose:  Now that we know how to log in, and how to work in each of the three Pillars, let's look at our own login User Profile in each of the three Pillars.  In each Pillar, we'll view our User Profile and our Distributed User Profile.  We'll view each of the three tabs in those Profiles.  We'll get some experience navigating.

Then, we'll learn some alternate searching tricks, and add/delete a Role!

Audience:  Local Security Administrators

Prerequisite:  DG5 colleges: SVX login to the Gateway page

DG6 colleges: SVL login to the Gateway page

Module 1 Exercise 1: HCM User Profiles

Purpose:  Let's navigate from the Gateway to our HCM User Profile and Distributed User Profile pages.

  1. The Gateway page displays.  Click the HCM link at the top of the page.
Gateway Portal page
  1. The HCM landing page displays.  Click the NavBar icon on the top right of the page.
HCM Landing page
  1. The NavBar tray displays.  Click the Navigator icon
NavBar tray
  1. The Navigator menu displays.  If necessary, scroll down until you find the PeopleTools menu item.
Navigator menu
  1. Click the PeopleTools menu item.
Navigator menu
  1. The PeopleTools menu displays.  Click the Security menu item.
PeopleTools menu
  1. The Security menu displays.  Click the User Profiles menu item.
Security menu
  1. Notice that we have two menu items of interest:
    • Distributed User Profiles - maintained by college Local Security Administrators
    • User Profiles - maintained by SBCTC, viewable by college Local Security Administrators
  2. Click the Distributed User Profiles menu item.
User Profiles menu
  1. The Distributed User Profile search page displays.
  2. Enter your login User ID, then click the Search button
Distributed User Profile search page
  1. The General tab displays.  We'll review it in much more detail later.  For now, I've highlighted the interesting fields on this tab.
  2. Click the ID tab.
General tab
  1. The ID tab displays.  We'll review it in much more detail later.  For now, I've highlighted the interesting fields on this tab.
  2. Click the User Roles tab.
ID tab
  1. The User Roles tab displays.  We'll review it in much more detail later.  For now, I've highlighted the interesting fields on this tab.  Note the number of User Roles shown on this tab.
  2. Click the NavBar icon on the top right of the page.
User Roles tab
  1. So that was the Distributed User Profiles page, wherein college Local Security Administrators can view/add/update/delete information.  Now let's look at the User Profiles page for the same User ID, wherein college Local Security Administrators can view only.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the User Profiles menu item.
Navigator menu
  1. The User Profile General tab displays for the same User ID we were just examining on the Distributed User Profile page.  Notice we did not have to search for the User ID; PeopleSoft carried the User ID along when we navigated.Notice how those "interesting fields" are not available for modification?  Again, this User Profile page is view-only for colleges.
  2. Click the ID tab.
General tab
  1. The ID tab displays.  "Interesting fields" are view-only.
  2. Click the Roles tab.
ID tab
  1. The Roles tab displays.  The count of Roles on this tab is greater by three than on the Distributed User Profiles tab, because we're seeing Roles that only SBCTC can assign.  And, there's no Add a New Row [+] or Delete a Row [+] icon.  View only!
Roles tab
  1. Close your HCM window.  Leave your Gateway window open.
  2. Section complete.
Module 1 Exercise 2: FSCM User Profiles

Purpose:  Let's navigate from the Gateway to our FSCM User Profile and Distributed User Profile pages.

  1. The Gateway page displays.  Click the FSCM link at the top of the page.
Gateway Portal page
  1. The FSCM landing page displays.  Click the NavBar icon on the top right of the page.
FSCM landing page
  1. The NavBar tray displays.  Click the Navigator icon
NavBar tray
  1. The Navigator menu displays.  If necessary, scroll down until you find the PeopleTools menu item.
Navigator menu
  1. Click the PeopleTools menu item.
Navigator menu
  1. The PeopleTools menu displays.  Click the Security menu item.
PeopleTools menu
  1. The Security menu displays.  Click the User Profiles menu item.
Security menu
  1. Notice that we have two menu items of interest:
    • Distributed User Profiles - maintained by college Local Security Administrators
    • User Profiles - maintained by SBCTC, viewable by college Local Security Administrators
  2. Click the Distributed User Profiles menu item.
User Profiles menu
  1. The Distributed User Profile search page displays.
  2. Enter your login User ID, then click the Search button
Distributed User Profile search page
  1. The General tab displays.  We'll review it in much more detail later.  For now, I've highlighted the interesting fields on this tab.
  2. Click the ID tab.
General tab
  1. The ID tab displays.  We'll review it in much more detail later.  For now, I've highlighted the interesting fields on this tab.
  2. Click the User Roles tab.
ID tab
  1. The User Roles tab displays.  We'll review it in much more detail later.  For now, I've highlighted the interesting fields on this tab.  Note the number of User Roles shown on this tab.
  2. Click the NavBar icon on the top right of the page.
User Roles tab
  1. So that was the Distributed User Profiles page, wherein college Local Security Administrators can view/add/update/delete information.  Now let's look at the User Profiles page for the same User ID, wherein college Local Security Administrators can view only.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the User Profiles menu item.
User Profiles menu
  1. The User Profile General tab displays for the same User ID we were just examining on the Distributed User Profile page.  Notice we did not have to search for the User ID; PeopleSoft carried the User ID along when we navigated.Notice how those "interesting fields" are not available for modification?  Again, this User Profile page is view-only for colleges.
  2. Click the ID tab.
General tab
  1. The ID tab displays.  "Interesting fields" are view-only.
  2. Click the Roles tab.
ID tab
  1. The Roles tab displays.  The count of Roles on this tab is greater by four than on the Distributed User Profiles tab, because we're seeing Roles that only SBCTC can assign.  And, there's no Add a New Row [+] or Delete a Row [+] icon.  View only!
Roles tab
  1. Close your FSCM window.  Leave your Gateway window open.
  2. Section complete.
Module 1 Exercise 3: CS User Profiles

Purpose:  Let's navigate from the Gateway to our CS User Profile and Distributed User Profile pages.

  1. The Gateway page displays.  Click the CS link at the top of the page.
Gateway Portal page
  1. The CS landing page displays.  Click the NavBar icon on the top right of the page.
CS landing page
  1. The NavBar tray displays.  Click the Navigator icon
NavBar tray
  1. The Navigator menu displays.  If necessary, scroll down until you find the PeopleTools menu item.
Navigator menu
  1. Click the PeopleTools menu item.
Navigator menu
  1. The PeopleTools menu displays.  Click the Security menu item.
PeopleTools menu
  1. The Security menu displays.  Click the User Profiles menu item.
Security menu
  1. Notice that we have two menu items of interest:
    • Distributed User Profiles - maintained by college Local Security Administrators
    • User Profiles - maintained by SBCTC, viewable by college Local Security Administrators
  2. Click the Distributed User Profiles menu item.
User Profiles menu
  1. The Distributed User Profile search page displays.
  2. Enter your login User ID, then click the Search button
Distributed User Profile search page
  1. The General tab displays.  We'll review it in much more detail later.  For now, I've highlighted the interesting fields on this tab.
  2. Click the ID tab.
General tab
  1. The ID tab displays.  We'll review it in much more detail later.  For now, I've highlighted the interesting fields on this tab.
  2. Click the User Roles tab.
ID tab
  1. The User Roles tab displays.  We'll review it in much more detail later.  For now, I've highlighted the interesting fields on this tab.  Note the number of User Roles shown on this tab.
  2. Click the NavBar icon on the top right of the page.
User Roles tab
  1. So that was the Distributed User Profiles page, wherein college Local Security Administrators can view/add/update/delete information.  Now let's look at the User Profiles page for the same User ID, wherein college Local Security Administrators can view only.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the User Profiles menu item.
User Profiles menu
  1. The User Profile General tab displays for the same User ID we were just examining on the Distributed User Profile page.  Notice we did not have to search for the User ID; PeopleSoft carried the User ID along when we navigated.Notice how those "interesting fields" are not available for modification?  Again, this User Profile page is view-only for colleges.
  2. Click the ID tab.
General tab
  1. The ID tab displays.  "Interesting fields" are view-only.
  2. Click the Roles tab.
ID tab
  1. The Roles tab displays.  The count of Roles on this tab is greater by five than on the Distributed User Profiles tab, because we're seeing Roles that only SBCTC can assign.  And, there's no Add a New Row [+] or Delete a Row [+] icon.  View only!
Roles tab
  1. Close your CS window. Leave your Gateway window open.
  2. Section complete.
Module 1 Exercise 4: Searching, Adding and Deleting Roles

Purpose:  Let's navigate from the Gateway to our HCM Distributed User Profile pages.  Let's practice some searching techniques.  Let's add, then delete, a Role.

  1. The Gateway page displays.  Click the HCM link at the top of the page.
Gateway Portal page
  1. The HCM landing page displays.  Click the NavBar icon on the top right of the page.
HCM Landing page
  1. The NavBar tray displays.  Click the Navigator icon
NavBar tray
  1. The Navigator menu displays.  If necessary, scroll down until you find the PeopleTools menu item.
Navigator menu
  1. Click the PeopleTools menu item.
Navigator menu
  1. The PeopleTools menu displays.  Click the Security menu item.
PeopleTools menu
  1. The Security menu displays.  Click the User Profiles menu item.
Security menu
  1. Notice that we have two menu items of interest:
    • Distributed User Profiles - maintained by college Local Security Administrators
    • User Profiles - maintained by SBCTC, viewable by college Local Security Administrators
  2. Click the Distributed User Profiles menu item.
User Profiles menu
  1. The Distributed User Profile search page displays.
  2. Enter your login User ID, then click the Search button
Distributed User Profile search page
  1. The General tab displays.  Notice the Description of this User ID.
  2. Let's try a different way of searching.  Click the Return to Search button.
General tab
  1. The Distributed User Profile Search page displays.
  2. Let's search by Description this time.  Click the Search by dropdown.
Distributed User Profile search page
  1. The "Search by" dropdown unfurls.  Click Description.
Search by dropdown
  1. In "begins with", type "harbor", then click the Search button.
Distributed User Profile search page
  1. "No matching values were found."?  What gives?  Oh, yeah, our Description contains "harbor", but doesn't begin with "harbor".
Distributed User Profile search page
  1. In "begins with", type "%harbor".  That's "harbor" with a wildcard percent sign in front of it.  Click the Search button.
Distributed User Profile search page
  1. Our search returned three values, each of which contains the string "harbor" in its Description.  We want the first one, with the User ID of SEC_WA020_1.  Click that first row's Description.
Distributed User Profile search page
  1. The General tab displays.  Let's add, then delete, a Role.  Click the User Roles tab.
General tab
  1. The User Roles tab displays.  To add a new User Role, click any of the Add a New Row [+] icons.
User Roles tab
  1. A new, empty row displays below the Add a New Row [+] icon that you clicked.  Let's have more fun with searching.  Click the new row's spyglass icon.
User Roles tab
  1. The Look Up Role Name popup displays.  We could search by Role Name...
Look Up Role Name popup
  1. ...or we could search by Description...
Look Up Role Name popup
  1. ...or both!  Click the Advanced Lookup link.
Look Up Role Name popup
  1. The advanced Look Up Role Name popup displays.  Let's search for a Role that would be needed by one of your UAT Sprint 1 testers working on the HH.001.1..3 - Creating a New Position test.  Looks like either ZZ HR Position Management or ZC HR Position Management would work, based on your GoogleSheets Security Workbook's UAT Sprint 1 tab for that test.
  2. In Role Name "begins with", type "Z".
  3. In Description "begins with", type "%position".
  4. Click the Search button.
Look Up Role Name popup
  1. The search returned three Roles.  If we want our UAT tester to have the most flexibility, we'll click on the ZC HR Position Management role.
Look Up Role Name popup
  1. The Look Up Role Name popup disappears.  The new row is populated.
  2. Click the Save button.
User Roles tab
  1. The new row is saved.  Now, just to see how it works, let's delete our new Role.
  2. Click the new Role's Delete a Row [-] icon.
User Roles tab
  1. A confirmation message displays.  Click the OK button.
Confirmation message
  1. The confirmation message disappears.  The new Role disappears. Click the Save button.
User Roles tab
  1. Close your HCM window.  Sign Out of the Gateway.
  2. Module complete.
Module 2: Manage Roles

Purpose:  Now that we know how to log in, and how to work in each of the three Pillars, let's see if we can look more deeply into Roles and their associated Permission Lists.

