Escolar Documentos
Profissional Documentos
Cultura Documentos
D69117
D61554GC10
September 2010
Rel 8.50
PeopleSoft Security
Instructor Notes
102
Lesson 4 Working with Permission Lists
Activity Overview
Create the permission lists that enable Training Department managers to complete the training administration
process.
Create the SETUP01 permission list to incorporate the transactions necessary to complete the setup of the
training administration tables. Refer to the detailed instructions for the specific pages.
Create a link that enables you to access the PeopleTools, Portal, Structure and Content page from the
Permission Link List page. Portal Admin (PORTAL_ADMIN) is the menu name. Use (USE) is the bar name.
Folder Content Reference Permission List (FOLDER_CREF_LIST) is the menu item name. Portal Object
List (PORTAL_OBJ_LIST) is the item name. Access Application Designer to view these menu and
Create the COURSE01 permission list as a clone of the PSU1100 permission list. This permission list
incorporates the functionality involved in setting up training programs and courses. Refer to the detailed
instructions for the specific pages.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
103
Working with Permission Lists Lesson 4
4. On the General page, enter Set up training tables in the Description field.
15. Enter QUERY_MANAGER in the Menu Name field and press the Tab key.
104
Lesson 4 Working with Permission Lists
16. Click the Edit Components link for the QUERY_MANAGER menu.
17. Click the Edit Pages link for the QUERY_MANAGER component.
21. Click the Edit Pages link for the QUERY_ADMIN component.
22. Select the Authorized check box for the Qry Admin page and then select the Update/Display check box.
Results
This is the destination page to which you will link in the next set of steps.
3. Press Ctrl + J twice and record the menu name in this table.
Menu Name
4. Click the Continue link and then minimize the browser and close the Downloads window, if it opened.
5. On the desktop, open the PeopleTools 8.5 folder and double-click Application Designer.
105
Working with Permission Lists Lesson 4
6. Sign on to the T1B85001 database; use PTTRN as the User ID and Password.
7. Select File, Open and select Menu from the Destination drop-down list box.
8. Enter the value from step three in the Name field and press the OK button.
9. In the menu bar, double-click Use and record the bar name in this table:
11. In the bar item list, double-click Folder Cref List and record the bar item name in this table:
14. Find the Portal Obj List page and record the item name in this table:
Item Name
17. Select the Permission List page and enter this information:
106
Lesson 4 Working with Permission Lists
21. Select the Links page and compare your results with the results at the end of this activity.
It should be the Structure and Content page that you observed in step two.
Results
12. Click the Return to Search button and enter COURSE in the permission list field.
107
Working with Permission Lists Lesson 4
14. Clear the contents and then enter Maintain course data in the Description field
16. Click the Edit Components link for the PSU_TRAINING menu and use the following information to
grant permissions:
Results
3. On the search page, enter ALL in the Permission List field and click the Search button.
5. On the Delete Permission List page, click the Delete Permission List button.
108
Lesson 4 Working with Permission Lists
7. Select PeopleTools, Security, Permissions & Roles, Permission Lists and verify that ALLPAGESCOPY is
not in the search results.
Results
109
Lesson 5 Working with Roles
Create roles.
Copy roles.
Delete roles.
Instructor Notes
127
Working with Roles Lesson 5
Activity Overview
Create the Instructor Manager role. It should contain the SETUP01 and COURSE01 permission lists.
Copy the Instructor role as Instructor 2. Confirm its existence and then delete the Instructor 2 role.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
128
Lesson 5 Working with Roles
Creating Roles
To create roles:
Results
Copying Roles
To copy roles:
3. On the search page, enter Instructor in the Role Name field and click the Search button.
129
Working with Roles Lesson 5
8. Enter Ins in the Role Name field and click the Search button.
Results
2. Enter Ins in the Role Name field and click the Search button.
3. Select Instructor 2.
6. Enter Ins in the Role Name field and click the Search button.
7. Verify the absence of the Instructor 2 role from the search results.
Results
130
Lesson 5 Working with Roles
131
Lesson 6 Working with User Profiles
Slide 84
Duration
Important! The General page consistently throws an "Invalid xml" error if you do not follow the instruction
in the guide as written. If students receive this error, instruct them to click the Home link in the navigation
header. They will lose any changes they have made since the last save.
