You implement row-level security by having Query search for data using a query security record definition. The query security record definition adds a security check to the search.
To get Query to retrieve data by joining a security record definition to the base table, you specify the appropriate Query Security Record when you create the base table’s record definition.
To apply row level security:
Select PeopleTools, Application Designer to open the Application Designer, and open the record on which you want to apply row-level security.
With the record definition open in the Application Designer, click the Properties button, and select the Use tab from the Record Properties dialog box.
Note. You use this dialog box to set a number of different aspects of the record definition. The only item related to Query security is Query Security Record list box.
- Select the security record definition (usually a view) in the Query Security Record list box.
- Each PeopleSoft product line comes with a set of views for implementing its standard row-level security options.
- The Parent Record list box is also relevant to Query. It identifies a record definition that is the current definition’s parent, meaning that it holds related data and that its keys are a subset of the current record definition’s keys. If you designate a parent record, Query automatically knows what fields to use when you join these two tables for a query.
- In most cases, the Query Security Record definition you’ll want to select is the same one you use as the search record definition for the panel that manages this table. If you’re enforcing one of the standard row-level security options from a PeopleSoft application, select the PeopleSoft-supplied security view for that option. See the application documentation for a list of the available views. If you’ve designed your own security scheme, select a record definition that appropriately restricts the rows a query will return.
- Once you’ve set the query security record definition, click OK to close the Record Properties dialog box, then save the record definition.
- If you’ve already used SQL Create to build a table from this record definition, you don’t need to rebuild it.
Note. PeopleSoft row-level security views restrict users from seeing certain rows of data. To secure data through the search record, simply put one of the three Row Level Security fields on your record as a Key, not a List Box Item.
The three Row Level Security fields are OPRID (User ID), OPRCLASS (Primary Permission List), and ROWSECCLASS (Row Security Permission List). If one of these fields is on the search record as a Key, not a List Box Item, PeopleTools does the following.
PeopleTools adds a WHERE clause when it performing a SELECT through the record forcing the value to be equal to the current user's value.