Then, let's practice resetting a user's password reset challenge questions.

Audience:  Local Security Administrators

Prerequisite:  DG5 colleges: SVX login to the Gateway page

DG6 colleges: SVL login to the Gateway page

Module 2 Exercise 1: Roles and Permission Lists

We recall from Module 2 of our PeopleSoft Security Administration Canvas course that User Profiles are comprised of a bunch of Roles, and that Roles are comprised of a bunch of Permission Lists.  As Local Security Administrators, we can assign some, but not all, Roles to our users.

And we recall that only Oracle and SBCTC can manage Roles and Permission Lists.  Are we, as Local Security Administrators, allowed to look inside Roles and Permission Lists?

  1. The SVX ctcLink Gateway page displays.
  2. Let's see if we can inspect Roles and Permission Lists in a Pillar.  Click the FSCM link.
SVX ctcLink Gateway page
  1. The FSCM Homepage displays.
  2. Click the NavBar icon in the upper-right of the page.
FSCM Homepage
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the PeopleTools menu item.  You might have to scroll down to find it.
Navigator menu
  1. The PeopleTools menu displays.
  2. Click the Security menu item.
PeopleTools menu
  1. The Security menu displays.  We should see a menu item labeled "Permissions & Roles", but we don't.  Why?
  2. Click the Back to Root icon.
Security menu
  1. The Navigator root menu displays.
  2. Let's do something that we'll learn much more about in Module 6 of our PeopleSoft Security Administration course.  Let's ask PeopleSoft "why can't I navigate to a particular page?".  Click the Reporting Tools menu item.  You might have to scroll down to find it.
Navigator menu
  1. The Reporting Tools menu displays.
  2. Click the Query menu item.
Reporting Tools menu
  1. The Query menu displays.
  2. Click the Query Viewer menu item.
Query menu
  1. The Query Viewer search page displays.  Query Viewer is kind of like DataExpress/DataX, in that it allows us to run reports.  There are billions of different query reports in ctcLink.
  2. In the begins with textbox, type "qfs_sec_role_navigation_access".  It's not case-sensitive.
  3. Click the Search button.
Query Viewer search page
  1. The Search Results section populates.  As Local Security Administrators, we're gonna run this query darn near every day, so let's bookmark it.  Click Favorite.
Search Results section
  1. The My Favorite Queries section populates.  We'll never again have to type "qfs_sec_role_navigation_access" to locate this very handy query.
  2. We've searched for and found the query; we've bookmarked it; now let's run it.  Recall the question we're trying to answer: "why can't we see the Permission & Roles>Roles menu item in PeopleTools?".  Click HTML.
My Favorite Queries section
  1. The QFS_SEC_ROLE_NAVIGATION_ACCESS query opens in a new window.  In the Navigation like (%EXPENSES%) textbox, type "%PERMISSIONS & ROLES>ROLES".  It's case-sensitive.
  2. In the Role Name like % textbox, type "Z%".  It's case-sensitive.
  3. Click the View Results button.
QFS SEC ROLE NAVIGATION ACCESS window
  1. The Results section of the page populates.  Note that the column labeled Role Name says "ZZ Security Administration".  We must have that Role in order to navigate to Permission & Roles>Roles in PeopleTools.  Recall from Module 1 Exercise 4 that we do not have the ZZ Security Administration Role.
  2. Note that the column labeled Local Security Grant Role is blank.  That means that we, as Local Security Administrators, can't grant that Role to ourselves or anyone else; only SBCTC can do that.
  3. Close the QFS_SEC_ROLE_NAVIGATION_ACCESS window.
QFS SEC ROLE NAVIGATION ACCESS window
  1. Close the FSCM Query Viewer window.
FSCM Query Viewer window
  1. The ctclink Gateway page displays.
svx ctcLink Gateway page
Module 2 Exercise 2: Reset Password Hint Questions - DG6 Only

This exercise is for DG6 colleges only.

DG5 colleges, please follow the OKTA: Activate Account and Reset Password in UAX or SVX QRG.

We recall from Module 2 of our PeopleSoft Security Administration Canvas course that we, as Local Security Administrators, don't manage our users' ctcLink login passwords.  Rather, each and every user assigns themselves a password.  If they forget or want to change their password, they must answer some self-assigned password challenge questions first.

But what if the user forgets both their password and their password challenge answers?  As Local Security Administrators, we can delete the password challenge answers, which then allows the user to go through the First Time User login process.  Therein, the user will select a new password and will establish new password challenge answers.

Let's delete someone's password challenge answers.  

Note:  you might want to poke around your Security Workbook to find a likely EmplID or two to use for this exercise.  Or, you can use the Delete Challenge Questions search page's searching features - your choice!

  1. The ctcLink Gateway page displays.
  2. Click the Delete Challenge Questions link.
SVX ctcLink Gateway page
  1. The Delete Challenge Questions search page displays.
  2. Enter User ID.
  3. Click the Search button.
Delete Challenge Questions search page
  1. The verification page displays.
  2. Click the I have verified the identity of this user button.
verification page
  1. The confirmation page displays.
  2. Click the Yes button.
confirmation page
  1. A status message window displays.
  2. Click the OK button.
Status message window
  1. The status message window disappears.
  2. Click the Return to Search button.
verification page
  1. The Delete Challenge Questions search page displays.
  2. Just to confirm that the deletion took, re-enter the original User ID, then click the Search button.
Delete Challenge Questions search page
  1. The "No matching values were found" message displays, which is a good thing.
  2. To log out of SVL, click the Sign Out link.
SVX ctcLink Gateway page
Module 3: Understand Dynamic Roles

Purpose:  A Dynamic Role is one which is assigned to, or removed from, the user based on the state of the user's data.  An SBCTC batch process runs periodically, scanning data in each of the three Pillars, then assigning or removing Roles as the data dictates.

A good example starts in the CS Pillar's Instructor/Advisor Table.  If a user is in the table as an Instructor, the batch process assigns her the ZZ SS Faculty Role.  If a user is in the table as an Advisor, the batch process assigns her the ZZ SS Advisor Role.  Conversely, the batch process deletes those Roles from the user if her Instructor/Advisor Table data so dictates.

The ZZ SS Faculty Role spawns the Faculty Center tile on the user's ctcLink Gateway page.

The ZZ SS Advisor Role spawns the Advisor Homepage tile on the user's ctcLink Gateway page.

Let's mimic, as closely as we can, the work of the SBCTC batch process.  First, we'll assign ourselves access to the Instructor/Advisor Table, and make ourselves both an Instructor and an Advisor.

Second, we'll mimic the SBCTC batch process by manually assigning the ZZ SS Faculty Role to ourselves, then look for the Faculty Center tile on our ctcLink Gateway page.

Third, we'll mimic the SBCTC batch process by manually assigning the ZZ SS Advisor Role to ourselves, then look for the Advisor Homepage tile on our ctcLink Gateway page.

By the time we're done with all that, we'll be appreciative of the work the SBCTC batch process does on our behalf!

Audience:  Local Security Administrators

Prerequisite:  DG5 colleges: SVX login to the Gateway page

DG6 colleges: SVL login to the Gateway page

Module 3 Exercise 1: Instructor/Advisor Table

First, we'll assign ourselves Role access to the Instructor/Advisor Table, and give ourselves both the Instructor and the Advisor data conditions in the Table.

  1. The ctcLink Gateway page displays.  Note the navigation tiles on the left side of the page.  For me, they're Canvas, Student Homepage, CS Staff Homepage, HCM Self-Service, Financials Self-Service, and Delete Challenge Questions.  Yours may differ.
  2. Let's open up the CS Pillar.  Click the CS link at the top of the page.
SVX ctcLink Gateway page
  1. The CS Pillar homepage displays.  Let's navigate to NavBar > Navigator > Curriculum Management > Instructor/Advisor Information > Instructor Advisor Table
  2. I don't have that navigation path available to me!  Let's see if I'm missing a Role.
Navigator menu
  1. Let's run our "which Role do I need to navigate to a particular page?" query.  Click the Reporting Tools menu item.
Navigator menu
  1. The Reporting Tools menu displays.
  2. Click the Query menu item.
Reporting Tools menu
  1. The Query menu displays.
  2. Click the Query Viewer menu item.
Query menu
  1. The Query Viewer search page displays.
  2. If you've not previously bookmarked the query, do so thusly:
    1. in the begins with textbox, enter "QCS_SEC_ROLE_NAVIGATION_ACCESS".  It's not case-sensitive.
    2. click the Search button.
    3. in the Search Results section, click Favorite.
Query Viewer search page
  1. We've found and bookmarked the query.  Now, let's run it.  Click HTML.
Query Viewer search results section
  1. The QCS_SEC_ROLE_NAVIGATION_ACCESS query displays in a new window.
  2. In the Navigation like (%ADMIT%) textbox, type "%INSTRUCTOR/ADVISOR TABLE%".  It's case-sensitive.
  3. In the Role Name like % texbox, type "Z%".  It's case-sensitive.
  4. Click the View Results button.
QCS SEC ROLE NAVIGATION ACCESS window
  1. The results section of the page displays.  We're looking in the Role Name column for a ZZ or ZC Role, so we can add/update the Instructor/Advisor Table.  We're looking in the Local Security Grant Role column for a ZZ Local Security Admin value, so that we can assign the Role to ourselves.
  2. Row 11 fits the bill, as do several others.  Jot down "ZZ CM Local Configuration".
  3. Close the QCS_SEC_ROLE_NAVIGATION_ACCESS window.
Query search results page
  1. Next, we'll assign ourselves the ZZ CM Local Configuration Role.  Navigate to NavBar> Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  2. The Distributed User Profile search page displays.
  3. Enter your login User ID.
  4. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click the User Roles tab.
General tab
  1. The User Roles tab displays.  I currently have 12 Roles.
  2. Click any of the Add a New Row [+] icons.
User Roles tab
  1. A new, blank row displays.
  2. In the Role Name textbox, type "ZZ CM Local Configuration".  It's case-sensitive.
  3. Click the Save button.
User Roles tab
  1. Now I've got 13 Roles.
  2. I happen to know that the Instructor/Advisor Table is keyed by EmplID, not ctcLink login ID.  Let's look up our EmplID.  Click the ID tab.
User Roles tab
  1. The ID tab displays.  Jot down your Attribute Value.
ID tab
  1. Now can we add ourselves to the Instructor/Advisor Table?  Navigate to NavBar > Navigator > Curriculum Management > Instructor/Advisor Information > Instructor Advisor Table.
  2. The navigation path still doesn't exist!  What gives?  Oh yeah, I recall from the 9.2 PeopleSoft Fundamentals Canvas course that we must clear browser cache after changing our Distributed User Profile.
Navigator menu
  1. Close your CS window.
  2. Sign Out from SVX or SVL.
  3. Clear your browser cache.
  4. Log in to SVX or SVL.
  5. Open your CS window.
  6. Navigate to NavBar > Navigator > Curriculum Management > Instructor/Advisor Information > Instructor Advisor Table.
Navigator menu
  1. At last, the Instructor/Advisor Table search page displays!
  2. Enter your ID.  Recall that this is not your ctcLink login User ID; rather, it's the Attribute Value from your Distributed User Profiles ID tab.
  3. Click the Search button.
Instructor Advisor Table search page
  1. The Instructor/Advisor Table page displays.  Now, be forewarned that I'm going to spring yet another 'gotcha' in a minute; we'll sell it as a 'learning experience', yes?
  2. Click the Instructor Type dropdown.
  3. Click Instructor.
  4. We shall make ourselves both an Instructor and an Advisor.  Click the Advisor checkbox.
Instructor Advisor Table tab
  1. Click the Primary Acad Org spyglass.
Instructor Advisor Table tab
  1. The Look Up Primary Acad Org popup displays.
  2. Click the Academic Organization of your choice.
Look Up Primary Acad Org popup
  1. The Look Up Primary Acad Org popup disappears.  The Primary Acad Org populates.
  2. Now here comes the 'gotcha'.  Click the Save button.
Instructor Advisor Table tab
  1. The "You are not allowed to update your own data" message box screeches.  I guess it makes sense that there are some functions within PeopleSoft that we can't perform on ourselves, like giving ourselves pay raises and 4.0 GPAs and such.  This is one of them.
  2. Click the OK button.  We'll pretend that we assigned ourselves both the Instructor and the Advisor data conditions.
You are not allowed window
  1. The "You are not allowed..." message box disappears.
  2. Click the Return to Search button.
Instructor Advisor Table tab
  1. The "Do you want to save your changes?" message box displays.
  2. Click, sadly, the No button.
Do you want to save your changes message box
  1. The "Do you want to save your changes?" message box disappears.
  2. The Instructor/Advisor Table search page displays.  Remember, we're pretending that we successfully made ourselves both an Instructor and an Advisor!
Instructor Advisor Table search page
  1. Close your CS Pillar window.
Module 3 Exercise 2: Faculty Center Tile