149
Working with User Profiles Lesson 6
Activity Overview
Training implementation is underway. Create user profiles for James Fung, Dr. Calvin Roth, and yourself.
Use first initials and last names as the user IDs and the passwords. Use the charts in the activity detailed steps
to assign specific user profile properties.
When you finish, start another browser session to test sign in privileges.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
150
Lesson 6 Working with User Profiles
Symbolic ID SYSADM1
ID type Employee
7. Select the Roles tab, insert three rows in the User Roles grid, and then enter the following information:
10. Enter JFUNG in the User ID field and click the Add button.
151
Working with User Profiles Lesson 6
11. Select the General page, and enter the following information:
Symbolic ID SYSADM1
Password JFUNG
Primary PPMGR
ID type Employee
13. Select the Roles page and enter Employee in the Role Name field.
15. Enter Training Manager in the Role Name field and click the Save button.
17. Enter Instructor Manager in the Role Name field and click the Save button.
19. Enter PeopleSoft User in the Role Name field and click the Save button.
22. Select Set Up Training, Materials and add a new value: PSU466.
152
Lesson 6 Working with User Profiles
23. Click the Add button, and enter the following information:
25. Sign in as the <<student name>> user and check the results.
153
Working with User Profiles Lesson 6
Password CROTH
7. Sign in as CROTH and make sure that the user has appropriate access.
Results
154
Lesson 7 Managing Advanced Application Security
Slide 95
Duration
Answers To Questions
These are the answers to the questions:
Question Answer
Question Answer
Question Answer
175
Managing Advanced Application Security Lesson 7
Optional Steps
After specifying the search record, students might want to repeat the section "Testing the Role Grant" steps 1
through 5.
176
Lesson 7 Managing Advanced Application Security
Activity Overview
Grant all pages of the distributed user profile component (USERMAINT_DIST) to the PSU1100 permission
list.
Specify that the Training Coordinator role can be granted by the Training Administrator role.
In Application Designer, open the PSOPRDEFN_SRCH and DIST_USER_SRCH records. View the SQL for
the two search records.
Specify the new DIST_USER_SRCH search record on the Distributed User Set Up page.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
177
Managing Advanced Application Security Lesson 7
Note. Use PTTRN for the user name and password in this part of the activity.
7. Scroll to the bottom of the page and click the Edit Pages link for the USERMAINT_DIST component.
9. Select the Display Only check box for each page except the User Roles page.
Results
178
Lesson 7 Managing Advanced Application Security
4. Enter Training Coordinator in the Role Name field in the first scroll area.
Results
Note. Use <<student name>>for the user name and password in this part of the activity. This is the user
profile you created in Activity 3 "Creating User Profiles".
179
Managing Advanced Application Security Lesson 7
1. Sign in to the T1B85001 database using the profile you created in activity 3.
Question Answer
7. Click the lookup button for the Role Name and answer this question:
Question Answer
Note. Use PTTRN for the user name and password in this part of the activity.
1. Launch PeopleSoft Application Designer from the PeopleTools folder on the desktop.
2. Select File, Open and select Record from the Definition drop-down list box.
3. Enter PSOPRDEFN_SRCH in the Name field and press the Enter key.
5. Click the SQL Editor button and examine the SQL for this view.
SELECT oprid, oprdefndesc
FROM psoprdefn
7. Select File, Open and select Record from the Definition drop-down list box.
8. Enter DIST_USER_SRCH in the Name field and press the Enter key.
180
Lesson 7 Managing Advanced Application Security
10. Click the SQL Editor button and examine the SQL for this view.
SELECT A.OPRID, A
.OPRDEFNDESC
FROM PSOPRDEFN A
,PSOPRALIAS B
,PS_PERSONAL_DATA P
WHERE A.OPRID = B.OPRID
AND B.EMPLID = P.EMPLID
Note. Use PTTRN for the user name and password in this part of the activity.
4. Sign out.
Note. Use <<student name>>for the user name and password in this part of the activity.
5. Sign in and select PeopleTools, Security, User Profiles, Distributed User Profiles.
7. Compare this number of User IDs that return to the number in the previous section.
8. Sign out.
181
Managing Advanced Application Security Lesson 7
Activate domain.
Instructor Notes
The ROLESYNCEXT_MSG and ROLESYNCH_MSG messages update dynamic role membership. In the
training database, the domain associated with these messages might be inactive which prevents the
subscription PeopleCode in these messages from working.
