3. Table of Contents
PeopleSoft Security Background .............................................................................................4
Developing Field Security Application ...................................................................................5
Develop Application Objects ...................................................................................................5
Registering a Component .........................................................................................................6
Create PeopleCode Function ...................................................................................................7
Attach PeopleCode Function to Existing Objects ..................................................................9
Enter Field Security Information ...........................................................................................10
Summary .................................................................................................................................11
Developing Dynamic PeopleSoft Field Security Applications
3
4. PeopleSoft Security Background
Security is especially critical for core business applications. In light of the complex and
diverse nature of the different PeopleSoft computing environments and the wide range of
statutory and regulatory compliance requirements, the system’s security measures must
be based upon the functional nature and the data involved. Much of the vast amount of
electronic data generated throughout the PeopleSoft environments are comprised of
human resource and financial information which is in many cases subject to privacy and
confidentiality regulations. Typically, every department in companies does not have
access to all applications nor does everyone within a department have access to all
functions and data of a particular application.
System security involves protecting data/information against modification, loss,
unauthorized use and/or disclosure. A security framework can be defined by several key
controls including:
online access to data
password management
user account management
authentication and authorization mechanisms
traceability (audit logs)
PeopleSoft delivers security features and PeopleTools applications, to ensure that
sensitive application data is protected. The three main PeopleSoft security definition
object types are user profiles, roles, and permission lists. These three components work
together in providing system security access through inheritance.
Permission lists are groups of authorizations that are assigned to roles.
Roles are intermediate objects that link user profiles to permission lists.
User Profiles are security objects given to each user of the system which
possesses all security access and other unique identification information for the
user.
A user profile inherits most of its permissions through roles; however, process
Note profile and data permissions- row-level and field-level security -are applied
directly to a user profile.
Data permissions control the application data that a user is allowed to access in the
PeopleSoft system. With application data security, data permissions can be set at the table
level, row level and field level.
Developing Dynamic PeopleSoft Field Security Applications
4
5. Data Permissions Definitions
Table-level security is set by using PeopleSoft Query to build SQL queries to specify
the records the user is allowed to access when building and running queries.
Row-level security controls access to individual rows of data stored within
application database tables through security views; and enables you to specify the
data that a particular user is permitted to access.
Field-level security is set using PeopleCode, the proprietary language used in the
development of PeopleSoft applications, to restrict access to particular fields or
columns within application tables.
This user manual contains instructions on developing a dynamic field security application
in PeopleSoft. These instructions are intended for intermediate to advance level
PeopleSoft Developers and will describe a more efficient technique to secure a field.
Before one can begin to develop, he/she must possess the appropriate access to the
system. This security access will be setup PeopleSoft Security Administrator.
Developing Field Security Application
Before creating the dynamic field security application all new objects such as projects,
fields, records, pages and components must be created first. A field security PeopleCode
function must be added to the project as well. PeopleCode must be added to needed
records and pages to call the field security function. An existing FUNCLIB record must
be modified.
The number of objects may differ as there is no one way to create this
Note application.
Develop Application Objects
A. Create a project.
B. Create the POPULATED field setting its attributes to 1 character and yes/no field
type.
C. Create a new record definition
1. Select File > New.
2. Select Record.
3. Click OK.
Developing Dynamic PeopleSoft Field Security Applications
5
6. 4. Select the SQL table record type option to define a physical SQL record
definition.
5. Insert the fields the existing fields RECNAME, FIELDNAME, ROLENAME,
ACCESS and the newly created field POPULATED into the record using the drag
and drop feature.
Fields can be inserted into a record in several ways. The field and its attributes
Note are automatically added to the list of fields in the record definition.
6. Create this table when you run the Build Operation from the Build menu.
D. Create a new page definition by cloning a page definition:
1. Select File > Open.
2. Enter the page name that you want to clone.
3. Select File > Save As.
If modifications are made to the page, the old page definition may accidentally
Warning be overwritten.
4. Enter the new page name.
5. Click OK.
6. Add fields to the page from the record you have created using the drag and drop
feature.
E. Create a new component definition:
A. Select File > New
B. Double-click Component
C. Add pages to the component by dragging the page into the component.
Open the component.
Drag page from the project workspace to the component.
Registering a Component
Before this page can be viewed online, it first must be registered to a menu. PeopleSoft’s
delivered registration wizard adds components to menus; assigns permission lists and
places content reference entries in the portal; which displays the component to the user
online.
Developing Dynamic PeopleSoft Field Security Applications
6
7. The component definition must be open and saved prior to registering the
Note component or objects created during this registration will not be added to the
project and will later cause issues during migration.
To register your component:
1. Keep your component open to register.
2. Open the Registration Wizard by selecting Tools > Register in Portal.
3. Find the menu name and the drop-down list box to assign the bar name by
clicking the Select button.
4. Select Target Content and enter information on the Create Content Reference
screen.
5. Find the menu name again, and use the drop-down list box to select the menu
name that displays on the bar by clicking the Select button.
It would be more feasible to place this field security application in the Maintain
Note Security.
6. Select Target Content complete fields.
7. Select the permission list and both the Update/Display and Add actions.
8. Click Finish to complete the registry process.
If you click Cancel all of the entries that you have made in the wizard will be
Warning lost and no changes will be made.
Create PeopleCode Function
A. Create a function by adding PeopleCode to a FUNCLIB record.
B. Declare local variables, record and SQL objects by setting the variable to the
appropriate data types.
Local array of string &aRoles
Local string &sRoleName
Local boolean &hidefield
Local SQL &SQL
Local Record &REC
C. Initialize variables
1. Set the &REC variable equal to the record developed above. This can be done
by using the built-in function CreateRecord; which creates a standalone record
definition with fields.