Second, we'll mimic the SBCTC batch process by manually assigning the ZZ SS Faculty Role to ourselves, then look for the Faculty Center tile on our ctcLink Gateway page.  Do recall that we're pretending to have assigned ourselves Instructor status on the Instructor/Advisor Table page

  1. The ctcLink Gateway page displays.  Note the navigation tiles on the left side of the page.  For me, they're Canvas, Student Homepage, CS Staff Homepage, HCM Self-Service, Financials Self-Service, and Delete Challenge Questions.  Yours may differ.
  2. Let's open up the CS Pillar.  Click the CS link at the top of the page.
SVX ctcLink Gateway page
  1. The CS Pillar homepage displays.  Navigate to NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  2. The Distributed User Profiles search page displays.
  3. Enter your SVX or SVL logon User ID.
  4. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click the User Roles tab.
General tab
  1. The User Roles tab displays.  Right now, I have 13 Roles.
  2. Click any of the Add a New Row [+] icons.
User Roles tab
  1. A new, blank row displays.
  2. In the Role Name textbox, enter "ZZ SS Faculty".  It's case-sensitive.
  3. Click the Save button.
User Roles tab
  1. We've altered our Distributed User Profile, so we must log out, clear cache, and log back in again.  Close your CS Pillar window.
  2. Sign Out of the SVX or SVL Gateway.
  3. Clear your browser cache.
  4. Log in to SVX or SVL.
  5. The ctcLink Gateway page displays.  Well, looky here!  The Faculty Center has been added to our collection of navigation tiles!
  6. Click the Faculty Center tile.
SVX ctcLink Gateway page
  1. The Faculty Center page displays in a new window.  Yay!
Faculty Center page
  1. Close your Faculty Center window.
Module 3 Exercise 3: Advisor Homepage Tile

Third, we'll mimic the SBCTC batch process by manually assigning the ZZ SS Advisor Role to ourselves, then look for the Advisor Homepage tile on our ctcLink Gateway page.  Do recall that we're pretending to have assigned ourselves Advisor status on the Instructor/Advisor Table page

  1. The ctcLink Gateway page displays.  Note the navigation tiles on the left side of the page.  For me, they're Canvas, Student Homepage, Student Services Center, Faculty Center, CS Staff Homepage, HCM Self-Service, Financials Self-Service, and Delete Challenge Questions.  Yours may differ.
  2. Let's open up the CS Pillar.  Click the CS link at the top of the page.
SVX ctcLink Gateway page
  1. The CS Pillar homepage displays.  Navigate to NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  2. The Distributed User Profiles search page displays.
  3. Enter your SVX or SVL logon User ID.
  4. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click the User Roles tab.
General tab
  1. The User Roles tab displays.  Right now, I have 14 Roles.
  2. Click any of the Add a New Row [+] icons.
User Roles tab
  1. A new, blank row displays.
  2. In the Role Name textbox, enter "ZZ SS Advisor".  It's case-sensitive.
  3. Click the Save button.
User Roles tab
  1. We've altered our Distributed User Profile, so we must log out, clear cache, and log back in again.  Close your CS Pillar window.
  2. Sign Out of the SVX or SVL Gateway.
  3. Clear your browser cache.
  4. Log in to SVX or SVL.
  5. The ctcLink Gateway page displays.  Well, looky here!  The Advisor Homepage has been added to our collection of navigation tiles!
  6. Click the Advisor Homepage tile.
SVX ctcLink Gateway page
  1. The Advisor Homepage displays in a new window.  Yay!
Advisor homepage
  1. Close your Advisor Homepage window.
  2. Sign Out of SVX or SVL.
Module 4: Manage Additional Campus Solutions Security

Purpose:  The Campus Solutions pillar has its own way of securing data.  That's called SACR (Student Administration Contributor Relations) Security.  The Roles in a User Profile grant navigation access; SACR Security grants data access.

Let's assign basic SACR Security, which is required for all administrative staff with 'Z' security Roles.

Let's assign Academic Program/Plan security, which is required for staff who manage a student's program/plan stack.

Let's assign Service Indicator security, which is required for staff who manage what Legacy calls 'unusual actions' and 'punitive actions'.

Audience:  Local Security Administrators

Prerequisites:    PeopleSoft Security Administration Module 04

DG5 colleges: SVX Login to the Gateway page

DG6 colleges: SVL Login to the Gateway page

Navigation from the Gateway page to the CS Pillar

Module 4 Exercise 1:  Assign Basic SACR Security

Purpose:  Let's assign basic SACR Security to ourselves.  That includes Academic Institution, Institution/Campus, Institution/Career, and Academic Org security.

If you'd like, you can refer to this ctcLink Reference Center QRG:

CS 9.2 SACR Security: Basic Requirements for Staff

  1. The CS homepage displays.
  2. Click the NavBar icon in the upper-right corner of the page.
CS homepage image
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray image
  1. The Navigator menu displays.
  2. Click the Set Up SACR menu item.
Navigator menu image
  1. The Set Up SACR menu displays.
  2. Select the Security menu item.
Set Up SACR menu image
  1. The Security menu displays.
  2. Select the Secure Student Administration menu item.
Security menu image
  1. The Secure Student Administration menu item displays.
  2. Select the User ID menu item.
Secure Student Administration menu image
  1. The User ID menu displays.
  2. Select the Academic Institution Security menu item.
User ID menu image
  1. The Academic Institution Security search page displays.
  2. Enter your ctcLink User ID.
  3. Click the Search button.
Academic Institution Security search page
  1. The Academic Institution Security page displays.
  2. Click the spyglass to display a list of institutions.
Academic Institution Security page
  1. The Look Up Academic Institution window displays.
  2. Click your Academic Institution.
Look Up Academic Institution
  1. The Look Up Academic Institution window disappears.
  2. The Academic Institution field populates with your institution.
  3. Click the Save button.
Academic Institution page

That was Academic Institution security.  Now let's move on the second of our four basic SACR Security tasks: Institution/Campus Security.

  1. Click the NavBar icon in the upper-right part of the page.
Academic Institution Security page
  1. The NavBar tray unfurls.  Click the Navigator icon.
  2. Mercifully, PeopleSoft remembers where we were in the Navigator menu structure, so we don't have to work our way from the root to where we want to be.  Click the Institution/Campus Security menu item.
Navigator menu
  1. The Institution/Campus search page displays.
  2. If your User ID field is not auto-populated, enter your User ID - the same one you entered in the Academic Institution Security search page above.
  3. Click the Search button.
Institution/Campus Security search page
  1. The Institution/Campus Security page displays.  Notice that your Academic Institution displays.
  2. Click the Campus spyglass.
Institution/Campus Security page
  1. The Look Up Campus search page displays.
  2. Click your Campus.
Look Up Campus page
  1. The Look Up Campus search page disappears.
  2. Campus is populated with your campus.
  3. Click the Save button.
Institution/Campus Security page

That was Institution/Campus security.  Now let's move on the third of our four basic SACR Security tasks: Institution/Career Security.

  1. Click the NavBar icon in the upper-right of the page.
Institution/Campus Security page
  1. The NavBar tray unfurls.  Click the Navigator icon.
  2. Mercifully, PeopleSoft remembers where we were in the Navigator menu structure, so we don't have to work our way from the root to where we want to be.  Click the Institution/Career Security menu item.
Navigator menu
  1. The Institution/Career Security page displays, bypassing its Search page entirely.
  2. Click the Academic Career spyglass.
Institution/Career Security page
  1. The Look Up Academic Career search page displays.
  2. It's likely that your institution offers both Continuing Ed and Undergrad careers.  Mine does, so I'll add each of them to my SACR security.  Click CNED.
Look Up Academic Career search page
  1. The Look Up Academic Career search page displays.  The Academic Career field populates.
  2. Now let's add that second Career.  Click the Add a New Row [+] icon.
institution/Career Security page
  1. A new, blank row displays.
  2. Click the new, blank row's spyglass.
Institution/Career Security page
  1. The Look Up Academic Career search page displays.
  2. Click UGRD.
Look Up Academic Career search page
  1. The Look Up Academic Career search page disappears.
  2. The new, blank row's Academic Career populates.
  3. Click the Save button.
Institution/Career Security page

That was Institution/Career security.  Now let's move on the fourth of our four basic SACR Security tasks: Academic Org Security.

