Peoplesoft Advanced Query Security
This section discusses how to:
Enforce row-level security.
Use query security record definitions.
PeopleSoft Query uses query access group trees to control the access of the tables in your PeopleSoft database. Define a hierarchy of PeopleSoft record definitions, based on logical or functional groupings, and then give users access to one or more nodes of the tree. PeopleSoft Query is a great way to retrieve information from PeopleSoft without having to write the complex SQL queries. However, as a PeopleSoft admin – there may be situations when you need to seek information from the PeopleSoft Query tables.
Enforcing Row-Level Security
By default, when you give PeopleSoft Query usersaccess to a record definition, they can access all the rows of datain the table that were built using the associated record definition.In some cases, though, you may want to restrict users from seeingsome of those data rows. For example, you may not want your humanresources staff to access compensation data for vice presidents orabove. That is, you want to enforce the row-levelsecurity feature that is offered by many PeopleSoft applications.
Row-level security enables users to access a tablewithout accessing all rows on that table. This type of security istypically applied to tables that hold sensitive data. For example,you might want users to be able to review personal data for employeesin their own departments but not for employees in other departments.To accomplish this, you would give everyone access to the PERSONAL_DATAtable, but would enforce row-level security so that users could seeonly the rows where the DEPTID matches their own.
Note: PeopleSoft Query row-level security is enforcedonly when you are using PeopleSoft Query or Scheduled Query; it doesn'tcontrol runtime page access to table data.
PeopleSoft applications implement row-level securityby using a query security record (typically a view) that is specifiedon the record definition that joins the data table with an authorizationtable. When a user searches for data in the data table, the systemperforms a related record join between the security record view andthe base table (rather than searching the table directly). The viewadds a security check to the search, based on the criteria that youhave set up for row-level security. For example, to restrict usersto seeing only data from their own departments, the view would selectfrom the underlying table only those rows where the DEPTID matchesthe user’s DEPTID. You can specify the query security record by selectingan appropriate view from the Query SecurityRecord drop-down list box on the Record Properties dialogbox for any record definition.
Image: Using QE_PERS_SRCH view as a Query SecurityRecord view
This example illustrates the Record Properties dialogbox with Query Security Record is set to QE_PERS_SRCH.
Query Security Record In Peoplesoft
Note: Process and role queries override the automaticrow-level query security logic that is applied to all other typesof queries. For this reason, you should restrict access to creatingthese types of queries to administrative types of roles and not includeany sensitive data columns in the select list for these types of queries.You can restrict access to creating and modifying these queries basedon query profile settings that are assigned to a permission list.Note that Workflow queries also override the row-level security logic.
Securing Data Through the Search Record
To secure data through the query security recordview, create a query security record that has both of the followingcriteria:
The same key field as the baserecord that you are securing.
One of the following three row-levelsecurity fields as a key field and not as a list box item:
OPRID (User ID).
OPRCLASS (Primary PermissionList).
ROWSECCLASS (Row Security PermissionList).
When you add one of the preceding fields as a keyfield, Oracle's PeopleTools automatically adds a WHERE clause whenit does a select through the record. This forces the value to be equalto the current user’s value.
See Using Query Access Group Trees, Using Row-Level Security and Query Security Record Definitions, Using Query Profiles.
Using Query Security Record Definitions
Implement row-level security by having PeopleSoftQuery search for data using a query securityrecord definition. The query security record definitionadds a security check to the search.
Query security record definitions serve the samepurpose as search record definitions do for pages. Just as a searchrecord definition determines what data the user can display in thepage, the query security record definition determines what data theuser can display with PeopleSoft Query.
To get PeopleSoft Query to retrieve data by joininga security record definition to the base table, specify the appropriatequery security record when you create the base table’s record definition.
Note: The PeopleSoft row-level security views restrictusers from seeing certain rows of data. If you specify a query securityrecord for a given base record definition, PeopleSoft Query adds aqualifier to the WHERE clause of each query, instructing the systemto retrieve only rows in organizational entities to which you havebeen granted access. If you perform a historical query—for example,a query asking for the employees in your department as of last year—youmay not get the results that you expect. Because the system is enforcingrow-level security, PeopleSoft Query returns only those employeeswho were in the department last year and who are currently in a departmentto which you have access.
Each PeopleSoft product line comes with a set ofviews for implementing its standard row-level security options.
By default, when yougive PeopleSoft Query users access to a record definition, they canaccess all the rows of data in the table that were built using theassociated record definition. In some cases, though, you may wantto restrict users from seeing some of those data rows. For example,you may not want your human resources staff to access compensationdata for vice presidents or above. That is, you want to enforce the row-level security feature that is offered by many PeopleSoft applications.
Row-level security enablesusers to access a table without accessing all rows on that table.This type of security is typically applied to tables that hold sensitivedata. For example, you might want users to be able to review personaldata for employees in their own departments but not for employeesin other departments. To accomplish this, you would give everyoneaccess to the PERSONAL_DATA table, but would enforce row-level securityso that users could see only the rows where the DEPTID matches theirown.
Note: PeopleSoft Query row-levelsecurity is enforced only when you are using PeopleSoft Query or ScheduledQuery; it doesn't control runtime page access to table data.
PeopleSoft applicationsimplement row-level security by using a query security record (typicallya view) that is specified on the record definition that joins thedata table with an authorization table. When a user searches for datain the data table, the system performs a related record join betweenthe security record view and the base table (rather than searchingthe table directly). The view adds a security check to the search,based on the criteria that you have set up for row-level security.For example, to restrict users to seeing only data from their owndepartments, the view would select from the underlying table onlythose rows where the DEPTID matches the user’s DEPTID. You can specifythe query security record by selecting an appropriate view from the Query Security Record drop-down list on the Record Properties dialog box for any recorddefinition.