Answer
Question Answer
194
Lesson 7 Managing Advanced Application Security
Activity Overview
Diane Loncarevic (DZL), Kathryn Kaplan (KLK), Todd Hersh (TAH), and Jeff Phey (JXP) are new training
managers. They are just the first of several new training managers coming to work for the company and so the
reporting team created a role query (TRN_MGR_ROLE_QRY) to select for training managers. Use this
query to implement dynamic role assignment to the Training Manager role. Configure, test, and run the query
rule.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
195
Managing Advanced Application Security Lesson 7
1. Select PeopleTools, Integration Broker, Service Operations Monitor, Administration, Domain Status.
Results
4. Select the Dynamic Members page and select the Query Rule Enabled check box.
196
Lesson 7 Managing Advanced Application Security
Question Answer
10. Click the Process Monitor link and observe that the process has completed successfully.
Results
This page shows the dynamic role membership for the DZL user ID:
197
Lesson 8 Auditing Security Tables
Instructor Notes
Question Answer
Why do no A or D rows exist for the TEST-FLA user? The component processor does not do the copy and delete.
SQL Developer
SQL Developer should be setup with a connection for the T1B85001 database. Here is an example of the
connection:
209
210
Auditing Security Tables
Lesson 8
Activity Overview
Enable the system to track field additions and deletions of the OPRID field and updates of the
OPRDEFNDESC field in the PSOPRDEFN record.
After you set up the audits, create a new user TEST-FLA. Use TEST-FLA as the password. Enter a description
and save the user. Change the description and save the user profile again.
Note. Use the T1B85001 database with the user name and password PTTRN in Application Designer and in
211
Auditing Security Tables Lesson 8
1. In the browser, select PeopleTools, Security, User Profiles, Copy User Profiles.
2. Enter PTEMPL in the User ID field and click the Search button.
Password TEST-FLA
212
Lesson 8 Auditing Security Tables
Note. If you get the message "Would you like to migrate from a previous release", click No. If Configure
File Type Associations is displayed, click Cancel. If the tip of the Day is displayed, click Close.
3. Double-click T1B85001.
Question Answer
Results
The additions and changes to the user profiles are stored in the PSAUDIT table:
213
Auditing Security Tables Lesson 8
214
Auditing Security Tables Lesson 8
Slide 115
Duration
226
Lesson 8 Auditing Security Tables
Activity Overview
Create the AUDIT_PSOPRDEFN table to track changes made to the OPRID and OPRDEFNDESC fields in
the PSOPRDEFN table. Audit for any additions, deletions, and selective changes.
Copy the PTEMPL user profile, make a change to the copy, and then delete the copy.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
227
Auditing Security Tables Lesson 8
AUDIT_OPRID
AUDIT_STAMP
OPRID
OPRDEFNDESC
4. Make the fields AUDIT_OPRID, AUDIT_STAMP and AUDIT_ACTN required and keys.
5. Double-click the AUDIT_STAMP field, select the Use tab, and select the Auto-Update check box.
Results
228
Lesson 8 Auditing Security Tables
2. Select the Create Table check box and the Execute SQL now option.
4. In the Record Audit group box, enter AUDIT_PSOPRDEFN in the Record Name field.
Results
229
Auditing Security Tables Lesson 8
1. In the browser, select PeopleTools, Security, User Profiles, Copy User Profiles.
2. Enter PTEMPL in the User ID field and click the Search button.
230
Lesson 8 Auditing Security Tables
Password TEST-RLA
Results
231
Auditing Security Tables Lesson 8
232
Lesson 8 Auditing Security Tables
Test triggers.
Slide 120
Duration
In the SQL Developer, a second C appears in the third row. Ask students
Question Answer
Where does the second change come from? The record level audit wrote it to the
PS_AUDIT_PSOPRDEFN table because you didn't
remove the audit.
245
Auditing Security Tables Lesson 8
Activity Overview
Create a database level audit of the PSOPRDEFN table. Use the audit record that you created in the last
activity and audit the OPRID and OPRDEFNDESC fields for the addition of new rows and for the removal of
existing rows.