  1. Click the NavBar icon in the upper-right of the page.
Institution/Career Security page
  1. The NavBar tray unfurls.  Click the Navigator icon.
  2. Mercifully, PeopleSoft remembers where we were in the Navigator menu structure, so we don't have to work our way from the root to where we want to be.  Click the Academic Org Security menu item.
Navigator menu
  1. The Academic Org Security page displays, bypassing its Search page entirely.
  2. Click the Acad Org spyglass.
Academic Org Security page
  1. The Look Up Acad Org search page displays.  I get access to each and every Academic Organization at my institution, so I'll search for the umbrella Acad Org value so I don't have to enter each and every Acad Org.
  2. Enter the three-digit code for your college in the "begin with" box.
  3. Click the Look Up button.
Look Up Acad Org search page
  1. Values for your institution display.  The umbrella, all-inclusive value takes the form "nnnAAAAAAAA", where nnn is your three-digit institution code, and AAAAAAA in the name of your institution.  Example:  140CLARK
  2. Scroll until you locate your umbrella value.
Look Up Acad Org search page
  1. Click the umbrella value.
Look Up Acad Org search page
  1. The Look Up Acad Org search page disappears.
  2. The Acad Org value populates.  Click the Save button.
Academic Org Security page
  1. All done!  Return to your CS homepage.
Module 4 Exercise 2:  Assign Academic Program/Plan Security

Purpose:  Let's assign Academic Program and Plan Security to ourselves.  

If you'd like, you can refer to these ctcLink Reference Center QRGs:

CS 9.2 SACR Security - Academic Program Security

Academic Plan Security

  1. The CS homepage displays.
  2. Click the NavBar icon in the upper-right corner of the page.
CS Homepage
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the Set Up SACR menu item.
Navigator menu
  1. The Set Up SACR menu displays.
  2. Select the Security menu item.
Set Up SACR menu
  1. The Security menu displays.
  2. Select the Secure Student Administration menu item.
Security menu
  1. The Secure Student Administration menu item displays.
  2. Select the User ID menu item.
Secure Student Administration menu
  1. The User ID menu displays.
  2. Select the Academic Program Security menu item.
User ID menu
  1. The Academic Program Security search page displays.
  2. Enter your User ID.  You can type it in or spyglass it.
  3. Enter your Academic Institution.  You can type it in or spyglass it.
  4. Enter your Academic Career.  You can type it in or spyglass it.
  5. Click the Search button.
Academic Program Security search page
  1. The Academic Program Security page displays.
  2. To award security to specific Academic Programs, click the spyglass.  To award security to all Academic Programs, click the All Access button.
Academic Program Security page
  1. I gave myself All Access.
  2. Click the Save button.
Academic Program Security page

That's it for Academic Program Security.  Now let's add Academic Plan Security.

  1. Click the NavBar icon in the upper-right of the page.
Academic Program Security page
  1. The NavBar tray unfurls.  Click the Navigator icon.
  2. Mercifully, PeopleSoft remembers where we were in the Navigator menu structure, so we don't have to work our way from the root to where we want to be.  Click the Academic Plan Security menu item.
Navigator menu
  1. The Academic Plan page displays.  The Academic Plan Search page is bypassed entirely.
  2. Again, you can use the spyglass to select individual Academic Plan(s), or click the All Access button to award, well, access to all academic plans.
Academic Plan Security page
  1. I chose the All Access button.
  2. Click the Save button.
Academic Plan Security page
  1. All done!  Return to your CS homepage.
Module 4 Exercise 3:  Assign Service Indicator Security

Purpose:  Let's assign Service Indicator Security to ourselves.  

If you'd like, you can refer to this ctcLink Reference Center QRG:

CS 9.2 SACR Security - Service Indicator Security

  1. The CS homepage displays.
  2. Click the NavBar icon in the upper-right corner of the page.
CS Homepage
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the Set Up SACR menu item.
Navigator menu
  1. The Set Up SACR menu displays.
  2. Select the Security menu item.
Set Up SACR menu
  1. The Security menu displays.
  2. Select the Secure Student Administration menu item.
Security menu
  1. The Secure Student Administration menu item displays.
  2. Select the User ID menu item.
Secure Student Administration menu
  1. The User ID menu displays.
  2. Select the Service Indicator Security menu item.  You might have to scroll down to find it.
Navigator menu
  1. The Service Indicator Security search page displays.
  2. Enter your User ID.
  3. Click the Search button.
Service Indicator Security search page
  1. The Service Indicator Security page displays.
  2. Let's grant ourselves two Service Indicators.  Click the Service Indicator Code spyglass.
Service Indicator Security page
  1. The Look Up Service Indicator Code search page displays.
  2. Click a Service Indicator Cd of your choosing.  
Look Up Service Indicator Code search page
  1. The Look Up Service Indicator Code search page disappears.  The Service Indicator Code value populates.
  2. Why will we be assigning this Service Indicator to a student?  Click the Reason spyglass.
Service Indicator Security page
  1. The Look Up Reason search page displays.
  2. Click a Service Ind Reason Code of your choice.
Look Up Reason search page
  1. The Look Up Reason search page disappears.  The Reason value populates.
  2. Can I place this Service Indicator on a student's record?  Click the Placement checkbox.
  3. Once placed, by me or someone else, can I release this Service Indicator from a student's record?  Click the Release checkbox.
  4. Click the Save button.
Service Indicator Security page
  1. Let's grant ourselves security to place/release a second Service Indicator.  Click the Add a New Row [+] icon.
Service Indicator Security page
  1. A new, blank row displays.
  2. Click the Service Indicator spyglass and select a Service Indicator Code.
  3. Click the Reason spyglass and select a Reason code.
  4. Click the Placement and Release checkboxes.  Your page will look something like this...
Service Indicator Security page
  1. Everything look ok?  Click the Save button.
Service Indicator Security page
  1. All done!  Close your CS window.  Log out of SVX or SVL.  Accept my congratulations.
Module 4 Exercise 4: Which Role Grants Access to Which Page?

Purpose:  How do we learn which Roles are needed by a PeopleSoft page?  There's a handy query that lets us enter the page navigation path, then displays the Role(s) that grant navigation access to that page.

The query exists in each of the three Pillars, albeit with a slightly different name prefix.  Let's see how it works in the CS Pillar.

  1. The CS homepage displays.
  2. Click the NavBar icon in the upper-right corner of the page.
CS Homepage
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the Reporting Tools menu item.  You might have to scroll to find it.
Navigator menu
  1. The Report Tools menu displays.
  2. Click the Query menu item.
Reporting Tools menu
  1. The Query menu displays.
  2. Click the Query Viewer menu item.
Query menu
  1. The Query Viewer search page displays.
  2. In the begins with textbox, enter "%sec_role_nav".  It's not case-sensitive.
  3. Click the Search button.
Query Viewer search page
  1. The Search Results section of the page populates.  We're hunting for Query Name = "QCS_SEC_ROLE_NAVIGATION_ACCESS".
  2. We're going to use this query nearly every day for the rest of our lives, so let's bookmark it.  Click Favorite in the far-right cell.
Query View Search Results page
  1. The My Favorite Queries section of the page displays.  Next, let's run the query.
  2. Click HTML.
My Favorite Queries section
  1. The QCS_SEC_ROLE_NAVIGATION_ACCESS query parameters page displays in a new window.
  2. Let's look up three different pages we're going to need for the next few exercises. In the Navigation like (%ADMIT) textbox, enter "%VALID CASHIERS%".  It's case-sensitive.
  3. In the Role Name like % textbox, enter "Z%".  It's case-sensitive.
  4. Click the View Results button.
QCS SEC ROLE NAVIGATION ACCESS query parameters page
  1. We'll study this query's columns in another exercise.  For now, make note of the fourth row, fifth column, whose cell reads "ZC SF SACR Local Configuration".  We'll need to assign that Role to ourselves in a bit.
QCS SEC ROLE NAVIGATION ACCESS search results
  1. Now let's look up our next page.  In the Navigation like (%ADMIT%) textbox, enter "%OPEN OFFICES%".  It's case sensitive.
  2. Click the View Results button.
  3. We'll study this query's columns in another exercise.  For now, make note of the second row, fifth column, whose cell reads "ZZ SF Head Cashier".  We'll need to assign that Role to ourselves in a bit.
QCS SEC ROLE NAVIGATION ACCESS search results
  1. One more page to look up.  In the Navigation like (%ADMIT%) textbox, enter "%VIEW CUSTOMER ACCOUNTS%".  It's case sensitive.
  2. Click the View Results button.
  3. We'll study this query's columns in another exercise.  For now, make note of the third row, fifth column, whose cell reads "ZD SF Customer Accounts".  We'll need to assign that Role to ourselves in a bit.
QCS SEC ROLE NAVIGATION ACCESS results page
  1. How many "Z" Roles do you think there are in ctcLink?  Let's find out.  In the Navigation like (%ADMIT%) textbox, type "%".
  2. Click the View Results button.  I got 9,748 Roles!
QCS SEC ROLE NAVIGATION ACCESS results page
  1. That's a lot of Roles!  Let's dump them down to Excel, just so we know how.  Click Excel Spreadsheet.
QCS SEC ROLE NAVIGATION ACCESS search results
  1. The browser's Open/Save dialog box displays.  You know what to do from here to open/save the search results to Excel, yes?
Browser Open Save dialogue box

Now here are those three pages and Roles we've just harvested:

 

  • Navigation path:  Set Up SACR>Product Related>Student Financials>Cashiering>Valid Cashiers
  • Role:  ZC SF SACR Local Configuration

 

  • Navigation path:  Student Financials>Cashiering>Cash Management>Open Offices
  • Role:  ZZ SF Head Cashier

 

  • Navigation path:  Student Financials>View Customer Accounts
  • Role:  ZD SF Customer Accounts
  1. All done!  Return to your CS homepage.
Module 4 Exercise 5: Assign Student Financials SACR Security

Purpose:  Let's assign Student Financials SACR Security to ourselves.  That includes Business Unit, Institution Set, Origin, and SetID

If you'd like, you can refer to this ctcLink Reference Center QRG:

CS 9.2 - SACR Security: Student Financials

  1. The CS Pillar homepage displays.
  2. Click the NavBar icon in the upper-right corner.
CS Pillar homepage
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the Set Up SACR menu item.
Navigator menu
  1. The Set Up SACR menu displays.
  2. Click the Security menu item.
Set Up SACR menu
  1. The Security menu displays.
  2. Click the Secure Student Financials menu item.
Security menu
  1. The Secure Student Financials menu displays.
  2. Click the User ID menu item.
Secure Student Financials menu
  1. The User ID menu displays.
  2. Click the Business Unit menu item.
User ID menu
  1. The Business Unit search page displays.
  2. Enter your ctcLink User ID.  It's not case-sensitive.
  3. Click the Search button.
Business Unit search page
  1. The Business Unit page displays.
  2. Click the Business Unit spyglass.
Business Unit page
  1. The Look Up Business Unit window displays.
  2. Click your Business Unit.
Look Up Business Unit window
  1. The Look Up Business Unit window disappears.  The Business Unit value populates.
  2. Click the Cashier's Office spyglass.
Business Unit page
  1. The Look Up Cashier's Office window displays.
  2. Click an appropriate Cashier's Office.
Look Up Cashier's Office
  1. The Look Up Cashier's Office window disappears.  The Cashier's Office populates.
  2. Click the Save button.
Business Unit page
  1. A warning message box displays.  We'll learn about it later.  For now, click the OK button.
Warning message box
  1. We're done with Business Unit.  Now on to our second SF SACR item:  Institution Set.  Click the NavBar icon.
Business Unit page
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the Institution Set menu item.
Navigator menu
  1. The Institution Set page displays, bypassing its search page.
  2. Click the Institution Set spyglass.
Institution Set page
  1. The Look Up Institution Set window displays.
  2. Click your Institution Set.
Look Up Institution Set window
  1. The Look Up Institution Set window disappears.  The Institution Set populates.
  2. Click the Save button.
Institution Set page
  1. There's that Security Change message box again.  Click the OK button.
Security Change message box
  1. Two down, two to go.  Let's try Origin next.  Click the NavBar icon.
Institution Set page
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the Origin IDs menu item.
Navigator menu
  1. The Origin search page displays.
  2. Enter your Business Unit and User ID.
  3. Click the Search button.
Origin search page
  1. "No matching values were found"?  Oh yeah, we're adding our SACR Origin IDs, meaning they don't exist yet, so cannot be found via search.  Click the Add a New Value tab.
Origin search page
  1. The Add a New Value page displays.  It drags along our Business Unit and User ID.
  2. Click the Add button.
Origin page
  1. The Origin page displays,
  2. Click the Origin ID spyglass.
Origin page
  1. The Look Up Origin ID window displays.
  2. Click an appropriate Origin ID.
Look Up Origin ID window
  1. The Look Up Origin ID window disappears.  The Origin ID populates.
  2. Click the Save button.
Origin page
  1. As we've come to expect, the Security Change message box displays.  Click the OK button.
Security Change message box
  1. Now for our final SF SACR item:  SetID.  Click the NavBar icon.
Origin page
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the SetID menu item.
Navigator menu
  1. The SetID page displays, bypassing its search page.
  2. Click the SetID spyglass.
SetID page
  1. The Look Up SetID window displays.
  2. Click your SetID.  You might have to scroll to find it.
Look Up SetID window
  1. The Look Up SetID window disappears.  The SetID populates.
  2. Click the Save button.
SetID page
  1. The pesky Security Change message box displays.  Click the OK button.
Security Change message box
  1. All done!  Return to your CS homepage.
Module 4 Exercise 6: Assign Financial Aid SACR Security

Purpose:  Let's assign Financial Aid SACR Security to ourselves.  That includes User Defaults 1, User Defaults 2, User Defaults 4, and Communication Speed Keys.

If you'd like, you can refer to this ctcLink Reference Center QRG:

9.2 Financial Aid - User Defaults

  1. The CS Pillar homepage displays.
  2. Click the NavBar icon in the upper-right corner.
CS Pillar homepage
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the Set Up SACR menu item.
Navigator menu
  1. The Set Up SACR menu displays.
  2. Click the User Defaults menu item.
Set Up SACR menu
  1. The User Defaults 1 tab of the User Defaults page displays.  Notice that there is no search page, and that the User Defaults page automatically fetches your ctcLink logon User ID?  This group of SACR settings is for each CS staff member, including Student Financials and Financial Aid staff, to set for herself.
  2. Click the Academic Institution spyglass.
User Defaults 1 tab
  1. The Look Up Academic Institution window displays.
  2. Click your Academic Institution.
Look Up Academic Institution window
  1. The Look Up Academic Institution window disappears.  The Academic Institution, Career Group SetID and Facility Group SetID populate.
  2. Click the Save button.
User Defaults 1 tab
  1. That's it for the User Defaults 1 tab.  Click the User Defaults 2 tab.
User Defaults 1 tab
  1. The User Defaults 2 tab displays.
  2. Click the SetID spyglass.
User Defaults 2 tab
  1. The Look Up SetID window displays.
  2. Click your SetID.
Look Up SetID window
  1. The Look Up SetID window disappears.  The SetID populates.
  2. Click the Aid Year spyglass.
User Defaults 2 tab
  1. The Look Up Aid Year window displays.
  2. Click the appropriate Aid Year.
Look Up Aid Year window
  1. The Look Up Aid Year window disappears.  The Aid Year populates.
  2. Click the Business Unit spyglass.
User Defaults 2 tab
  1. The Look Up Business Unit window displays.
  2. Click your Business Unit.
Look Up Business Unit window
  1. The Look Up Business Unit window disappears.  The Business Unit populates.
  2. Click the Institution Set spyglass.
User Defaults 2 tab
  1. The Look Up Institution Set window displays.
  2. Click your Institution Set.
Look Up Institution Set window
  1. The Look Up Institution Set window disappears.  The Institution Set populates.
  2. Click the Save button.
User Defaults 2 tab
  1. We've got no business in the User Defaults 3 tab, so click the User Defaults 4 tab.
User Defaults 2 tab
  1. The User Defaults 4 tab displays.
  2. Click the Carry ID checkbox until it has a checkmark in it.  Don't leave it empty.
  3. Click the Save button.
User Defaults 4 tab
  1. We have no business in the Enrollment Override Defaults tab, so click the Communication Speed Keys tab.
User Defaults 4 tab
  1. The Communication Speed Keys tab displays.
  2. Select the Academic Institution spyglass.
Communication Speed Keys tab
  1. The Look Up Academic Institution window displays.
  2. Click your Academic Institution.
Look Up Academic Institution window
  1. The Look Up Academic Institution window disappears.  The Academic Institution populates.
  2. Click the Administrative Function spyglass.
Communication Speed Keys tab
  1. The Look Up Administrative Function window displays.
  2. Click FINA (DG5) or GEN (DG6).
Look Up Administrative Function window
  1. The Look Up Administrative Function window disappears.  The Administrative Function populates.
  2. Click the Communication Key spyglass.
Communication Speed Keys tab
  1. The Look Up Communication Speed Key window displays.
  2. Select an appropriate Communication Speed Key. If no Communication Speed Keys display, click the Cancel button.  We'll delve into this at the end of this exercise (for EXTRA CREDIT!).
Look Up Communication Speed Key window
  1. The Look Up Communication Speed Key window disappears.  If you clicked a Communication Speed Key, the Communication Key populates.
  2. Click the Save button.
Communication Speed Keys tab

Why mightn't the Communication Key spyglass return any values?  Probably because your User ID hasn't had 3C Group Security applied yet.

Hungry for some extra credit?

  1. Follow the steps listed in the SACR-3Cs Group Security section of 9.2 SACR-3Cs Group Security (Financial Aid).  No need to do the After Set Up Log In section of the QRG.
  2. Come back to your User Defaults page, Communication Speed Keys tab.
  3. Look up and select a Communication Key.
  4. Save your Communication Speed Keys tab.
  5. Take tomorrow off.
  1. All done!  Return to your CS homepage.
Module 4 Exercise 7: View Customer Accounts

Purpose:  We've assigned ourselves CS Core basic SACR, Student Financials SACR, and Financial Aid SACR.  We recall that Roles grant us navigation to pages, and that SACR grants us access to the data on those pages.

Let's grant ourselves a Role, and see if our SACR assignments worked.  The View Customer Accounts page might be useful to your Financial Aid advisors.  It requires the ZD SF Customer Accounts Role.  Let's give it a spin.

If you'd like, you can refer to this ctcLink Reference Center QRG:

9.2 View Customer Accounts

  1. The CS Pillar homepage displays.
  2. Click the NavBar icon in the upper-right of the page.
CS homepage
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.  The navigation path we're looking for is

Student Financials > View Customer Accounts

  1. Click the Student Financials menu item.
Navigator menu
  1. The Student Financials menu displays.  We should see View Customer Accounts as a menu item.  We don't.  Let's check our Roles to see if we have ZD SF Customer Accounts.
  2. Click the Back to Root icon.
Student Financials icon
  1. The Navigator root menu displays.
  2. Click the PeopleTools menu item.  You might have to scroll to find it.
Navigator root menu
  1. The PeopleTools menu displays.
  2. Click the Security menu item.
PeopleTools menu
  1. The Security menu displays.
  2. Click the User Profiles menu item.
Security menu
  1. The User Profiles menu displays.
  2. Click the Distributed User Profiles menu item.
User Profiles menu
  1. The Distributed User Profiles search page displays.
  2. Enter your ctcLink User ID.
  3. Click the Search button.
Distributed User Profiles search page
  1. The General tab displays.
  2. Click the User Roles tab.
General tab
  1. The User Roles tab displays.  I don't see the ZD SF Customer Accounts Role; I'm betting that you don't either.  Let's assign it to ourselves.
  2. Click any of the Add a New Row [+] icons.
User Roles tab
  1. A new, blank row displays.
  2. Click the new, blank row's Role Name spyglass.
User Roles tab
  1. The Look Up Role Name window displays.
  2. In the begin with textbox, enter "ZD SF Cust".
  3. Click the Search button.
Look Up Role Name window
  1. The Search Results display.
  2. Click ZD SF Customer Accounts.
Look Up Role Name window
  1. The Look Up Role Name window disappears.  The Role Name populates.
  2. Click the Save button.
User Roles page
  1. Depending on how you've spoofed your EmplID in the ID tab, you might get a Warning message box.  If you do, click the OK button.
Warning message box
  1. Now let's search for NavBar > Navigator > Student Financials > View Customer Accounts again.
  2. Still not there.  Ah yes, we recall from our 9.2 PeopleSoft Fundamentals Canvas course that changes to a User Profile, like adding a new Role, require that we clear browser cache.
Navigator menu
  1. Close your CS window.
  2. Log off gracefully from the Gateway page.
  3. Clear your browser's cache.
  4. Log on to SVX or SVL.
  5. Open a CS Pillar window.
  6. The CS Pillar homepage displays.  Hey, mine has a Student Financials tile on it now!
  7. Click the NavBar icon.
CS homepage
  1. The NavBar tray unfurls.
  2. Click the Navigator icon.
NavBar tray
  1. The Navigator menu displays.
  2. Click the Student Financials menu item.
Navigator menu
  1. The Student Financials menu displays.
  2. It's here!  It's here!  Click the View Customer Accounts menu item!
Student Financials menu
  1. The View Customer Accounts search page displays.
  2. Enter/search/spyglass your Business Unit.
  3. Enter/search/spyglass one of your college's student IDs.
  4. Click the Search button.

If you're struggling to find one of your valid student IDs, please feel free to move on.  Searching for students who qualify for some particular page or query is an artful science that we'll cover in more detail later.

Customer Accounts search page
  1. The Customer Accounts page displays!  Feel free to poke around, if you wish.  Or not.  We've achieved the goal of this exercise.
Customer Accounts page
  1. All done!  Return to your CS homepage.
Module 4 Exercise 8: Add a New Cashier and Assign to a Valid Tender

Purpose:  We've assigned ourselves CS Core basic SACR, Student Financials SACR, and Financial Aid SACR.  We recall that Roles grant us navigation to pages, and that SACR grants us access to the data on those pages.

We've granted ourselves the ZD SF Customer Accounts Role so we could use the View Customer Accounts page.  So far so good.

For this exercise, we'll once again grant ourselves a Role - or two - so we can view and update and correct history on another Student Financials page - or two.

And, just like that fateful moment in Driver's Ed class, you're going to drive!  I'll be in the passenger's seat, in the form of a QRG; otherwise, it's on you to assign your new Roles, clear cache, then follow the QRG.

  1. In the CS Pillar, use the Distributed User Profiles page to assign yourself the ZC SF SACR Local Configuration Role
  2. In the CS Pillar, use the Distributed User Profiles page to assign yourself the ZZ SF Head Cashier Role.
  3. Close your CS Pillar window.
  4. Log out of SVX or SVL.
  5. Clear browser cache.
  6. Log in to SVX or SVL.
  7. Open your CS Pillar window.
  8. Follow the steps in 9.2 Add a New Cashier and Assign to a Valid Tender to set yourself up as a cashier at your college.  Please read the note below before you begin the QRG!

