PeopleSoft Security 101
Security lies at the forefront for all business systems, especially PeopleSoft applications. Whenever you have several departments utilizing one system, you want to be sure that access does not fall into the wrong hands. Security administrators and managers try to maintain a tight hold, controlling user access, and overseeing your system’s data, but the job is not easy and simplifying PeopleSoft security typically doesn’t go hand-in-hand.
Traditionally, organizations rely on external consultants to dive deep into PeopleSoft security, preparing for audit reviews, and ensure compliance regulations are met. While the services were beneficial for its present day, the overall practicality and longevity imposed limitations on its sustainability. The PeopleSoft system is built with layers of information that can be difficult for any security administrator to oversee thoroughly. Sentinel was designed and built by some of the most experienced PeopleSoft Security administrators and developers, with the purpose of simplifying PeopleSoft security administration and auditing challenges that organizations face on a daily basis.
Sentinel Software is a certified Oracle Partner and has achieved Oracle Validated Integration with PeopleSoft. The solution supports all PeopleTools versions 8.49 and upwards, and PeopleSoft versions up to 9.2. Sentinel is available both on-premise and in the cloud. Also, if your organization is looking to migrate from on-premise to Oracle Cloud, Sentinel provides Oracle Cloud Hosting and can assist with the migration process.
When beginning the journey to understanding PeopleSoft security, it’s important to identify the three main Peoplesoft security definitions:
- Permission Lists – A group of authorizations or perimeters set to control user access. They serve as the base foundation for user security authorization. Permission lists are linked to roles, therefore the user is granted access through its assigned roles.
- Roles – Roles are dependent upon business processes and serve as the intermediate link to enable user access. Roles are essentially a collection of permission lists. Assigning roles can be completed in two ways:
- Manual – Individually selecting and assigning the chosen roles.
- Dynamic – Programmatically assigning roles with PeopleSoft Query, PeopleCode, or LDAP rules.
- User Profiles – Any employee that is set up to access the PeopleSoft system is identified as a user and is given an individual user profile. User Profiles must be linked to one or more roles to be active.
While a security administrator’s role does not include managing its physical hardware, it instead shifts focus on maintaining its internal system, creating user profiles, and managing its accounts across all of your PeopleSoft environments. As an administrator, you’re responsible for identifying and preventing unauthorized access so maintaining adequate housekeeping protocols is essential for keeping your database secure. As you can imagine, managing all of this information across multiple environments is not an easy task.
Sentinel Software gives you the power of a single user account list, referred to as a User Hub. This allows you to simplify security and manage all users across your PeopleSoft environments on one consolidated list; simplifying PeopleSoft user management.
Within the centralized list, you can create, clone, or assign different role groups. You can even activate or deactivate a user within an indicated environment, all through one location. This eliminates the back and forth toggling between each environment and duplicating unnecessary user management steps, saving your administrator valuable time.
Depending on the size of your organization, one combined list of user profiles can be lengthy. Sentinel Software allows you to filter your search through departments, job codes, USER ID, EMPLID, location, business unit, and environments. You can even refine your search in many ways, such as showing only active users or users with App Designer access. From this list, you can drill down to view any selected user profile and their current PeopleSoft menu access in each environment.
Direct Menu Assignment
Menus serve as the navigation pathway into business processes. A menu will contain components and pages necessary to complete business relevant tasks. Within the PeopleSoft application, you can control user access to different menus, either in full view or to a specific item. In addition, you can restrict a user’s ability to perform actions or make edits within a page itself.
Sentinel users save time by simplifying PeopleSoft security administration with Direct Menu Assignment. This feature allows security changes to User Profiles, Roles, and Permission lists to be completed directly from the Navigation Menu viewpoint. This is the method of “See What They See”, which works to limit the uncertainty behind assigning access.
Assigning roles and granting access for users is a common function completed by PeopleSoft security administrators. When assigning roles within the PeopleSoft application, there is no way to view the detailed access without running extensive queries. For example, if an end-user is requesting access for an item such as tree manager, your security administrator will need to know or run a query to determine which role encompasses the requested access. However, with Sentinel, you have the option to drill down within the user profile to see who has access but which role provides it.
Detailed Change Logs and Transaction Monitoring
Security administrators are constantly making changes and granting data access for several users. The PeopleSoft application does not keep a detailed audit log history of these changes but rather shows only the most recent edit.
Within Sentinel Software you can view full information on past updates, including any roles added or removed and also the menus that were updated. This functionality is available across user profiles, roles, and permission lists. Sentinel has also introduced PeopleSoft transaction monitoring. This provides a single, immutable record of transactions, database changes, and user activity. Organizations can customize transaction categories and tables to meet their individual compliance or security needs. Transactions also link directly to user accounts and provide a record of updates made by and to a user.
