Data permission security refers to controlling access to the rows of data in system.
When you open a component in PeopleSoft the system displays a search page. The search page
represents the search record and the fields that appear are the search keys and alternate key fields that
uniquely identify each row of data. The system also uses search records to enforce data permission
security for components that contain sensitive data.
The system adds the user's security profile, including their user ID and the values of the permission lists
attached to their user profile, to the SQL select statement along with the values that the user entered on
the search page. The system retrieves only the data that matches the criteria from the search page
and the user's data permission lists. The system doesnt retrieve data for people to whom you havent
granted the user's permission lists data access. For example, if you enter Smith in the Name alternate
key field, the system retrieves data only for the people with the name Smith to whom you have access.
This diagram illustrates the data retrieval process
Access the Security Installation Settings page (Set Up HCM > Security >Core Row Level Security,
Security Installation Settings).
Assignment can see Instance: Select to enable a person with data permission that enables them to
view the assignment job data record to also view the person's controlling instance job record. A person
with data permission to the controlling instance job data record will not be able to see the worker's
assignment job data record.
Instance can see Assignment: Select to enable a person with data permission that enables them to
view the controlling instance job record to also view the person's assignment job data record . A person
with data permission to the assignment job data record will not be able to see the worker's controlling
instance job data record.
Both: Select to enable a person with data permission that enables them to view the controlling
instance job record to also view the assignment job data record and a person with data permission that
enables them to view the assignment job data record to also view the controlling instance job record.
None: Select to make additional assignments job data records available to all users.
If you do not select Incl. Additional Assignments? then regular data permission rules apply.
To set up and use tree-based data permission, use the Tree Manager component (PSTREEMGR), Security
Tree Audit Report component (RUNCTL_PER506), Security by Dept. Tree component (SCRTY_DATA)
and Refresh SJT_CLASS_ALL component (SCRTY_OPR_RC).
Use Tree manager to setup department hierarchy. It is a graphical representation of data which
department reports to which.
For e.g. If a user is given permission to access data of Finance & Administration (13300), user also have
access to Shipping and Receiving and Administration Staffing Departments.
Access the Security by Dept. Tree page (Set up HCM > Security > Core Row Level Security > Security by
Dept. Tree).
Select an existing Row Security Permission list or create a new one. Select Set ID and Department ID for
which access need to be given.
Refresh SJT_CLASS_ALL
Whenever you add or modify a tree or add or modify a row security permission list on the Security by
Dept. Tree component you need to run the Refresh SJT_CLASS_ALL process to update SJT_CLASS_ALL
with the new user security data.
Navigation: Set Up HCM > Security > Core Row Level Security > Security by Dept. Tree > Refresh
SJT_CLASS_ALL
To assign row security to userprofile, use the User profile component . Select the appropriate Row
security permission list in Row security field.
Navigation: PeopleTools > Security > User Profiles >User Profiles
The security join table SJT_OPR_CLS stores the relationship between User IDs and permission lists with
data permission. It need to be refreshed every time row security is created/modified for user profile.
Navigation: Set Up HCM, Security > Core Row Level Security > Refresh SJT_OPR_CLS > Refresh
SJT_OPR_CLS
Select Refresh All Rows to refresh all rows in SJT_OPR_CLS Record, uncheck to refresh selective rows.
Set of Security to Refresh
Select the set of rows to refresh.
You can select to refresh:
Classid
Select to refresh the table with the selected row security or role-based permission lists IDs of users to
whom they are attached.
Orpid
Select to refresh the table with the selected user IDs and the permission lists assigned to them.