Create the trigger, create a new user profile, change the user profile, and then delete the profile and view the
audit results. Drop the trigger at the end of the audit.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
246
Lesson 8 Auditing Security Tables
5. On the Audit Triggers page, enter AUDIT_PSOPRDEFN in the Audit Record Name field.
Results
247
Auditing Security Tables Lesson 8
Note. The run status must be success before you can view the log/trace file.
10. On the Process List page, click the Details link for the TRGRAUDPROG process.
4. Click the Run Script icon or Press the F5 key to run the script.
Note. In the Script Output window, the last line should say grant execute succeeded. You may see an
error in the log because the script will try to drop the function GET_PS_OPRID if it already exists.
5. Right-click T1B85001 in the Connections list and select Open SQL Worksheet.
7. Click the Run Script icon or Press the F5 key to run the script.
Results
248
Lesson 8 Auditing Security Tables
1. In the browser, select PeopleTools, Security, User Profiles, Copy User Profiles.
2. Enter PTEMPL in the User ID field and click the Search button.
Password TEST-DBLA
5. Select the ID tab and add Myto the beginning of the description.
249
Auditing Security Tables Lesson 8
Results
250
Lesson 8 Auditing Security Tables
251
Lesson 9 Managing PeopleTools Security
Create roles.
Instructor Notes
269
Managing PeopleTools Security Lesson 9
Activity Overview
John Fitzsimmons, a PeopleSoft Enterprise consultant, is the implementation developer for the PeopleSoft
training administration application. Set up John Fitzsimmons' security by creating a new permission list, a
new role, and a new user profile.
Create a new permission list named CPTRNDEV. Use the charts in the activity detailed steps to determine the
menu access.
Grant Definition Security and Application Designer access. Use the charts in the activity detailed steps to
determine the level of access.
In the user profile, use ALLPAGES as the process profile permission list, PPDEV as the Primary permission
list, and NONE as the ID type. John's profile contains the Training Developer and PeopleSoft User roles.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
270
Lesson 9 Managing PeopleTools Security
2. Click the Add a New Value link and enter CPTRNDEV in the Permission List field.
Menu Components
9. Click the Definitions Permissions link and click the Full Access (All) button.
271
Managing PeopleTools Security Lesson 9
Activity No Access
15. On the Miscellaneous Permissions page, select Read Only for Access Profiles; for all other features,
select Full Access.
Creating Roles
To create the Training Developer role:
272
Lesson 9 Managing PeopleTools Security
Symbolic ID SYSADM1
5. Click the Edit Email Addresses link and enter this information:
6. Click the OK button and click OK again when you get a warning message.
7. Select the ID page, and then select None in the ID Type field.
12. To verify John's access, sign in as JFITZ and verify that he has the appropriate permissions.
273
Managing PeopleTools Security Lesson 9
Slide 137
Duration
284
Lesson 9 Managing PeopleTools Security
Question Answer
Were you able to open the page? (PSU_COURSE) No (The TOOLS1 group secures this definition.)
Question Answer
Were you able to open the page? No (After creating the new group, any definitions in the
(PSU_STUDENT_PERS) group are automatically excluded from all permission lists
and students will not be able to open the definitions.)
Were you able to open the page? Yes (Once the page is included in a permission list, they
have access to the page.)
Question Answer
What message do you get and why? Read Only (The PEOPLETOOLS group is included on the
permission list PPDEV as Read Only. Students will be
able to view PeopleTools definitions, but cannot modify
them. It is recommended that the PEOPLETOOLS group
be defined as Read Only.)
285
Managing PeopleTools Security Lesson 9
Activity Overview
Create the TRNDEV definition security group. Insert the PSU_COURSE and PSU_STUDENT_PERS pages,
and the PSU_COURSE_TBL and PSU_STUDENT_TBL records into the group. Finally, assign the new
group to the PPDEV permission list and test.
Note. Use the T1B85001 database with the user name and password JFITZ in this activity.
286
Lesson 9 Managing PeopleTools Security
Note. Use JFITZ for the user name and password in this part of the activity.
4. Select File, Open, Page, select the PSU_COURSE page, and answer this question:
9. Double-click the PSU_COURSE and PSU_STUDENT_PERS pages to move them into the left column.
11. Double-click the PSU_COURSE_TBL and PSU_STUDENT_TBL records to move them into the left
column.
