Understanding PeopleSoft Security: User ID Creation and Role Administration

Slide Note
Embed
Share

Explore the key aspects of PeopleSoft security including user profile management, role administration, permission lists, and best practices for creating security roles based on business processes. Learn about the importance of security audits, offboarding procedures, and protecting Personally Identifiable Information (PII) data.

kasper
kasper Follow

Uploaded on Jul 16, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. PEOPLESOFT SECURITY Secure in Security - HCM Shelia Sloan June 15, 2022

  2. AGENDA What is Security User ID Creation/Basic User ID and Role Administration Time and Labor Security Global Payroll User Profile Security Processes IT Audits/Offboarding / Onboarding Working with Security Admins Q&A 2

  3. WHAT IS SECURITY? Security controls access to pages/data Each User has a single User Profile Profiles are attached to one to many roles Roles have zero to many permission lists Permission list contain page access required to perform business processes 3

  4. WHAT IS SECURITY Security roles should be business process based Navigator > Workforce Administration> Job Information> Job Data Roles should contain the access needed to perform the business process Sometimes they are bundled with several business processes that should be performed by the same type of individual Roles Should not be built based on Job Titles Roles Should not be built based on Job Titles 4

  5. WHAT IS SECURITY Security is a way of protecting PII data Personally Identifiable Information HCM will implement masking for level four data elements in the future. We are piloting a new tool in CS. Users should have the least amount of security possible to do their jobs Security should be audited regularly Offboarding Job Changes Segregation of Duties 5

  6. WHAT DOES ZC/ZZ/ZD MEAN Latest Role Re-Design implemented Roles/Permission Lists that begin with ZC/ZZ/ZD ZC roles contain Correct History Access and should be limited to higher level users that understand downstream impacts ZZ roles grant update access to pages and processes without correct history (Not sure why ZZ Maybe zupdate? ) ZD roles are read only/inquiry roles that do not allow any updates 6

  7. USER ID CREATION New User Ids are Created in HCM upon Hire via the CIB_USRPFL process. User ID is Created with a Base Set of Roles from Template User ID CTC_UN_HCM EOPP_USER NA Payroll WH Form User PAPP_USER ZZ_EMPLOYEE ZZ PeopleSoft User The CTC_%_DISTR role is dynamically added based on Institution. This role gives access to the college tile in Portal. (i.e. CLK for Clark, OP for Olympic,etc) User ID Syncs to Financials Using Integration Broker Base Manager Access is dynamically assigned for those with reports to. Typically a base employee and base manager do not need the Navigation Bar. The majority of their work is within the tiles. 7

  8. BASIC USER ID AND ROLE ADMINISTRATION User ID Administration General Tab PeopleTools > Security > User Profiles > Distributed User Profiles Always ensure the account is unlocked for new and current accounts; Ensure the EMAIL ID is correct The Process profile should be set for users to CTC_PT_PRCSPRFL_STAFF Select your institutions row/primary permission lists on the user profile. Ensure the symbolic ID is set to SYSAMD1 8

  9. GENERAL TAB 9

  10. BASIC USER ID AND ROLE ADMINISTRATION User ID Administration ID Tab The ID Type should be Employee and the EMPLID in the Attribute Value box. Should default in upon Creation 10

  11. BASIC USER ID AND ROLE ADMINISTRATION User ID Administration User Roles Tab Add the Appropriate Security Roles; If they are a core user provide additional role access as appropriate. HR Access is highly dependent on keeping job and personal data current and up to date. For terminated users, update the users access first in HCM, so that base roles will sync. Then ensure that for terminated users ensure the following role set is left: EOPP_USER PAPP_USER NA Payroll WH Form User ZZ_EMPLOYEE ZZ FORMER EMPLOYEE The CTC_%_DISTR role will have to be manually added back based on Institution. This role gives access to the college tile in Portal. (i.e. CLK for Clark, OP for Olympic,etc) However it should sync from HCM as it should manually be added back there. 11

  12. USER ID ADMINISTRATION USER ROLES TAB 12

  13. BASIC USER ID AND ROLE ADMINISTRATION User ID Administration Workflow Tab Ensure the routing Preferences boxes are selected for Worklist and Email User Alternate User ID is used if the user is an approver and will be out of office Transactions will route to the User ID here while the employee is out on leave. Once the date range has expired, it is best practice to remove the User ID and date range from the user profile. This is typically not used any longer as we use delegation instead. Reassign Work can be used to move ALL transactions waiting on the users approval, to a new approver (be careful with this) 13

  14. USER ID ADMINISTRATION WORKFLOW TAB 14

  15. TIME AND LABOR SECURITY TL Permission List Security TL Permission List Security is used to define what Time Reporting Groups a Row Security Permission List can access in Time and Labor as well as the range of time in which they can alter information on the timesheets of those groups. Group Access Group Access defines time reporters for whom Row Security Users can view, update, and delete time reporting data . Each college has a row level security for Time and Labor: CTC_XXX_TL_SUPERUSER. This is assigned to your Time and Labor Administrators. https://ctclinkreferencecenter.ctclink.us/m/79733/l/92875 4-9-2-understanding-time-and-labor-security 15

