|
Summary:
How can I implement row
level security in Peoplesoft CRM v8.8?
Answer
Here is a note from Customer connection.
Summary:
How to implement Row-Level Security by operator ID
Details: Resolution #15409: How to implement Row-Level Security by operator ID
You can design special types of SQL views -security views- to control access to
individual rows of data stored within your application database tables. Your
PeopleSoft applications are delivered with built-in, row-level security
functions, tailored to that specific application.
For example, in PeopleSoft HRMS, we provide security tables that enable you to
restrict operator access to employee rows according to organizational roles, or
to permit an operator to view and update rows for employees in their department
only.
Then to get the security down to the operator ID level instead of the operator
class level, there are steps defined in Designing Your PeopleSoft Human
Resources System manual under Using Operator IDs for Employee Data Security.
Changing operator class to operator ID
Steps to implement Organizational Security by OPRID:
1) Delete all entries for each OPERClass/OPERID in Security Tables.
2) Run SECVWTRE.WT to load the SQL text for the security views(only needs to be
performed if organizational security has been turned off).
3) Run SECBYOPR.WT to change the view text of Oprdefn to select based on Oprtype
of 0 (instead of 1 for operator class security.
4) Add the field OPRID in place of the OPRCLASS field in the search views and
make it a key item.
5) Recreate the search views and the Oprdefn view.
6) After the departments have been loaded, create a tree with effective date the
same as the effective date for the departments equating the node with the
department ID.
7) Run PER505 to update
the effective date of PS_R_PER505.
8) Update the security tables to show which departments each operator or
operator class has authorization to read/write.
9) Run PER505 if any changes are made to the tree structure. This will update
the security tables established in 6 to reflect the changes to the hierarchy.
To switch from Operator Class to Operator ID security:
1) If you have department security in place for an OprID or OprClass delete
these entries now, they will not be available after updating the Oprdefn view
and may give inaccurate results if left in place.
2) Run SECBYOPR.WT to change the view text of Oprdefn to select based on an
Oprtype of 0. (To switch back to Operator Class security run SECBYCLS.WT to
switch the view text of Oprdefn to select based on an Oprtype of 1.)
3) Recreate the Oprdefn view.
4) Change each search view and replace the OPRCLASS field with OPRID field and
make OPRID a key field.
5) Set up the tree and department security as in the steps 5 through 8 under
Operator ID security setup.
Change Standard Search Record into OPRDEFN_DEPT. The view text in
OPRDEFN_DEPT should look like this:
SELECT
A.OPRID
,A.EMPLID
FROM PSOPRDEFN A
WHERE A.OPRTYPE=0
You must rebuild this view.
Documentation for this is located in Designing your Human Resource System
(Chapter 4).
*Questions excerpted from
ITToolBox.com*
Disclaimer: Contents are not reviewed for correctness and are not endorsed or
recommended by PeopleSoft-Planet.com. | 