15. Open the PSU_STUDENT_PERS page in the PeopleSoft Application Designer and answer this question:
Question Answer
287
Managing PeopleTools Security Lesson 9
Question Answer
Question Answer
Question Answer
288
Lesson 9 Managing PeopleTools Security
Slide 138
Duration
289
Managing PeopleTools Security Lesson 9
Activity Overview
Create the TRMGR security group. The TRMGR security definition group secures the query definitions
associated with training courses. All of these queries begin with the TRN prefix. Assign this group to the
PPMGR permission list.
Create the TRCOURSE security group. The TRCOURSE security definition group secures the definitions
associated with training courses. Assign this group to the PPDEV and PPMGR permission lists.
Menu PSU_TRAINING
Component PSU_COURSE
Component PSU_CRS_SESSN
Page PSU_COURSE
Page PSU_CRS_ENROLL
Page PSU_CRS_SESSN
Record PSU_COURSE_TBL
Record PSU_CRS_SESSN
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
290
Lesson 9 Managing PeopleTools Security
Results
291
Managing PeopleTools Security Lesson 9
3. Select TRCOURSE and click the single left arrow button to move it to the left column.
292
Lesson 9 Managing PeopleTools Security
7. Select TRMGR and TRCOURSE and click the single left arrow button.
Results
293
Managing PeopleTools Security Lesson 9
Instructor Notes
298
Lesson 9 Managing PeopleTools Security
Activity Overview
Sign into Application Designer as PTTRN and activate Change Control Locking.
Then, sign in as JFITZ and open the PSOPRDEFN record definition and the OPRID field to examine Change
Control features.
When you have explored change control features, sign in as PTTRN and turn off Change Control Locking.
299
Managing PeopleTools Security Lesson 9
Note. Use PTTRN for the user name and password in this part of the activity.
Note. Use JFITZ for the user name and password in this part of the activity.
Note. If you set Tools, Options to automatically reload last project at startup, you will receive a message
to open the project in read-only mode. Select the Yes button.
2. Notice the two new buttons on the toolbar (Locked and Unlocked).
3. Select File, Open and select Record from the Definition drop-down list box.
5. Click the Open button and notice the message that you receive.
6. Click the Yes button and notice that the Lock button is enabled.
300
Lesson 9 Managing PeopleTools Security
Project Test
Incident ID 0466
8. Click the OK button and notice that the Unlock button is enabled.
Note. Use PTTRN for the user name and password in this part of the activity.
15. Expand the record folder in the project and compare the project workspace with the Results section.
16. Sign out of Application Designer and do not save the project.
Results.
Note. Use JFITZ for the user name and password in this part of the activity.
301
Managing PeopleTools Security Lesson 9
Project Test
Incident ID 0466
Results
Note. Use PTTRN for the user name and password in this part of the activity.
5. Click the OK button to dismiss the message that all users must log off.
302
Encrypting Data Lesson 10
Instructor Notes
Answers
These are the answers to the questions in the activity:
Question Answer
Question Answer
What is the name of the algorithm chain? 3DES CBC B64 DECRYPT
Why is this algorithm third, not second? Because this chain has to be in reverse order to the first
algorithm chain.
334
Lesson 10 Encrypting Data
Question Answer
Question Answer
Copy the ciphertext by dragging or using the Ctrl + C command. You can copy the ciphertext even though the
field is display only.
Students can copy the initialization vector value from the InitVector.txt file in the D:\Labs\Security folder.
335
Encrypting Data Lesson 10
Activity Overview
Look at the 3DES CBC B64 DECRYPT and 3DES CBC B64 ENCRYPT algorithm chains. Notice the triple
DES algorithms in these chains.
Define the TRIPLE DES ENC B64 encryption profile to use the 3DES CBC B64 ENCRYPT algorithm chain.
Enter a hexadecimal initialization vector and choose cc_encrypt as the SYMMETRICKEY value.
Create the TRIPLE DES DEC B64 encryption profile as the decryption partner to the first encryption profile.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
336
Lesson 10 Encrypting Data
2. Click the Search button and select 3DES CBC B64 ENCRYPT from the search results.
Question Answer
Question Answer
3. Select 3des_ks168_cbc_encrypt.
Question Answer
Note. Click the Last link in the scroll area header to see the second keyset ID.