Developing Dynamic PeopleSoft Field Security Applications
7
8. &REC = CreateRecord(Record.ZPTT_HR_FLDSEC);
The specified record must have been defined previously it must have a record
Note definition.
2. Initialize the &SQL object from the SQL class by using the built-in CreateSQL
function. This function opens the object on the given SQL string, a
PeopleCode string value giving the SQL statement, and input values.
&SQL = CreateSQL("%Selectall(:1) Where FIELDNAME = :2 or
FIELDNAME = :3 ", &REC, &iFieldname1, &iFieldname2);
Set the &aRoles variable to equal the %roles system variable which returns an
array object containing all the roles assigned to the current user.
&aRoles = %Roles;
D. Start Loop, bind the statement and check for role name in the users list of roles. If
role is not listed then hide or gray the field.
While &SQL.Fetch(&REC) Then
Set &sRolename to result from record fetch
Set &Populated to result from record fetch
Set &Allow_Access to result from record fetch
&Found = &aRoles.Find(&RoleName);
If &Found <> 0 then
If &Populated = ‘Y’ and &Allow_Access = ‘Y’ then
Set &Access variable equal to 1;
Else
Set &hidefield variable to equal true
End-if;
End-If;
If &Access variable equals 1 then
Set &hidefield variable to equal false
End-If;
End-While;
The code above loops through the record defined in the Develop Application Object
section using the SQL class object defined in step two by using the built-in method
Fetch.
&SQL.Fetch(&REC)
The Fetch method loops through the rows fetched by the defined select statement. If
there are no more rows to fetch, the fetch method returns as false, and the SQL object,
&SQL, is automatically closed.
&Found = &aRoles.Find(&RoleName);
Developing Dynamic PeopleSoft Field Security Applications
8
9. The Find method returns the lowest index of an element in the array that is equal to
the given value. If the role is not found in the array, the find method returns the
number one; however, if the role is found in the array a zero is returned.
If &Found <> 0 then
If &Populated = ‘Y’ and &Allow_Access = ‘Y’ then
Set &Access variable equal to 1;
Else
Set &hidefield variable to equal true
End-if;
End-If;
If &Access variable equals 1 then
Set &hidefield variable to equal false
End-If;
When the function is called from other records or pages the &hidefield variable will
already be populated with “True” indicating that the field should be hidden. This
value will change to “False” only if the user possesses the roles to view the field
while populated.
The &RoleName, &Populated and &Allow_Access variables’ values are
Note populated from data entry completed in the Enter Field Security Information
section.
Attach PeopleCode Function to Existing Objects
Add PeopleCode declaring and calling the created function to all records and pages that
house fields that need to be secured.
1. Declare Function
Declare Function RoleFieldSecurity PeopleCode FUNCLIB_HR.ROLEUSER
returns &hidefield as Boolean
2. Get field value and if field is populate then call function and input the field
name(s) that must be secured into the function variable.
Local Rowset &Level0, &Level1, &Level2;
&Level0 = GetLevel0();
&Level1 = &Level0(1).GetRowset(Scroll.BAS_PARTIC);
&Level2 = &Level1(1).GetRowset(Scroll.BAS_PARTIC_PLAN);
&Rows = &Level2.ActiveRowCount;
For &I = 1 To &Level1_Rows;
&Level2_Rows =
&Level1.GetRow(&I).GetRowset(Scroll.BAS_PARTIC_PLAN).ActiveRowCoun
t;
For &J = 1 To &Level2_Rows;
&OPTION_CD =
&Level1.GetRow(&I).GetRowset(Scroll.BAS_PARTIC_PLAN).GetRow(&J).Ge
tRecord(Record.BAS_PARTIC_PLAN).OPTION_CD.Value;
Developing Dynamic PeopleSoft Field Security Applications
9
10. If all(&OPTION_CD) then
&annual_pldg_fld =
&Level2.GetRow(&I).GetRecord(Record.BAS_PARTIC_PLAN).ANNUAL_PLEDGE
;
&empl_contrb_fld =
&Level2.GetRow(&I).GetRecord(Record.BAS_PARTIC_PLAN).EMPL_CONTRBUT
N_AMT;
&hidefield =
RoleFieldSecurity("BAS_PARTIC_PLAN.ANNUAL_PLEDGE", "Y");
If &hidefield = True Then
&annual_pldg_fld.displayonly = TRUE;
End-If;
&hidefield =
RoleFieldSecurity("BAS_PARTIC_PLAN.EMPL_CONTRBUTN_AMT", "Y");
If &hidefield = True Then
&empl_contrb_fld.visible = FALSE;
End-If;
End-If;
End-For;
The next step in your field security should be based off your requirements. The
Note field can be hidden, set to read only, or a message- warning, error or message
box - can be executed
Enter Field Security Information
Navigate to the new page and enter all field security access information. As stated in the
Registering a Component section, the best placement for the field security page and
component is in under the delivered security menu. If your have used this suggested
placement then your navigation to the field security page would be Home > PeopleTools
> Maintain Security > Field Level Security.
Navigation to your page is based on the way your set up portal access to your
Note page and component.
Developing Dynamic PeopleSoft Field Security Applications
10
11. Summary
Let’s review what it takes to create a dynamic field security application. What have we
done?
We created a project.
We created a new field.
We created a new record definition.
We created a new page definition by cloning an existing page.
We created a new page component by cloning an existing page.
We registered the new component.
We created a new field security function.
We attached and the new function to existing pages and records.
We entered the field security access information.
This should give you enough information to get you started and give you the ability to
create a dynamic field level security application. Remember there are numerous ways to
secure a field within PeopleSoft through using PeopleCode; this is just a way to eliminate
customizations and save you a lot of coding. Welcome to the exciting world of field
security.
Developing Dynamic PeopleSoft Field Security Applications
11