Dynamic Roles with PeopleCode Rule

Dynamic roles can be assigned using query rules, PeopleCode rules or directory rules.

Using PeopleCode rules allows you to use more flexible logic as you have the full power of PeopleCode to work with. This article gives an example of how it is done.

The steps are:

  • Create the role and set the PeopleCode rule flag in the dynamic members tab
  • Create a PeopleCode function that assigns the dynamic role using the %RoleDynamicMembers system array

Setting up the Role

Navigate to:

PeopleTools > Security > Permissions & Roles > Roles

Where you can add your new role. Configure your role appropriately, and add the relevant permission lists.

In the Dynamic Members tab, check the PeopleCode Rule Enabled check box. Then enter the Record, Field Name, Event and Function name of the PeopleCode function that will be assigning the dynamic role. Here's an example of how this might look:


Assigining the role with PeopleCode

Now you can create the PeopleCode to assign the dynamic role to the %RoleDynamicMembers system array. In this example, I use a SQL object that returns a list of operator IDs which are then pushed in the %RoleDynamicMembers array one at a time.

Function AssignExampleRole()
   Local string &sOprid;
   While &sqlGET_EXAMPLE_USERS.Fetch(&sOprid)

The logic to get your users lives in your SQL definition. All your SQL needs to return is a list of operator IDs. For example it could be as simple as the example below, which finds all users with a description starting with Smith.


If you need to do any pre-processing, you can do that in the while loop before pushing the operator ID to the %RoleDynamicMembers array.

You can test your rule in the dynamic members page using the Test Rule(s) button. Note that this may fail if your working on a large set of operator IDs. Use the Execute Rule(s) button on the dynamic members page to assign the role using your new role.

If required you can combine different rules. For example you use both a Query and PeopleCode rule.
NOTE: if for some reason a user no longer meets the criteria for a dynamic role, PeopleSoft will automatically remove that role from them. So you only need to write the logic to determine which users should have a role and PeopleSoft will take care of removing it when it should no longer be given to the user.
No Comments
Back to top