Image: Record Propertiesdialog box - Use tab
This example illustratesthe Record Properties dialog box - Use tab with the Query Security Record field is set to QE_PERS_SRCH.
Note: Process and role queriesoverride the automatic row-level query security logic that is appliedto all other types of queries. For this reason, you should restrictaccess to creating these types of queries to administrative typesof roles and not include any sensitive data columns in the selectlist for these types of queries. You can restrict access to creatingand modifying these queries based on query profile settings that areassigned to a permission list. Note that Workflow queries also overridethe row-level security logic.
Securing Data Throughthe Search Record
To secure data throughthe query security record view, create a query security record thathas both of the following criteria:
The same key field as thebase record that you are securing.
One of the following threerow-level security fields as a key field and not as a list box item:
OPRID (User ID).
OPRCLASS (Primary PermissionList).
ROWSECCLASS (Row SecurityPermission List).
Note: These security criteriaare applied for all definitions, including multiple query securityrecord definitions and single query security record definitions.
When you add one ofthe preceding fields as a key field, PeopleTools automatically addsa WHERE clause when it does a SELECT through the record. This forcesthe value to be equal to the current user’s value.
See Using Query Access Group Trees, Using Query Profiles.
Implement row-levelsecurity by having PeopleSoft Query search for data using a query security record definition. The query security record definition adds a security check to thesearch.
Query security recorddefinitions serve the same purpose as search record definitions dofor pages. Just as a search record definition determines what datathe user can display in the page, the query security record definitiondetermines what data the user can display with PeopleSoft Query.
To get PeopleSoft Queryto retrieve data by joining a security record definition to the basetable, specify the appropriate query security record when you createthe base table’s record definition.
Note: The PeopleSoft row-levelsecurity views restrict users from seeing certain rows of data. Ifyou specify a query security record for a given base record definition,PeopleSoft Query adds a qualifier to the WHERE clause of each query,instructing the system to retrieve only rows in organizational entitiesto which you have been granted access. If you perform a historicalquery—for example, a query asking for the employees in your departmentas of last year—you may not get the results that you expect. Becausethe system is enforcing row-level security, PeopleSoft Query returnsonly those employees who were in the department last year and whoare currently in a department to which you have access.
Each PeopleSoft productline comes with a set of views for implementing its standard row-levelsecurity options.
You are able to addmultiple query security records for a record definition, including:
With the coal black shading, Windows XP black edition is the modification of the Windows XP 2019 Edition.We will look Windows XP Black 2019 Edition benefits and what exactly features it contains. Here, we will guide for how to download the Windows XP 2019 iso for the PC or laptop. Download Windows XP Black Edition ISO 32 Bit Free. Guys Here is the Latest Windows XP Black Edition SP3 32 Bit Professional 2018 Free Download.You can Get the Latest Bug Fixed ISO Image File from Here. It is the working.ISO Image of Windows XP SP3 Black Edition or also Known as Windows XP Dark Edition. Windows xp 2018 download.
Associating multiple querysecurity records with a single record.
Specifying the fields (includingnon-key fields from the query security record) and the base recordthat will be used to secure the data.
Adding MultipleQuery Security Records for Record Definitions
Query Administratoruses the Advanced Query Security Record Mapping dialog box and theAdd Query Security Record dialog box in Application Designer to addmultiple query security records for a record definition. Note thateach base record can have one query security record defined in theRecord Property dialog box and as many as five additional query securityrecords defined in the Advanced Query Security Record Mapping dialogbox. When you add more than five query security records using theAdvanced Query Security Record Mapping dialog box, an error messageappears to alert you that the maximum limit has been reached.
Navigation
Open the Record Propertiesdialog box in Application Designer.
Click the Advanced Query Security button.
In the Advanced Query SecurityRecord Mapping dialog box, click the Add button.
Image: Advanced Query SecurityRecord Mapping dialog box
This example illustratesthe Advanced Query Security Record Mapping dialog box in ApplicationDesigner.
Image: Add Query SecurityRecord dialog box
This example illustratesthe Add Query Security Record dialog box in Application Designer.
Field or Control Rurouni kenshin episodes. | Definition |
|---|---|
| Secured Field | Select a field fromthe available fields in the base record. |
| Query Security Record | Select a record thatyou have permission to access. Note: Dynamic views, derivedor work records, subrecords, and temporary records cannot be usedas query security records. These records are excluded from the Query Security Record drop-down list. |
| Field Name | Select a field fromthe selected query security record. |
To add multiple querysecurity records for record definitions:
In Application Designer,open the Record Properties dialog box.
Click the Advanced Query Security button.
The AdvancedQuery Security Record Mapping dialog box appears with the list ofquery security records that are already set to the current record.
Click the Add buttonto access the Add Query Security Record dialog box.
Use the Add Query SecurityRecord dialog box to enter additional query security records and theircorresponding field mappings.
Peoplesoft Row Security
Removing Query SecurityRecords from Record Definitions
To remove query securityrecords from record definitions:
Peoplesoft Security Roles
In Application Designer,open the Record Properties dialog box.
Click the Advanced Query Security button.
The AdvancedQuery Security Record Mapping dialog box appears with the list ofquery security records that are already set to the current record.
Select a row in the QuerySecurity Record section.
Click the Delete button.
A warning message appears.
Click the Yes buttonto confirm the deletion.