PeopleSoft Security Reinvented

Published by Macy Sears on October 10, 2020

PeopleSoft Security Simplified

Sentinel Software is a bolt-on application that was engineered and developed by leading PeopleSoft security industry experts. Sentinel’s mission is to address and provide solutions for well-known challenges experienced by organizations running PeopleSoft.

Founded in 2016; Sentinel is a member of the Oracle Partner Network and has achieved Oracle Validated Integration. The company has also received Oracle Cloud Marketplace certifications for Security Administration, Access Requests, Audit Reporting, and Data Masking modules.

The solution supports all PeopleTools versions 8.49 and upwards, and PeopleSoft versions up to 9.2.

PeopleSoft Security Audit Logs

Modern PeopleSoft Security Interface

PeopleSoft architecture consists of Application and Information permissions that in conjunction manage access to application menus, pages, and data permission within the application. Access to the application menus is commonly referred to as Page Security and access to information is called Row Level Security. Users Profiles with excessive security access increase an organization’s vulnerability.

PeopleSoft User Profile and Central PeopleSoft Security Administration

PeopleSoft Administration Challenges

A PeopleSoft Administrator is responsible for managing the Roles and Permission Lists. It is common to see roles shared among several groups of users, cloned, updated with additional access levels, and then re-assigned onto another profile as a way to save time. 

Changes to account permissions and the provisioning/deprovisioning of accounts are not only time-consuming, but it’s also very difficult to properly maintain. 

The PeopleSoft Query manager tools are not efficient for audit reporting or building SQL queries. Portal Security often requires ongoing maintenance that is time consuming for a security administrator.

The existing PeopleSoft PeopleTools application security does not provide the capability for a Security administrator to quickly drill-down to gain perspective into the makeup of a PeopleSoft user’s authorization privileges.

As a result, users accumulate excessive or unauthorized access over time that increases an organization’s risk and the chance of audit compliance violations. Identifying privileged access rights within the PeopleSoft Financial, Campus Solutions and HRMS application is time-consuming in itself, but then to also remove or edit the access results in additional steps for the administrator. This also holds true for Sensitive Information (PII/PCI), resulting in a lapse of users with unauthorized user access.  

The Sentinel platform also includes ready-built modules for managing PeopleSoft Access Requests, Data Masking, Audit Reviews, and an Upgrade Manager that compares multiple environments to identify differences between applications, and permissions. 

Sentinel is simplifying PeopleSoft upgrades with instant and real-time PeopleSoft compare analysis.

PeopleSoft Objects Managed

 

User Profile  PeopleSoft access for portal security, and definition security is attached to User Id with Roles. A user cannot access any PeopleSoft system without a user profile.
Permission List Are the building blocks of PeopleSoft security administration. Pages, data sets, and application processes must first be attached, then assigned to a role, for a user to gain access. A Primary Permission list is used to manage security data and access rights for Dept Tree, Process Group, Component Interface, PeopleTools Objects, Business Unit, Batch Process and Server Definition. A user must have access to a Process Group as well as the page to run the process.
Role A PeopleSoft user must be granted security access to application pages in each system by attaching Roles to the Serve as the intermediate link to enable user access to business processes. Traditionally, a user is assigned multiple roles that provide access to designated Menus/Pages relating to their job qualifications. Application permissions cannot be directly attached to a role. A Business Unit consists of several departments attached to the Dept Tree.
Data Privacy FERPA and HIPAA regulations govern the PeopleSoft access and sharing of personal and financial information i.e. PII / PCI information. FERPA regulations are specific to the handling of student information.
Application Security  The PIA (Pure Internet Architecture) refers to the Menus and Pages that are part of the Navigation Collection. The Page is the layer that is used for Viewing, Adding and Updating data. Pages can be attached to navigation menus at different levels. The highest level is called a Module and there are different modules in each PeopleSoft application i.e. PeopleSoft Human Resource HRMS, PeopleSoft Financial (FSCM), PeopleSoft Campus Solutions, PeopleSoft ELM and PeopleSoft Portal.
Menus / Pages In PeopleSoft a web page consists of a Menu, Component and Panel. A component can have one Page (tab) or multiples pages (tabs)
Row Level Security  The data that is stored in each PeopleSoft application is different for Human Resource / HRMS (Employee Data), FSCM (Financial Information) and Campus Solutions (Student Information). The data permission or access has different setup parameters in application. In HRMS the Row Security controls access to the security set (employee population) and in Finance the Primary Permission List can be used to manage access to e.g. Vendors, Accounts, Departments and Business Units. A Security Set in HR defines the person’s relation with the organization.
Process Scheduler  Enables a user to start, stop and schedule a batch process on a server.
Application designer A user must have access to the App Designer client to be able to create or update object definitions.
Component Interface Component Interfaces are used to integrate with a PeopleSoft system. It requires configuration and permissions for external applications.
PeopleTools Objects PeopleSoft Object Definitions refer to the different objects used throughout the PeopleSoft application.
Integration Broker Is used for messaging between internal PeopleSoft application modules and for external applications. Integration Broker can be used to access data and execute processes.
Process Scheduler  Enables a user to start, stop and schedule a batch process on a server.
Department Tree The Department Tree is used to create an organizational structure that can be used for reporting and managing access to departments. Trees have branches that roll up to each other, so that a user with access to a branch will be able to see all departments attached to the branch.
Query Security A User ID must be given access to Query Manager and underlying tables (records) for the user to be able to create queries and view underlying data. PeopleSoft query access is separate from page security and excessive access increases the security data vulnerability. Query Manager allows a user to create SQL Queries and Query Viewer allows them to use existing queries. A user must have row level permissions to view data.
Component Interface Component Interfaces are used to integrate with a PeopleSoft system. It requires configuration and permissions for external applications.
Application Designer A user must have access to the App Designer client to be able to create or update object definitions.

 

Related Articles