PeopleSoft Person Model Security

PeopleSoft HRMS provides enhancements to the setup, use, and flexibility of row level security

What is the Person Model?
          The Person Model is a term used to describe the information captured about a person and how the person is related to an organization.
          This model includes the core tables that are used by all products that are directly related to a person and their organizational relationships in the Enterprise HCM system.

Some Enhancements Delivered by the Person Model
          Ability to track a person without having to create a JOB record
          Ability to use the same ID for a person across multiple relationships to the organization (Person ID)
          Improves handling of Global Assignments
          Separates the creation of a person in the system from the creation of that person’s relationships with the organization
          Provides greater tracking capability for your workforce

Person Model Foundation
          Organizational Relationship Categories
o   Employees
o   Contingent Workers
o   People of Interest (POI)

Performance and Usability Enhancements:
          The ability to secure access to job openings and department data, in addition to person data.
          The ability to use more than one-way of securing your data.
          Easier setup and administration.
          Better performance and flexibility for refreshing security tables.
          Real-time updates to security tables.
          Easier setup of global and additional appointment security.

Understanding PeopleSoft Security
          PeopleSoft security continues to be based on permission lists and roles

To administer security:
          Create permission lists.
          Create roles and attach permission lists to roles.
          Create user IDs and attach permission lists and roles to user IDs.

Confirming Basic Security

Types of Data Security
o   User security data is the data defined as a user’s security access. It enables the system to ensure that users have access only to that which you have granted them access.
§  Roles
§  Permissions
§  Row Level Permission
o   Transaction data is the data that is being secured. Certain fields on a transaction data row are used to secure access to that row.
§  Search Records
§  Access to “Record Key”
§  Security Sets & Access Types

Security Sets and Security Access Types
          Security sets represent a grouping of data that is being secured (WHAT). 
o   For example, people of interest without jobs is a separate security set from people with jobs.
          Security access types are different ways of securing the data within a security set (HOW). Each security set has a number of security access types that you can choose to enable. Among other things, security access types determine:
o   The security transaction data.
o   If there is data security for future-dated rows.
o   If the access type uses a department security tree.

PeopleSoft delivers the following five security sets

Security Set Table

          The system is delivered with the following security types enabled:
People with Jobs(PPLJOB)         Dept Security Tree
People without Jobs(PPLPOI)     POI Type
Departments(DEPT)                  Dept Security Tree

Security Type

Delivered Security Types

Security Join Tables
          The system stores security data in security join tables (SJTs). There are SJTs on both the transaction and user side.

Transaction Security Join Tables

User Security Join Tables

Typical process for setup of HCM data permission security

Security by Department Tree

Security by Permission List

How the transaction security join tables are kept up to date:

How the permission list user security join tables are kept up to date:

When to update the user profile security join table:

Unknown POI Type
People added without an Org Relationship will have an Unknown (00000) POI type
  • This Unknown POI type will show up in Search Match
  • However, only those users with row security access granted to view the Unknown POI type will be able to open their record
  • Security access must be granted so that a relationship can be added to the Unknown POI type
  • Once the relationship is successfully saved the system deletes the Unknown relationship

Implementation & Upgrade Considerations
        ·         Security Approach
o   Rebuild (Upgrades)
§  New Workflow
§  Products Utilized
§  Significant number of new roles
§  Conversion of security data
o   Plan fully before starting
        ·         Security Sets & Access Types
o   PeopleSoft has delivered all the security sets you are likely to need. If you add new sets, it is considered a customization!
o   PeopleSoft has delivered the most common security access types you are likely to need. You can add new types but it requires a very good knowledge of the application and of SQL.
        ·         Integration Broker