  16. GLOBAL PAYROLL USER PROFILE The Global Payroll User Profile page defines the default values that users see in the Used By and Country fields when adding an element. Security refers to the ability to restrict users from viewing or updating certain data or payees. In Global Payroll, there are two levels of security: 16

  17. SECURITY PROCESSES PeopleSoft stores security data in user and transaction Security Join Tables. There are a set of processes that are run in our batch jobs that are required for user access to work. Once a new user is created, these processes must run in order for the user to function properly. 17

  18. SECURITY PROCESSES SJT_OPR_CLS SJT_OPR_CLS: Contains the User IDs with their data permission lists. SJT_CLASS_ALL SJT_CLASS_ALL: Contains the data permission information for all the data permission lists that are given data access on the Security by Dept Tree page or Security by Permission List page. Transaction SJTs Transaction SJTs are: SJT_PERSON SJT_PERSON: Contains transaction data for the people (employees, contingent workers, Person of Interest). It has row level security attributes (SetID, DeptID etc) for all the employees. SJT refresh processes have to be run to keep security data (in user and transaction SJTs) up to date so that the system enforces data permission using the most current information. 18

  19. IT AUDITS Why are Audits Important? Decreases Risk Associated with IT Enhances Internal Control Environment Improves Internal Operations Identifies Potential Vulnerabilities Areas we will focus on today New User Access Current User Access Terminated User Access Segregation of Duties Tools 19

  20. NEW USER ACCESS Document Procedures and Follow them Always Document the Request, Gain Approvals and Save Be able to Show that What was Requested was granted Never accept Phone Calls as a form of authorization. Store for Auditors Ensure Access is Appropriate and limited to only what they need. 20

  21. NEW USER ACCESS For Users that Transfer from Another Institution, work with the Local Security Admin from the Other Institution to properly offboard from there and properly onboard at the new institution. Check Row /Primary Permissions, Email Addresses, User Preferences, SACR and other secondary types of security for these users to update to new institution. 21

  22. CURRENT USER ACCESS Periodically Review Current Users Access, at least twice a year. This is really recertification of user access If job duties change, so should their access in the application. Document the changes, gain authorization. Ensure no segregation of duties issues are in place. 22

  23. TERMINATED USER ACCESS This should be handled on demand as users terminate but at least weekly. Review Terminated users and confirm with HR that they are in fact terminated. Coordinate with Security Administrator in HCM if Different to update roles to match the offboarding recommendations. 9.2 Employee HR Status System-wide (ctclink.us) 23

  24. OFFBOARDING In HCM, Run Query: QHC_SEC_HR_STATUS_SYSTEM_LEVEL Prompt for your Company ID. 24

  25. OFFBOARDING Download results to Excel; Sort by Company Query Prompt. This will sort by the employees that are inactive at your school and active. Then you can pull out the active ones. For the inactive ones, you will then need to sort by HR Active Companies. If there are NO active companies, proceed with offboarding. If they are active at a different institution, work with the local security admin there to properly offboard. 25

  26. OFFBOARDING 26

  27. SEGREGATION OF DUTIES Segregation of duties is the concept of having more than one person required to complete a task. It is an administrative control to prevent fraud, theft misuse of information, or other security compromises. For example, the person responsible for entering job data, should not be involved in the payroll process. You don t want someone hiring someone and being able to pay that person as well. Typically whoever enters the transaction should not be the one approving it. When onboarding a new hire, it is critical to consider any segregation of duties issues while assigning roles. It is also critical to review Segregation of duties issues twice a year for audit purposes as well. QHC_SEC_SEGREGATION_OF_DUTIES query is available to use. 27

  28. SEGREGATION OF DUTIES QHC_SEC_SEGREGATION_OF_DUTIES query 28

  29. HELPFUL QUERIES https://www.sbctc.edu/resources/documents/colle ges-staff/data-services/peoplesoft-ctclink/report- catalog.pdf There are queries listed by pillar here with descriptions 29

  30. SECURITY RECORDS 30

  31. WORKING WITH SECURITY ADMINS Provide as Much information as possible Navigation to Access Needed Functional description of Business Process Screen Shots of Errors Employee ID of users with Issues If it is a random issue, try to provide timings if available Remember least access needed to do a job is critical; do not give more security than needed, it is an audit issue. 31

  32. REQUESTING CHANGES TO SECURITY There are times where roles may have too much access/not enough access, or are mislabeled, etc. SBCTC has a process for New Role Requests or Role Modification Requests Submit a service desk ticket to the Security Team by pillar SBCTC will review the request and log it in our change tracking system Review and gather support from SBCTC ctcLink production support teams. Then it goes through development and testing cycles. 32

  33. QUESTIONS AND FEEDBACK Questions? Feedback? Any Parking Lot issues THANK YOU FOR ATTENDING CC BY 4.0, except where otherwise noted.

