HCM Security: Data Security

Data permission is controlled using Transaction Security Data and User Security Data. 

Transaction Security Data
Certain transaction fields on a transaction data row are used to secure access to that row. The data in these fields is called transaction security data. 
When the value of the transaction security data matches the value that a user can access (user security data), the system makes the entire row of data available to the user.

Data Type
Transaction Component & Record
Fields Available for Transaction Security Data
Departments
Departments component (DEPARTMENT_TBL)
Record: PS_ DEPT_TBL
  • SetID
  • Department
Job openings
Job Opening page (HRS_JO_360)
Record: PS_HRS_JOB_OPENING
  • Company
  • Business Unit
  • DeptID
  • Location
Employees
Contingent workers
POIs with jobs
Add Employment Instance component (JOB_DATA_EMP)
Add Contingent Worker Instance component (JOB_DATA_CWR)
Add POI Instance component (JOB_DATA_POI)
Job Data component (JOB_DATA)
Record: PS_JOB
  • Organizational Relationship (employee, contingent worker, or POI)
  • Regulatory Region
  • Company
  • Business Unit
  • Department
  • Location
  • Salary Plan
  • Pay Group (for customers using Payroll for North America)
POIs without jobs
Add a POI Relationship component (PERS_POI_ADD)
Maintain a Person's POI Reltn component (PERS_POI_MAINTAIN)
Record: PS_ PER_POI_SCRTY
  • POI Type
  • POI Type and Business Unit
  • POI Type and Institution
  • POI Type and Company

Note: If a person is created without a job data record or POI type record, the system will save the person as a POI without job with a POI Type of Unknown. 
Only users with data permission access to unknown POIs can access their data and create either a job data or POI type record for them.


User Security Data
User security data enables the system to ensure that users have access only to that which you have granted them access. Data permission is granted to row security (tree-based) permission lists (ROWSECCLASS) and regular (role-based) permission lists (CLASSID).
Note: When you add a permission list to the Security by Dept. Tree component, the system saves it as ROWSECCLASS. Row Security Permission List is assigned to users on the Row Security field (User Profile – General page).
Note: You can use the same permission list as a row security permission list and a role-based permission list by adding it to both the Security by Dept Tree component and Security by Permission List component and then adding them to the user on the User Profile - General page and by way of roles.

Data Type
Security Page
Record
Row security permission lists
Security by Dept Tree page
SCRTY_TBL_DEPT
Role-based permission lists
Security by Permission List page
SJT_CLASS
Permission lists assigned to roles
Roles - Permission Lists page
PSROLECLASS
Roles assigned to users
User Profile - Roles page
PSROLEUSER
Row security permission lists assigned to users
User Profile - General page
PSOPRDEFN

Note: Data from PSROLECLASS, PSROLEUSER, and PSOPRDEFN is loaded into SJT_OPR_CLS either automatically by the system, when you enable the USER_PROFILE and ROLE_MAINT messages, or when Refresh SJT_OPR_CLS process is run. 
Also, data from SCRTY_TBL_DEPT and SJT_CLASS is loaded into SJT_CLASS_ALL when Refresh SJT_CLASS_ALL process is run.
Posted by

1 comment:

  1. Unknown19 February 2016 at 04:50

    Very interesting code. I also use Ideals virtual data room.

    ReplyDelete

Subscribe to: Post Comments (Atom)