337
Encrypting Data Lesson 10
Question Answer
2. Select TRIPLE DES ENC B64 in the Profile ID field and click the Search button.
5. Delete the current plaintext and paste the ciphertext into the field.
Results
338
Lesson 10 Encrypting Data
339
Encrypting Data Lesson 10
Slide 160
Instructor Notes
344
Lesson 10 Encrypting Data
Activity Overview
In this activity, you will encrypt a password using the pscipher utility in PeopleSoft Internet Architecture.
Open the node FILEOUT and add an encrypted password to the properties.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
345
Encrypting Data Lesson 10
2. Select FILEOUT.
7. Click Encrypt.
9. Click Save.
Results
346
Lesson 10 Encrypting Data
347
Lesson 11 Using Digital Certificates
Instructor Notes
377
Using Digital Certificates Lesson 11
Activity Overview
In this activity, you will: import a root certificate into the database keystore.
Create a private and public key pair. When you generate the request, you will copy the CSR as though you
were going to navigate to request the signed public key.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
378
Lesson 11 Using Digital Certificates
2. Right-click the CACert.cer file, select Open With, and then select Notepad from the list of programs.
Type Root CA
Alias Training
8. Paste the contents from CACert.cer into the long edit box.
Result
379
Using Digital Certificates Lesson 11
Alias PSFT_TRN
380
Lesson 11 Using Digital Certificates
Organization Oracle
Results
381
Lesson 11 Using Digital Certificates
2. Generate a CSR.
Instructor Notes
393
Using Digital Certificates Lesson 11
Activity Overview
Use the keytool utility to generate a private and public key pair for the interop.jks Java keystore. After you
generate the public key, generate a CSR for the key. Access the .csr file and view it.
394
Lesson 11 Using Digital Certificates
2. Enter cmd in the Run field and press the Enter key.
Note. Remember to replace the text within the angle brackets as appropriate.
395
Using Digital Certificates Lesson 11
Results
This is the command prompt showing the keyEntry in the certificate list:
Note. Remember to replace the text within the angle brackets as appropriate.
8. Press Enter.
9. Use Windows Explorer and navigate to D:\temp to verify that the file was generated.
396
Lesson 11 Using Digital Certificates
10. Right-click the <your_initials>_csr.csr file, select Send To and then select Notepad.
Results
This is the command prompt showing the keyEntry in the certificate list:
397
Using Digital Certificates Lesson 11
Slide 184
Duration
398
Lesson 11 Using Digital Certificates
Activity Overview
Access and examine the CA root certificate. Then, use the Keytool utility to import the CACert.cer root
certificate into the Java keystore.
399
Using Digital Certificates Lesson 11
Results
2. Enter cmd in the Run field and press the Enter key.
400
Lesson 11 Using Digital Certificates
3. Enter the following command (or copy it from D:\Labs\Security\Activity17a.txt), replacing text within the
angle brackets as appropriate:
keytool -import -alias Root_CA_Key -file D:LabsSecurityCACert.cer -
keypass password -keystore
D:\PeopleTools\webserv\peoplesoft\applications\peoplesoft\pspc.war\WEB-
INF\classes\interop ks -storepass interop
5. Verify that the new key exists by entering the following command (or copying it from
D:\Labs\Security\Activity17b.txt:
Results
This is the result of importing the root certificate into the Java keystore:.
401
Lesson 12 Securing Processes
Instructor Notes
Answer to Questions
This is the answer to the question:
Question Answer
439
Securing Processes Lesson 12
Activity Overview
In tis activity you will:
Validate that the permission list CPTRNDEV has access to the page PSU_INACT_4.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
440
Lesson 12 Securing Processes
Question Answer
Results
441
Securing Processes Lesson 12
Results
442
Lesson 12 Securing Processes
Results
443
Securing Processes Lesson 12
Activity Overview
In this activity, you will:
1. Access the CPTRNDEV permission list and set the following process profile permissions.
File %%OutputDirectory%%
Printer %DefaultPrinter%
Update By Owner
Note. Use the T1B85001 database. Use PTTRN for the user name and password in the first part of this
activity. Then use JFITZ for the user name and password in the second part of this activity.
448
Lesson 12 Securing Processes
Note. Use PTTRN for the user name and password in this activity.