Related


Understanding PeopleSoft Security: A Comprehensive Guide

Understanding PeopleSoft Security: A Comprehensive Guide

kylen
PeopleSoft Requisition Training Overview

PeopleSoft Requisition Training Overview

bowie
Background on PeopleSoft Security Masking Changes

Background on PeopleSoft Security Masking Changes

dhruv
PeopleSoft Recruiting Solutions Demonstration Implementation

PeopleSoft Recruiting Solutions Demonstration Implementation

suvi
Mastering Desktop Receiving in PeopleSoft eProcurement

Mastering Desktop Receiving in PeopleSoft eProcurement

antonia
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Fall 2014 Pre-Administration Webinar for Georgia High School Graduation Test

Fall 2014 Pre-Administration Webinar for Georgia High School Graduation Test

judas
Understanding Linux User Capabilities and Namespace Management

Understanding Linux User Capabilities and Namespace Management

esa
Certification and Training in Information Security

Certification and Training in Information Security

buck
Launchpad Operations and Security Enhancements

Launchpad Operations and Security Enhancements

haisley
Latest Training Opportunities and Updates in Test Administration

Latest Training Opportunities and Updates in Test Administration

jakob
Sustainable Co-creation in Public Sector Organizations: Insights and Practices

Sustainable Co-creation in Public Sector Organizations: Insights and Practices

muireann
Geographic Information System in Sud Nouvelle Calédonie

Geographic Information System in Sud Nouvelle Calédonie

navi
International Approaches to Enhance Nuclear Safety and Security

International Approaches to Enhance Nuclear Safety and Security

mazarine
The Perfect Creation: Understanding Genesis and the Creation of Humankind

The Perfect Creation: Understanding Genesis and the Creation of Humankind

lynette
Dealing with Statements on Creation and Evolution: Implications and Prospects

Dealing with Statements on Creation and Evolution: Implications and Prospects

astraeus
Federalism and Election Administration in 2022

Federalism and Election Administration in 2022

satine
Comparison of Android OS and iOS in Development and Security Aspects

Comparison of Android OS and iOS in Development and Security Aspects

hermione
Expert Security Tips and Hacks for D365FO by Alex Meyer

Expert Security Tips and Hacks for D365FO by Alex Meyer

clancy
Understanding Cyber Security and Risks

Understanding Cyber Security and Risks

kathryn
Unsupervised Clickstream Clustering for User Behavior Analysis

Unsupervised Clickstream Clustering for User Behavior Analysis

emb_f
Understanding Provable Security Models in Cryptography

Understanding Provable Security Models in Cryptography

donoghue_e
Performance Briefing on Agriculture, Forestry, and Fisheries Department - Annual Report 2016/17

Performance Briefing on Agriculture, Forestry, and Fisheries Department - Annual Report 2016/17

cassian

More Related Content

Implementing Alert Messages and User Input Handling in Java
Implementing Alert Messages and User Input Handling in Java
Understanding Computer Security Principles and Practices
Understanding Computer Security Principles and Practices
Understanding Transport Layer Security (TLS)
Understanding Transport Layer Security (TLS)
Understanding Security Onion: Network Security Monitoring Tools
Understanding Security Onion: Network Security Monitoring Tools
Overview of Social Security and Health Care System in Turkey
Overview of Social Security and Health Care System in Turkey
National Occupational Standards (NOS) in Business Administration Overview
National Occupational Standards (NOS) in Business Administration Overview
Enhancing SAP User Administration with Clean Up Tools
Enhancing SAP User Administration with Clean Up Tools
Grade 8 Civics Field Test Administration Overview
Grade 8 Civics Field Test Administration Overview
Evolving Security Practices in DevOps: A Holistic Approach
Evolving Security Practices in DevOps: A Holistic Approach
BCA 601(N): Computer Network Security
BCA 601(N): Computer Network Security
Enhancing Security Definitions for Functional Encryption
Enhancing Security Definitions for Functional Encryption
TSA Updates on Security Training Rule for OTRB Companies
TSA Updates on Security Training Rule for OTRB Companies
AEP Enterprise Security Program Overview - June 2021 Update
AEP Enterprise Security Program Overview - June 2021 Update
Understanding Allocations in Financial Management
Understanding Allocations in Financial Management
Understanding Information Security Policies for Effective Cybersecurity
Understanding Information Security Policies for Effective Cybersecurity
Instructions for Using These Slides
Instructions for Using These Slides
Florida Statewide Assessments - Summer 2023 Overview
Florida Statewide Assessments - Summer 2023 Overview
MCAS Test Administration Training Guidelines
MCAS Test Administration Training Guidelines
Exploring Religious Perspectives on Creation and Stewardship of the Universe
Exploring Religious Perspectives on Creation and Stewardship of the Universe
Celebrating God's Creation - Reflections through Images
Celebrating God's Creation - Reflections through Images
Analysis of Onion Routing Security and Adversary-based Metrics
Analysis of Onion Routing Security and Adversary-based Metrics
Introduction to Database Security and Countermeasures
Introduction to Database Security and Countermeasures
OWASP Bricks - Web Application Security Learning Platform
OWASP Bricks - Web Application Security Learning Platform
Database Security Measures and Controls
Database Security Measures and Controls