hakk

software development, devops, and stuff
Tree lined path

PeopleTools Security Tables

The Main PeopleTools Security Records.

User Tables

RecordDescription
PSOPRDEFNStores all operators (users) in the PeopleSoft system. Also stores their employee ID (EMPLID), encrypted password, primary permission list, default navigator home page, process profile permission list and row security permission list.
PSROLEUSERThe highest level of security access is defined by roles (think of them as groups). This table stores the roles the user belongs to.
PSOPRCLSRoles link together permission lists which are the security objects that define access to components, pages, and other areas of the system. This view returns the permission lists that a user has access to via their roles. Note that prior to PeopleTools 8, permission lists were synonymous with classes and most of the security tables still use this convention.
PSOPRALIASAliases can be mapped to a particular operator ID (user). The obvious alias is employee ID (EMPLID) but others include external organisation ID (EXT_ORG_ID) and customer ID (CUST_ID). All ways of referring to the same entity.
PSOPRALIASTYPEThis is the setup table for operator aliases
PSOPRALIASFIELDThis is the setup table that maps operator aliases to records & fields
PSUSERATTRUser attributes store the a hint password question & response for a user (if this is enabled)
PSUSEREMAILEmail addresses for users.

Roles

RecordDescription
PSROLEDEFNStores roles and their properties. Roles can be assigned dynamically through Query, PeopleCode or LDAP. Roles are also used in conjunction with Workflow and routing.
PSROLECLASSRoles are made of up of one or permission lists, and this table links the two together. Very handy.

Permission Lists

RecordDescription
PSCLASSDEFNPermission lists are where the security really happens. They provide access to menus, components and pages and a host of other security including PeopleTools, Process security, Component Interfaces, Web Libraries, Web Services, Personalisations, Query and Mass Change.
PSAUTHITEMThe link between permission lists and menus
PSAUTHBUSCOMPThe link between permission lists and component interfaces and their methods
PSAUTHOPTNThe link between permission lists and personalisations
PSAUTHPRCSThe link between permission lists and process groups
PSAUTHSIGNONThe link between permission lists and signon times
PSAUTHWEBLIBVWA view linking permission lists and access to web libraries (really just Menus in PSAUTHITEM that begin with WEBLIB_).
PSAUTHWSThe link between permission lists and web services (service operations)
PS_SCRTY_ACC_GRPThe link between permission lists, trees and query access groups
PS_MC_OPR_SECURITYThe link between permission lists and mass change templates. This is an odd table, it uses the field OPRID but really it links permission lists

PeopleSoft Login Details and Authorization

RecordDescription
PSACCESSLOGLogin and logout information of the users
PSACCESSPRFLContains the symbolic id,accessid/password details.
PSCLOCKLogin fails if the table is empty

Query Security Tree

RecordDescription
PSTREENODEHolds the query security tree records, which tree and tree node they belong to.

Some Example SQL Queries

Coming Soon