3. Select the Process page and click the Process Profile Permissions link.
4. Enter the values as shown in the activity overview for the process profile.
Results
449
Securing Processes Lesson 12
2. Select the JFITZ user profile and click the Search button.
4. Enter P1 in the Run Control ID field and click the Add button.
Results
450
Securing Processes Lesson 12
Slide 206
Duration
Answers
These are the answers to the questions in the activity:
Question Answer
In PeopleTools 8.50.05 there is an issue with Query prompting that causes a more cryptic message to be
displayed in the Message log. Patch 05 was necessary to fix some other issues so that is the patch level for
this class.
460
Lesson 12
461
For Instructor Use Only.
This document should not be distributed.
Securing Processes Lesson 12
Activity Overview
Managers need access to a number of reports and processes. In this activity, you will:
1. Create a new process group TRNMGR with access to the CRS_BY_BU and XMLP_STU_EXP processes
4. Add a process profile to the permission list CPTRNRPT using the following:
File %%OutputDirectory%%
Printer %DefaultPrinter%
View By All
Update By Owner
5. Associate the CPTRNRPT permission list with the Training Manager role, and add CPTRNRPT as the
process profile for JFUNG user profile.
6. Run the processes CRS_BY_BU and XMLP_STU_EXP to test James Fung's permissions.
Note. Use the T1B85001 database. Use PTTRN for the user name and password in the first part of this
activity. Use JFUNG for the user name and password in the second part of this activity.
462
Lesson 12 Securing Processes
Note. Use PTTRN for the user name and password in this part of this activity.
13. Click the Insert row button in the Process Groups grid.
Results
463
Securing Processes Lesson 12
12. Click the Edit Pages link for the PSU_RUN_STUDENT component.
464
Lesson 12 Securing Processes
Results
Results
465
Securing Processes Lesson 12
4. Enter the values as shown in the activity overview for the process profile.
Results
466
Lesson 12 Securing Processes
Note. Use JFUNG for the user name and password in this part of this activity.
1. Select XML Publisher Training, Run XMLP Reports, Run Student Report.
Question Answer
5. Click OK.
6. Select XML Publisher Training, Run XMLP Reports, Run Course by BU.
467
Securing Processes Lesson 12
Results
468
Lesson 12 Securing Processes
Slide 207
Duration
Notes on Activity
Question and answer
Question Answer
Why is run not enabled? JFUNG does not have Process Group authority to run the
report.
The other two reports that JFUNG ran require parameters. Here is set up for the other reports:
469
Securing Processes Lesson 12
CRS_BY_BU
Bookmark
470
Lesson 12 Securing Processes
XMLP_STU_EXP
Bookmark
471
Securing Processes Lesson 12
Activity Overview
In this activity, you will:
1. Set up the Reporting Console as JFUNG using the default preferences and add a folder Training to My
Favorites. Add the process SQR Report DDDAUDIT to the Training folder.
2. Edit the process DDDAUDIT to run from the Reporting Console and run the report.
Note. Use the T1B85001 database with the user name and password JFUNG in this activity.
472
Lesson 12 Securing Processes
12. Click the Search button and the Process List appears.
Results
The bookmark has been added, but you can't run the report from the Reporting Console.
473
Securing Processes Lesson 12
2. Select the Enable Generic Prompting check box and click OK.
Question Answer
7. Click OK.
9. Click Schedule.
Note. To refresh the view collapse and then expand the folder.
Results
The DDDAUDIT ran successfully and you can view the report from the Reporting Console.
474
Lesson 12 Securing Processes
475
Administering Query Security Lesson 13
Activity Overview
Access the training reports (CPTRNRPT) permission list. Then, grant rights to the Query Manager
(QUERY_MANAGER) component, and save the permission list.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
484
Lesson 13 Administering Query Security
5. Add a new row and enter QUERY_MANAGER for the Menu Name.
9. Click Save.
Results
485
Administering Query Security Lesson 13
Slide 215
Instructor Notes
490
Lesson 13 Administering Query Security
Activity Overview
Create a query profile for the CPTRNRPT permission list. Use the chart in the activity detailed steps to
complete the profile.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
491
Administering Query Security Lesson 13
2. Enter CPTRNRPT as the permission list and click the Search button.
4. Click the Query Profile link and enter the following information:
Results
492
Lesson 13 Administering Query Security
493
Administering Query Security Lesson 13
Slide 221
Duration
506
Lesson 13 Administering Query Security
Activity Overview
Create the PSU Security Tables (QRY_TREE_SECURITY) query tree. Create the Security Tables
(SECURITY_TABLES) root node. Create the System Security Tables (SYS_SEC_TBLS) child group.
