Info
Content

Definition Security


Definition Security is used to control access to PeopleSoft definitions through Application Designer. By default a group called PEOPLETOOLS is delivered. Within this group are all the definitions that are read-only to all users except those with permission lists that contain the group.

If a definition is secured through definition security, you'll soon know about it when you open it in Application Designer and get the message:

definition_security_not_authorized.png

You are not authorized to update the field because it belongs to the PeopleTools group and chances are you won't have security access to the group.

The definition security tool is available through Application Designer:

Go > Definition Security

It is a simple tool to manage definition security groups and associate them with permission lists. To use it, choose:

File > Open > Group
Select the default group: PEOPLETOOLS

This brings up a list of all definitions in the PEOPLETOOLS group. Select your definition type from the drop down (e.g. Records) and let it load all records (can take some time).

definition-security-tool.png

Anything on the left hand side is not excluded from this group, which means that it cannot be altered. Anything on the right hand side is excluded and can be altered. So, find the appropriate definition and move it from the left to the right hand side (not excluded to excluded) using the single right arrow. Double arrows move everything from one side to the other. Finally chose, File > Save to save your changes. Your object can now be modified. You should always put the definition back into the group after you're done. So repeat the process moving from the right hand side (excluded list) to the left hand side (not excluded).

The SQL below shows fields in the PeopleTools group (secured) and those excluded from the group (free for developers to work with).

The underlying tables for definition security include:

  • PSOBJGROUP - Object group definitions
  • PSOPROBJ - Operator object group

By default you can see that there is no permission list with access to the PEOPLETOOLS object group:

select * 
from PSOPROBJ 
where OBJGROUPID = 'PEOPLETOOLS' 
and DISPLAYONLY <> 1;

What this query is searching for is any rows in the PSOPROBJ record that have the PEOPLETOOLS group included (with a value that is not display only which means excluded).

No Comments
Back to top