Note:  In the QRG's Adding Tender Keys section, between steps 2 and 3, please check the Correct History checkbox!  It should look like this:

Tender Keys search page
  1. All done.  Close your CS Pillar window.  Log out of SVX or SVL gracefully.
Module 5: Manage Additional Financials/Supply Chain Management Security

Purpose:  The Financials/Supply Chain Management pillar has its own way of securing data.  That's called User Preference Definition (UPD) security.  The Roles in a User Profile grant navigation access; User Preference Definition security grants data access.

Let's assign basic Overall Preference security, which is required for all administrative staff with 'Z' security Roles.

Let's assign Product Preference security, which is required for staff who process a particular type of transaction, e.g., Billing, Contracts, Paycycles et al.

Let's assign Process Group security, which is required for staff who process payments.

Audience:  Local Security Administrators

Prerequisites:    PeopleSoft Security Administration Module 05

DG5 colleges: SVX Login to the Gateway page

DG6 colleges: SVL Login to the Gatway page

Navigation from the Gateway page to the FSCM Pillar.

Module 5 Exercise 1: Overall Preference Security

Each employee will be granted the ZZ PeopleSoft User Role automatically, then must have their Overall  Preferences defined in FSCM for Expenses to work.  All employees are assigned access to the Expenses tile for Travel Authorizations, Cash  Advance Requests and Expense Reporting.  The entered values become the user's default values in the Business Unit and SetID search fields.

Let's assign our own Overall Preference security.  Feel free to refer to Define User Preferences in FSCM.

  1. First, let's verify that we have the ZZ PeopleSoft User role.  Navigate to NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  2. The Distributed User Profile search page displays.
  3. Enter your ctcLink User ID.
  4. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click the User Roles tab.
General tab
  1. The User Roles tab displays.
  2. Looks like I've got the ZZ PeopleSoft User role.  Do you?
User Roles tab
  1. Now let's assign our Overall Preferences.  Navigate to NavBar > Navigator > Set Up Financials/Supply Chain > Common Definitions > User Preferences > Define User Preferences.
  2. The User Preferences search page displays.
  3. Enter your ctcLink User ID.
  4. Click the Search button.
User Preferences search page
  1. The User Preferences page displays.
  2. Click Overall Preference.
User Preferences page
  1. The Overall Preferences tab displays.
  2. Click the Business Unit spyglass.
Overall Preferences page
  1. The Look Up Business Unit popup displays.
  2. Click your college's Business Unit.
Look Up Business Unit popup
  1. The Look Up Business Unit popup disappears.  The Business Unit populates.
  2. The SetID populates as well, but with the wrong value.  Click the SetID spyglass.
Overall Preferences page
  1. The Look Up SetID popup displays.
  2. Click WACTC.  No other value will do.
Look Up SetID popup
  1. The Look Up SetID popup disappears.  The SetID populates.
  2. Click the Alternate Character Enabled checkbox.  Checking this box activates alternate description buttons or links, which appear to the right of fields on many of the application pages.  Click the button or link to enter or display alternate characters on the auxiliary page that appears. Not required for every employee, but recommended for administrative staff working in the finance pillar.
  3. Click the Display Debit/Credit Amounts in Subsystems checkbox.  Checking this box displays debit and credit amounts of the default business unit on journal entry and inquiry pages. A subsystem is any PeopleSoft application, such as Payables or Receivables, that contributes entries to PeopleSoft General Ledger. Not required for every employee, but recommended for administrative staff working in the finance pillar.
  4. Click the Save button.
Overall Preferences page
  1. And that's that for your Overall Preferences.  Click the PeopleSoft Home icon.
Overall Preferences page
Module 5 Exercise 2: Product Preference Security

There are a whole bunch of Product Preference security options.  Let's focus on the Paycycle area.  

Finance administrative system users who have been assigned the ZZ Payment Creation role will also require Overall Preferences defined and the Paycycle Product Preference defined.

The User Preference definition for Paycycle sets a default output destination for the Pay Cycle Manager and the Express Payment Manager components (PYCYCL_MGR and EXP_PYCYCL_MGR).  These default values are not required to perform any pay cycle process.

Let's assign our own Paycycle Product Preference security.  Feel free to refer to Define User Preferences in FSCM.

  1. First, let's verify that we have the ZZ Payment Creation role.  Navigate to NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  2. The Distributed User Profile search page displays.
  3. Enter your ctcLink User ID.
  4. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.  If you've not done so, update your Symbolic ID thusly:
    1. Click the Symbolic ID dropdown.
    2. Click SYSADM1.
    3. Click the Save button.
  2. Click the User Roles tab.
General tab
  1. The User Roles tab displays.  I don't have the ZZ Payment Creation role.  I'll assign it to myself; if you don't have it either, please assign it to yourself thusly:
    1. Click any of the Add a New Row [+] icons.
    2. In the new, blank row's Role Name field, type "ZZ Payment Creation".  It's case-sensitive.
    3. Click the Save button.
User Roles tab
  1. Now that we've got the Role, let's set our Product Preference - Paycycle security.  Navigate to NavBar > Navigator > Set Up Financials/Supply Chain > Common Definitions > User Preferences > Define User Preferences.
  2. The User Preferences search page displays.
  3. Enter your ctcLink User ID.
  4. Click the Search button.
User Preferences search page
  1. The User Preferences page displays.
  2. Click Paycycle.
User Preferences page
  1. The Paycycle tab displays.
  2. Enter Server File Destination, in the format of

/FSOUT/I-506_PositivePay/WAnnn/BofA/Data/

  1. You'll substitute your college code in place of nnn, yes?
  2. Click the Server spyglass.
PayCycle tab
  1. The Look Up Server popup displays.
  2. Click PSUNX.  No other value will do.
Look Up Server popup
  1. The Look Up Server popup disappears.  The Server populates.
  2. Enter the Email ID of the person who'll receive payment error notifications.
  3. Click the Save button.
PayCycle tab
  1. And that's that for your Product Preference - Paycycle security.  Click the PeopleSoft Home icon.
Module 5 Exercise 3: Process Group Security

This User Preference definition is relevant for staff who process payments in either Accounts Payable or Expense processing, specifically Processing an Ex Pay Cycle.  With the ZZ Payment Processing Role, setting up the Process Group definition is required to set controls for the on-demand features.

Let's assign our own Process Group security.  Feel free to refer to Define User Preferences in FSCM.

  1. First, let's verify that we have the ZZ Payment Processing role.  Navigate to NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  2. The Distributed User Profile search page displays.
  3. Enter your ctcLink User ID.
  4. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click the User Roles tab.
General tab
  1. The User Roles tab displays.  I don't have the ZZ Payment Processing role, so I'll add it.  You do the same, if need be.
User Roles tab
  1. Now for the ZZ Payment Processing Process Group security.  Navigate to NavBar > Navigator > Set Up Financials/Supply Chain > Common Definitions > User Preferences > Define User Preferences.
  2. The User Preferences search page displays.
  3. Enter your ctcLink User ID.
  4. Click the Search button.
User Preferences search page
  1. The User Preferences page displays.
  2. Click Process Group.
User Preferences page
  1. The Process Group page displays.
  2. If it's not already checked, check the Allow Processing checkbox.
  3. Click the Source Transaction spyglass.
Process Group tab
  1. The Look Up Source Transaction popup displays.
  2. Click PYMNCNCL.  You might have to scroll to find it.
Look Up Source Transaction popup
  1. The Look Up Source Transaction popup disappears.  The Source Transaction populates.
  2. We need to assign five Process Group rows to this Source Transaction.  Click the Process Group Add a New Row [+] icon four times.
Process Group tab
  1. Now we have five blank Process Group rows.  Let's fill 'em up.
  2. Click the first row's spyglass.
Process Group tab
  1. The Look Up Process Group popup displays.
  2. Click PAYPOSTGL.
Look Up Process Group popup
  1. The Look Up Process Group popup disappears.  The Process Group populates.
Process Group tab
  1. Repeat steps 22, 23, 24 and 25 for each of the remaining four empty Process Group rows.  In step 24, assign the next of these four values from the Look Up Process Group popup:
    1. PAYVCHRJG
    2. PAYVCHRPST
    3. PYCNCLPOST
    4. PYMNTPOST
  2. It ought to look something like this:
Process Group tab
  1. Click the Save button.
Process Group tab
  1. And that's that for your Payment Processing Process Group security.  Click the PeopleSoft Home icon.
Module 5 Exercise 4: Product Preference Free Swim

There are at least 25 Product Preference areas, including Asset Management, Billing, Contracts, Procurement....  scads and scads of them.  Let's take a quick tour through them, just to gain a bit of familiarity with their existence.

  1. Navigate to NavBar > Navigator > Set Up Financials/Supply Chain > Common Definitions > User Preferences > Define User Preferences.
  2. The User Preferences search page displays.
  3. Enter your ctcLink User ID.
  4. Click the Search button.
User Preferences search page
  1. The User Preferences page displays.
  2. What we're looking at here is the block of 25 Product Preference links.  I'm recommending that you click each one, in turn, just to see what's inside.
  3. Let's click the first one - Asset Management.
User Preferences page
  1. The Asset Management - User Preferences page displays.
  2. Feel free to poke around.  When you're done, click the User Preferences tab.
Asset Management tab
  1. The User Preferences page displays.
  2. Continue clicking your way through each of the 25 Product Preference links.
  3. When you get to Procurement, you'll notice that the landscape changes.  Now there are ten links at the bottom of the Procurement page, each of which opens up another page!  Click and examine each of them.  Feel free to refer to Define User Preferences in FSCM for some guidance.
Procurement tab
  1. After you've clicked and examined everything, close your FSCM browser window.  Sign off of your Gateway/Portal window.
Module 6: Manage Query Reporting Security

Purpose:  As Local Security Administrators, we have some tools to help us troubleshoot our college's security landscape.  Several of these tools are queries.  What do the queries do?  How do we find them?

Let's first ensure that we have the Roles we need to run the troubleshooting queries.

Next, we'll run two queries that will diagnose the vast majority of query security issues.

Then, we'll run six additional queries that can help us manage query security.

Audience:  Local Security Administrators

Prerequisites:    PeopleSoft Security Administration Canvas course, Module 6

DG5 colleges: SVX Login to the Gateway page

DG6 colleges: SVL Login to the Gateway page

Navigation from the Gateway page to the CS Pillar.

Module 6 Exercise 1: Do I Have the Troubleshooting Roles?

The Roles required to see the troubleshooting queries discussed in this section are ZD_DS_QUERY_VIEWER and ZD_DS_QRY_SECURITY_TABLES.  The troubleshooting queries are available in each of the three Pillars.