Simplifying PeopleSoft Environment Migration
Updates and changes made to permission lists can be migrated across environments with the PeopleSoft Application Designer. However, when migrating to another environment, App Designer does not display the missing components that are required within the target environment.
Sentinel improves this method by enabling instant compare features. This simplifies the PeopleSoft migration process and allowing users to view a list of missing components before completing its sync. This enables Admins to compare the access between the Source and Target environment to ensure working permissions before the migration.
Page and Query Analysis
PeopleSoft Query serves as a reporting tool that allows you to pull selected data from PeopleSoft database tables and view the information behind the pages. They may run on a one-time basis or you can schedule queries to run on a reoccurring, indicated schedule. Query access is grouped into two parts:
- Query Manager – Ability to search, modify, run, and edit specific queries.
- Query Viewer – Access consists of only viewing and printing queries.
Sentinel comprises query access and information into a reporting tool called Query Analysis. The functionality allows you to drill down within queries; viewing each user’s access level, and their corresponding user profiles indicating business units and departments. The Query Analysis also provides you with the ability to search by tables, fields, or users.
Within PeopleSoft, a common struggle is to identify and compare access between specified users. Sentinel provides a report to easily compare users and cross-reference their access levels within each environment in real-time. This can quickly help you identify missing privileges or understand why permissions may vary within a group.
Another question admins are typically faced with is related to which users have access to a certain page. This information can be found within PeopleSoft by manually running queries and exporting its data into excel, which inevitably takes a lot of time. With Sentinel, this information is directly available and comprises search tool functionalities, giving you the ability to quickly search and view any page’s access instantly.
You can find more similar and easy to use reporting tools throughout Sentinel Software. The reports are offered in real-time and provide you with the current information. Its overall design and intended purpose are to help you save time on those tedious, time-consuming PeopleSoft security tasks.
There tends to be a constant divide on who bears the responsibility if and when access falls into the wrong hands. Business users look at the PeopleSoft application through pages and menus, while the administrators grant access through roles, permission lists, and components. The views are completely different, so who ultimately becomes responsible if there is ever an issue? While organizations have adopted several different methods to this practice, the constant back and forth communication for granting access has not proved to be favorable.
Sentinel Software has revolutionized the access management process and eliminates the gray area between its end-users and administrators. The solution provides requesters and approvers with the ability to see the PeopleSoft menus that a user currently has access to and also what role provides its access. Simplifying PeopleSoft Access Requests becomes easier than ever with the Sentinel solution because you can identify exactly what is needed. You can even clone or copy over access from another user to quickly replicate like permissions.
Once an access request has been submitted to an approver, Sentinel will generate a workflow chart for the user to track its next steps. An email will also generate to the approver indicating the submitted information, in which they can directly view the menu and page updates the request will grant access to. This eliminates an approver blindly approving access or not understanding what a particular role correlates to. In the instance that an approver needs to forward the request to another approver they can easily do so within the software.
After an approver notates the approval of the access, your security administrator receives a notification to grant the access within the system. The admin is provided with the same level of information, notating the menu and role correlations, and their respective changes with the new access.
Sentinel records all of these updates, creating an audit trail of the approvals or remediations, which is very beneficial for periodic reviews. You’ll find this detailed history log available for any user, role, or permission list across all environments.
Sentinel breaks down audit controls into three main categories:
- Sensitive Data – PII/ PCI data, such as social security numbers, date of birth, address, and so forth.
- Privileged Access – Security administration, set up tables, or can even refer to a specific page such as the ability to print checks.
- Segregation of Duties – Sarbanes-Oxley (SOX) compliance, when a user has access to one control and therefore should not have access to another.
Within Sentinel, you gain the ability to drill down into each one of these controls to view Users, along with their Job Code, Department, and Business Unit. This is helpful for easily identifying user access in real-time and is available for any environment. You’ll benefit from simplifying PeopleSoft audit information and gain immediate insight into each control, whereas previously this type of process involved extensive queries, exporting its data, and reviewing through thousands of lines of information.
As pulling this kind of information traditionally requires an immense amount of work, typically an organization will complete the audit process when only preparing for its periodic review. With Sentinel, this report is available at any time and is displayed with real-time information whenever you need it. This means, as a manager you can mark a user as approved or flag for remediation at any time.
You’ll find many helpful tools that are beneficial for assisting managers and entire audit departments throughout the software. The dashboard itself tracks the level of progress for controls, letting you know firsthand which areas may need more attention. You’ll also find that Sentinel tracks all audit notations for a user on a detailed audit history log.
The software even has options for further simplifying PeopleSoft administration with automation functionalities, referred to as dynamic security. Automatically assign User Access based on specified job criteria or temporary assignments.
The futuristic elements compiled throughout Sentinel are levels ahead of managing PeopleSoft security as we currently know it. You’ll find simplifying PeopleSoft solutions for everyday time-consuming tasks across multiple departments.