  1. The CS homepage displays.
  2. Navigate to the Distributed User Profile search page via NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  3. Enter your ctcLink login User ID.
  4. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click the User Roles tab.
General tab
  1. The User Roles tab displays.
  2. I already have the ZD_DS_QUERY_VIEWER Role, but not the ZD_DS_QRY_SECURITY_TABLES Role, so I'll add it thusly:
    1. Click the Add a New Row [+] icon
    2. In the new, blank row, enter Role Name = "ZD_DS_QRY_SECURITY_TABLES".
    3. Click the Save button.
User Roles tab
  1. We've just updated a Distributed User Profile.  We know what comes next:
    1. Close your CS window.
    2. Sign Out from SVX or SVL.
    3. Clear browser cache.
    4. Log In to SVX or SVL.
    5. Open your CS window.
Module 6 Exercise 2: Do the Troubleshooting Two-Step

There are two steps that Local Security Administrators can take that will diagnose the vast majority of security issues related to viewing and running queries.  They are:

1.  Determine if the Record is in the Query Tree

2.  Determine if the user has the Roles to which the query is related

In step 1, we will find if the problem is related to a record not being in an access group within the query tree.  If a record is not in an access group, it cannot be tied to a ZD_DS_QRY role, so users will be unable to use any query containing that record.  These issues are rare and should be referred to SBCTC Data Services.

In step 2, we find the roles the user must have in order to view/run the query or report.  This will be one of the most useful troubleshooting queries for Local Security Administrators.

Let's say that someone in Advising wants to run the QCS_AA_ENROLLED_NO_ADVISOR query, but can't even see it in the Query Viewer search page...

Step 1: Is the Record in the Query Tree?
  1. The CS window displays.  Navigate to Query Viewer via NavBar > Navigator > Reporting Tools > Query > Query Viewer.
  2. The Query Viewer search page displays.  I've previously bookmarked a query in the My Favorite Queries section; perhaps you have as well, or not.
  3. In Query Name begins with, enter "QCS_DS_QUERY_RECORD_RPT".  It's not case-sensitive.
  4. Click the Search button.
Query Viewer search page
  1. The Query Search Results section populates.
  2. We're going to run this query all the time, so I'll bookmark it.  Click the Favorites link.
Query Search Results section
  1. The query is added to the My Favorite Queries section.
  2. Now let's run it.  Click HTML.
My Favorite Queries section
  1. The QCS_DS_QUERY_RECORD_RPT page opens in a new window.
  2. In the Query prompt, enter "QCS_AA_ENROLLED_NO_ADVISOR".  It's not case-sensitive.
  3. Click the View Results button.
QCS DS QUERY RECORD RPT window
  1. The Results section populates.
  2. We see this query hits four records:
    1. SCC_PERDATA_QVW
    2. STDNT_ADVR_HIST
    3. STDNT_CAR_TERM
    4. STDNT_ENRL
  3. This is good news!  It means each of the records is in a query tree, and thus accessible to our user if she has the proper Role.  But which Role?  Close your QCS_DS_QUERY_RECORD_RPT window.
QCS DS QUERY RECORD RPT window
Step 2: User Can’t See a Query - Does the User have the Right Query Role?
  1. The Query Viewer search page displays.
  2. In Query Name begins with, enter "QCS_DS_QUERY_RECORD_USER_RPT".  It's not case-sensitive.
  3. Click the Search button.
Query Viewer search page
  1. The Search Results section populates.
  2. To bookmark this very useful query, click the Favorites link.
  3. To run this very useful query, click the HTML link.
Search Results section
  1. The QCS_DS_QUERY_RECORD_USER_RPT query opens in a new window.
  2. In the Query prompt, enter "QCS_AA_ENROLLED_NO_ADVISOR".
  3. In the User ID prompt, enter your ctcLink login User ID.
  4. Click the View Results button.
QCS DS QUERY RECORD USER RPT window
  1. The Results section populates.
  2. The column labeled Roleuser Record Access must contain our User ID, at least once, for each of our four Records, or the user won't see the query in the Query Viewer search page.
    • This user has access to the SCC_PERDATA_QVW record via the ZD_DS_QRY_SECURITY_TABLES Role.  
    • This user has access to the STDNT_CAR_TERM record via the ZD_DS_QRY_SECURITY TABLES Role.
    • This user does not have access to the STDNT_ADVR_HIST record, which requires the ZD_DS_QRY_STUDENT_RECORDS Role.  
    • This user does not have access to the STDNT_ENRL record, which requires either the  ZD_DS_QRY_FACULTY_WORKLOAD, ZD_DS_QRY_STUDENT_FINANCE or ZD_DS_QRY_STUDENT_RECORDS Role.
  3. Your real-world task would be to decide which of the missing Roles must be assigned to the user, then assign them via the Distributed User Profiles component, then have the user log off, clear cache, log in and run the query!
QCS DS QUERY RECORD USER RPT WINDOW
  1. Close your QCS_DS_QUERY_RECORD_USER_RPT window.
Module 6 Exercise 3: Six Helpful Queries

If neither Step 1 nor 2 provides the solution to the issue there are other helpful query and security-related queries located in the SECURITY query folder.  Each query is available in all three Pillars.   For even more queries related to query security along with detailed  descriptions, please see the Queries Available tab of the Query Tree Models with Role Definitions (Links to an external site.) spreadsheet.

QCS_DS_QUERY_ROLE_USER_RPT

This query answers the question "What are all the Roles currently assigned to a particular user?"

  1. The Query Viewer search page displays.
  2. In Query Name begins with, enter "QCS_DS_QUERY_ROLE_USER_RPT".  It's not case-sensitive.
  3. Click the Search button.
Query Viewer search page
  1. The Search Results section populates.  We'll bookmark then run the query.
  2. Click the Favorite link.
  3. Click the HTML link.
Search Results section
  1. The QCS_DS_QUERY_ROLE_USER_RPT page displays in a new window.
  2. Role Name like % defaults to "ZD_DS_Q%", but we can change it if we wish.
  3. Enter EMPLID = your ctcLink EmplID from the Distributed User Profiles ID tab.
  4. Click the Institution spyglass, then select an institution.
  5. Click the View Results button.
QCS DS QUERY ROLE USER RPT window
  1. The Results section populates.
  2. Close your QCS_DS_QUERY_ROLE_USER_RPT window.
Results section
QCS_DS_QUERY_TREE_RECORD_RPT

This query answers the question "What is the relationship between Query Tree,  Access Group, Record, and Role, which field is highly sensitive?"

  1. The Query Viewer search page displays.
  2. In Query Name begins with, enter "QCS_DS_QUERY_TREE_RECORD_RPT".  It's not case-sensitive.
  3. Click the Search button.
Query Viewer search page
  1. The Search Results section populates.  We'll bookmark then run the query.
  2. Click the Favorite link.
  3. Click the HTML link.
Search Results section
  1. The QCS_DS_QUERY_TREE_RECORD_RPT page displays in a new window.
  2. Role Name like % is optional.  Enter something if you like.
  3. Record is optional.  Enter something if you like.
  4. I've left the prompts blank, just to be ornery.
  5. Click the View Results button.
QCS DS QUERY TREE RECORD RPT window
  1. The Results section populates.
  2. Close your QCS_DS_QUERY_TREE_RECORD_RPT window.
Results section
QCS_SEC_USER_ROLES_BY_UNIT

This query answers the question "What are all the Roles currently assigned to a particular user by a particular institution?"

  1. The Query Viewer search page displays.
  2. In Query Name begins with, enter "QCS_SEC_USER_ROLES_BY_UNIT".  It's not case-sensitive.
  3. Click the Search button.
Query Viewer search page
  1. The Search Results section populates.  We'll bookmark then run the query.
  2. Click the Favorite link.
  3. Click the HTML link.
Search Results section
  1. The QCS_SEC_USER_ROLES_BY_UNIT page displays in a new window.
  2. Click the Institution spyglass, then select an institution.
  3. Role Name is optional.  I left it blank.
  4. ID is optional.  I gave it mine from the Distributed User Profiles ID tab.
  5. Supervisor ID is optional.  I left it blank - can't nobody supervise me!!
  6. Click the View Results button.
QCS_SEC_USER_ROLES_BY_UNIT window
  1. The Results section populates.
  2. Close your QCS_SEC_USER_ROLES_BY_UNIT window.
Results section
QCS_SEC_ROLE_NAVIGATION_ACCESS

This query answers the question "Which Roles grant access to a particular navigation path?"

  1. The Query Viewer search page displays.
  2. In Query Name begins with, enter "QCS_SEC_ROLE_NAVIGATION_ACCESS".  It's not case-sensitive.
  3. Click the Search button.
Query Viewer search page
  1. The Search Results section populates.  We'll bookmark then run the query.
  2. Click the Favorite link.
  3. Click the HTML link.
Search Results section
  1. The QCS_SEC_ROLE_NAVIGATION_ACCESS page displays in a new window.
  2. In Navigation like (%ADMIT%), enter the navigation path surrounded by wildcard percent signs.
  3. In Role Name like %, enter "Z%" to fetch Z-prefixed Roles.
  4. Click the View Results button.
QCS_SEC_ROLE_NAVIGATION_ACCESS window
  1. The Results section populates.
  2. Close your QCS_SEC_ROLE_NAVIGATION_ACCESS window.
Results section
QCS_DS_QUERY_ACCESS_BY_USER

This query answers the question "Which queries can this user see and run?"

  1. The Query Viewer search page displays.
  2. In Query Name begins with, enter "QCS_DS_QUERY_ACCESS_BY_USER".  It's not case-sensitive.
  3. Click the Search button.
Query Viewer search page
  1. The Search Results section populates.  We'll bookmark then run the query.
  2. Click the Favorite link.
  3. Click the HTML link.
Search Results section
  1. The QCS_DS_QUERY_ACCESS_BY_USER page displays in a new window.
  2. Click the Institution spyglass, then select an institution.
  3. Enter the user's EMPLID.
  4. To look at SBCTC Campus Solution queries, leave Query like % alone.
  5. Click the View Results button.
QCS_DS_QUERY_ACCESS_BY_USER window
  1. The Results section populates.
  2. Close your QCS_DS_QUERY_ACCESS_BY_USER window.
Results section
QCS_DS_QUERY_ACCESS_BY_ROLE

This query answers the question "What are the queries that can be run by this Role?"

  1. The Query Viewer search page displays.
  2. In Query Name begins with, enter "QCS_DS_QUERY_ACCESS_BY_ROLE".  It's not case-sensitive.
  3. Click the Search button.
Query Viewer search page
  1. The Search Results section populates.  We'll bookmark then run the query.
  2. Click the Favorite link.
  3. Click the HTML link.
Search Results section
  1. The QCS_DS_QUERY_ACCESS_BY_ROLE page displays in a new window.
  2. In Role begins with ZD_DS_QRY, enter "ZD_DS_QRY_STUDENT_RECORDS", or a Role of your choosing, so long as the Role name begins with the string "ZD_DS_QRY".
  3. Click the View Results button.
QCS_DS_QUERY_ACCESS_BY_ROLE window
  1. The Results section populates.
  2. Close your QCS_DS_QUERY_ACCESS_BY_ROLE window.
  3. Close your CS window.
  4. Sign out of SVX or SVL.
Results section
Other Topics:  Human Capital Management Navigation Collections

Purpose:  The Human Capital Management (HCM) Pillar doesn't really have an equivalent to CS's SACR Security, or to FSCM's User Preference Definition security.  But it does have a couple of interesting characteristics we can explore: Email Address propagation and Navigation Collections (aka Nav Collections).

First, let's see how HCM controls the propagation of Email Address in the Distributed User Profile General tab.

Next, we'll give ourselves the ZZ SS Workforce Administrator Role, again observing the impact on our navigation choices.

Finally, we'll grab the ZZ SS Payroll Role, plus its affiliated ZZ Payroll Data Maintenance, ZD Payroll Inquiry, and ZZ DRS Processing Roles to see how they impact navigation.

Audience:  Local Security Administrators

Prerequisites:    DG5 colleges: SVX Login to the Gateway page.

DG6 colleges: SVL Login to the Gateway page

Pillar Security Matrix Mapping - HCM

HCM Nav Collections Exercise 1: Email Address Propagation

The HCM Distributed User Profiles General tab allows us to assign one or more email addresses to the user, and to designate one as the primary email address.

Both FSCM and CS also have Distributed User Profiles with a General tab and an email address assignment option.  But the HCM email address dominates, and indeed overwrites, the FSCM and CS email addresses.  Let's see how.

Let's assign our own HCM email address.  Feel free to refer 9.2 User Profiles-Assigning Primary Email Address.

  1. The ctcLink Gateway page displays.
  2. Let's see what our current email address is in each of the three pillars.  Click the HCM link.
SVX ctcLink Gateway page
  1. The HCM homepage displays in a new window.  The Gateway window no longer has the focus, but still exists.
HCM homepage
  1. Navigate to the Distributed User Profile search page via NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  2. The Distributed User Profile search page displays.
  3. Enter your ctcLink login User ID.
  4. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click Edit Email Addresses.
General tab
  1. The Email Addresses popup displays.  Mine has no email addresses.
  2. Click the Cancel button.
Email Addresses popup
  1. The Email Addresses popup disappears.  The General tab displays.  We know we're looking at HCM because of these two characters in the browser's URL.
General tab
  1. So our HCM email address is blank.  Let's check out FSCM next.  Leaving your HCM window open, return to your Gateway window.
  2. The Gateway window displays.  The HCM window still exists.
  3. Click the FSCM link.
Gateway window
  1. The FSCM homepage displays in a new window.  The Gateway and HCM windows still exist.
  2. Navigate to the Distributed User Profile search page via NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  3. The Distributed User Profile search page displays.
  4. Enter your ctcLink login User ID.
  5. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click Edit Email Addresses.
General tab
  1. The Email Addresses popup displays.  Mine has no email addresses.
  2. Click the Cancel button.
Email Addresses popup
  1. The Email Addresses popup disappears.  The General tab displays.  We know we're looking at FSCM because of these two characters in the browser's URL.
General tab
  1. So both our HCM and FSCM email addresses are blank.  Let's check out CS next.  Leaving your HCM and FSCM windows open, return to your Gateway window.
  2. The Gateway window displays.  The HCM and FSCM windows still exist.
  3. Click the CS link.
Gateway window
  1. The CS homepage displays in a new window.  The Gateway, HCM and FSCM windows still exist.
  2. Navigate to the Distributed User Profile search page via NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  3. The Distributed User Profile search page displays.
  4. Enter your ctcLink login User ID.
  5. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click Edit Email Addresses.
General tab
  1. The Email Addresses popup displays.  Mine has no email addresses.
  2. Click the Cancel button.
Email Addresses popup
  1. The Email Addresses popup disappears.  The General tab displays.  We know we're looking at CS because of these two characters in the browser's URL.
General tab
  1. Now let's update our email address in HCM, then see if it propagates to FSCM and CS.  Toggle to your open HCM window, recalling to check the URL's two characters for "hc".
  2. Click Edit Email Addresses.
General tab
  1. The Email Addresses popup displays.
  2. Click the Primary Email Account checkbox.
  3. Select an Email Type from the dropdown.
  4. Type an Email Address.
  5. Click the OK button.
Email Addresses popup
  1. The Email Addresses popup disappears.
  2. The General tab displays.
  3. CLICK THE SAVE BUTTON, or all is lost!
General tab
  1. Now toggle over to your open FSCM window.  Check those two URL characters for "fs".
  2. The General tab displays.
  3. Click Edit Email Addresses.
General tab
  1. The Email Addresses popup displays, but what gives?  The email address is still blank!  Perhaps we need to refresh the page in some way...
  2. Click the Cancel button.
Email Address popup
  1. The Email Addresses popup disappears.
  2. The General tab displays.
  3. Click the Return to Search button.
General tab
  1. The Distributed User Profile search page displays.
  2. Enter your ctcLink User ID.
  3. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click Edit Email Addresses.
General tab
  1. Hah!  The Email Addresses popup displays, with my updated email address!
  2. Do the same thing over in your CS window, then close your HCM, FSCM and CS windows.  Leave your Gateway window logged in and open.
Email Addresses popup
HCM Nav Collections Exercise 2: Workforce Administrator

A Navigation Collection allows us to bundle up a sequence of individual tasks, the entirety of which performs a coherent piece of work.  In the case of the Workforce Administrator Nav Collection, we get access to a pair of Fluid tiles:  HR Administration (Job Data) and New Hire Tasks.

Let's take a look at our HCM homepage options, then assign ourselves the ZZ SS Workforce Adminstrator Role, then take a look at our transformed HCM homepage options.

  1. The ctcLink Gateway page displays.
  2. Click the HCM link.
SVX ctcLink Gateway page
  1. The HCM homepage displays.  Mine is titled Employee Self Service.
  2. To see if other homepages are available, click the Employee Self Service dropdown.
HCM homepage
  1. Nope, Employee Self Service is our only homepage option.  Let's change that.  Navigate to the Distributed User Profile search page via NavBar > Navigator > PeopleTools > Security > User Profiles > Distributed User Profiles.
  2. The Distributed User Profile search page displays.
  3. Enter your ctcLink User ID.
  4. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click the User Roles tab.
General tab
  1. The User Roles tab displays.
  2. Click the Add a New Row [+] icon.
  3. Enter Role Name = "ZZ SS Workforce Administrator".  It's case-sensitive.
  4. Click the Save button.
User Roles tab
  1. Because we've altered our Distributed User Profile, we must close our HCM window, sign out of the SVX or SVL ctcLink Gateway portal, clear browser cache, then sign back in to SVX or SVL.  Please do so.
  2. The ctcLink Gateway page displays.
  3. Click the HCM link.
SVC ctcLink Gateway page
  1. The HCM homepage displays.  It's still says Employee Self Service.  Might there be another?
  2. Click the Employee Self Service dropdown.
HCM homepage
  1. There is another homepage option!  Click Workforce Administrator.
HCM homepage
  1. The Workforce Administrator homepage displays.  Let's look inside its two tiles.
  2. Click the HR Administration tile.
Workforce Administrator homepage

The HR Administration Navigation Collection displays.  The left panel is a navigation menu, which in this case features only one option - Job Data.  The middle panel is the transaction page - in this case, the Job Data search page.  And, we still have the NavBar awaiting us in the upper-right corner of the page, if we want to navigate that way.

  1. Now let's look inside that second tile.  Click the Workforce Administrator link.
HR Administration Navigation Collection page
  1. The Workforce Administrator homepage displays.
  2. Click the New Hire Tasks tile.
Workforce Administrator homepage

The New Hire Tasks Navigation Collection displays.  It's a good deal more robust than the HR Administration Nav Collection, yes?  Feel free to click around the left menu panel, just to see the effect on the middle panel.

New Hire Tasks Navigation Collection

As you click on the left panel menu choices, the middle panel displays a transaction page.  Please know that these transaction pages are just regular old transaction pages, readily available via NavBar > Navigator navigation.  The point of the Nav Collection is to bundle them up in a rational sequence that eases the journey through a multi-page data transformation.

  1. Close your HCM window.  Leave your ctcLink Gateway page open.
HCM Nav Collections Exercise 3: Payroll

A Navigation Collection allows us to bundle up a sequence of individual tasks, the entirety of which performs a coherent piece of work.  In the case of the Payroll Roles, we add a bunch of Fluid tiles to the Workforce Administrator Nav Collection.

Let's assign ourselves the ZZ SS Payroll, ZZ Payroll Data Maintenance, ZD Payroll Inquiry, and ZZ DRS Processing Roles.  Then, we'll run a query that shows us the pages that are exposed by our new Roles.  Finally, we'll take a look at our transformed HCM homepage options.

  1. The ctcLink Gateway page displays.
  2. Click the HCM link.
SVX ctcLink Gateway page
  1. The HCM homepage displays.  Mine defaults to the Employee Self Service homepage.
Employee Self Service homepage
  1. Let's add our new Payroll Roles.  Navigate to the Distributed User Profile search page via NavBar > Navigator > PeopleSoft > Security > User Profiles > Distributed User Profiles.
  2. Enter your ctcLink login User ID.
  3. Click the Search button.
Distributed User Profile search page
  1. The General tab displays.
  2. Click the User Roles tab.
General tab
  1. The User Roles tab displays.
  2. Click the Add a New Row [+] icon four times to create four empty rows.
  3. Enter Role Name = "ZZ SS Payroll".  It's case-sensitive.
  4. Enter Role Name = "ZZ Payroll Data Maintenance".  It's case-sensitive.
  5. Enter Role Name = "ZD Payroll Inquiry".  It's case-sensitive.
  6. Enter Role Name = "ZZ DRS Processing".  It's case-sensitive.
  7. Click the Save button.
User Roles tab
  1. We've altered our Distributed User Profile, so we must close our HCM window, sign out of SVX or SVL, clear browser cache, log in to SVX or SVL, and open our HCM window.  Please do so.
  2. The HCM homepage displays.
  3. Click the Employee Self Service dropdown.
Employee Self Service page
  1. Click Workforce Administrator.
Employee Self Service dropdown
  1. Zowie!  Before we added our new Payroll Roles, the Workforce Administrator homepage had only two Fluid tiles.  Look at it now!
  2. Feel free to click the tiles, then to poke around the left-side menus of the Nav Collections.
Workforce Administrator homepage

Again, these tiles, or Navigation Collections, are simply a way to bundle up pages in a logical, convenient sequence.  The pages still are available to us via NavBar > Navigator navigation.

  1. Now let's run a query to see exactly which pages are exposed by our new Payroll Roles.  Navigate to Query Viewer via NavBar > Navigator > Reporting Tools > Query > Query Viewer.
  2. The Query Viewer search page displays.
  3. If you've already bookmarked the query QHC_SEC_ROLE_NAVIGATION_ACCESS in your My Favorite Queries section, like I have, simply click HTML.  If you haven't, then search for the query and click HTML to run it.
Query Viewer search page
  1. The QHC_SEC_ROLE_NAVIGATION_ACCESS query displays in a new window.
  2. In Navigation Like (%PAYROLL%), enter "%", i.e., a single percent sign.
  3. In Role Name like %, enter "ZZ SS Payroll".  It's case-sensitive.
  4. Click the View Results button.
QHC SEC ROLE NAVIGATION ACCESS page
  1. The Results section of the page displays.  Look like there are 48 navigation paths that are exposed by the ZZ SS Payroll Role.
  2. Do the same thing for the remaining three Roles (ZZ Payroll Data Maintenance, ZD Payroll Inquiry and ZZ DRS Processing).  If you like, you can poke around the NavBar > Navigator to look at the pages, then compare them to the Fluid tile navigation version.  They're the same page, just a different navigation path.
Results section
  1. Close the QHC_SEC_ROLE_NAVIGATION_ACCESS window.
  2. Close the HCM window.
  3. Sign out of SVX or SVL.

1 Comments

Donald Denney

When I attempt to run any query that wants the Institution, I enter WA040 but it says invalid. When I click the lookup to search by academic institution, it says no matching values were found.

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.