Create the User Security Tables (USER_SEC_TBLS) child group to authorize the PSOPRDEFN,
PSOPRCLS, PSOPRALIAS, and PSOPRALIAS_VW record definitions.
507
Administering Query Security Lesson 13
Note. Use PTTRN for the user name and password in this part of the activity.
Category TOOLS
508
Lesson 13 Administering Query Security
Results
509
Administering Query Security Lesson 13
Accessible Selected
7. Click OK.
Results
510
Lesson 13 Administering Query Security
1. Click the Query Profile link and enter the following information:
Results
511
Administering Query Security Lesson 13
Note. Use JFITZ for the user name and password in this part of the activity.
Results
512
Lesson 13 Administering Query Security
Slide 226
Instructor Notes
Duration
519
Administering Query Security Lesson 13
This table describes access groups and records that the JFUNG user ID inherits through the COURSE01
permission list:
This table lists all of the queries for which the two users have permissions:
User Query
JFITZ 13 queries
PSU_TRNLOC_TBL is in the root TRAIN_DEPT and
JFITZ does nor have access.
JFUNG 27 queries
The profile includes other permission lists that also have
access to queries.
The PTTRN user ID sees all queries because that ID has access to all tables. The PTTRN user ID inherits the
ALLPAGES permission list, which has the definition security group ALL DEFINITIONS.
520
Lesson 13 Administering Query Security
Activity Overview
Create a query security tree for the training department. The tree should have this structure:
Finally, test to see that the JFUNG and JFITZ user IDs have the necessary authorizations to create and run
queries for the records in the diagram, and verify their access to run the queries in the activity results.
521
Administering Query Security Lesson 13
Note. Use PTTRN for the user name and password in this part of the activity.
Category TOOLS
Results
522
Lesson 13 Administering Query Security
Results
523
Administering Query Security Lesson 13
Record ORD_DTL
Record PSU_TRNLOC_TBL
8. Click Add.
Record PSU_COURSE_TBL
Record PSU_INSTR_TBL
524
Lesson 13 Administering Query Security
Record PSU_CRS_SESSN
Results
525
Administering Query Security Lesson 13
Results
526
Lesson 13 Administering Query Security
527
Administering Query Security Lesson 13
7. Sign out.
Note. Use JFITZ for the user name and password in this part of the activity.
Question Answer
Question Answer
5. Sign out.
Note. Use JFUNG for the user name and password in this part of the activity.
6. Sign in as JFUNG/JFUNG.
Question Answer
11. Click the Search button and compare the page to these results:
Results
These are the results of verifying access for the JFUNG user ID:
528
Lesson 13 Administering Query Security
1. Select XML Publisher Training, Run XMLP Reports, Run Course by BU.
3. Click Run.
4. Click OK.
6. Click Refresh.
Results
JFUNG has access to the report and the underlying query, so the report will run to Success.
529
Lesson 14 Maintaining Portal Registry Security
Slide 238
Duration
551
Maintaining Portal Registry Security Lesson 14
Activity Overview
Review the security for the Training Tasks folder located under the folder Set Up Training, and then add the
content reference PSU_TASK to the permission list SETUP01. After adding the component to the permission
list, observe how the system automatically updated folder level security.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
552
Lesson 14 Maintaining Portal Registry Security
4. Select the Cascade check box for the PSU1000 permission list.
9. Select the Folder Security page and notice the inherited permissions.
Results
553
Maintaining Portal Registry Security Lesson 14
2. Select SETUP01 as the permission list and click the Search button.
11. Click the Edit link for the Training Tasks folder.
Results
The SETUP01 permission list was added to the security for Training Tasks folder:
554
Administering Signon Security Lesson 15
Slide 253
Instructor Notes
SELECT COUNT (*) FROM 1 Security error: see note Login failed: see note
PSSTATUS
Note. The security error will state that the SELECT permission is denied on the table being queried.
When logging in as JFITZ, students will get an error stating that the login failed for JFITZ because they were
unable to connect to the server.
When running commands as people you will get table or view does not exist for all 4 statements.
584
Lesson 15 Administering Signon Security
Activity Overview
Using these SQL commands, query the T1B85001 database using SYSADM as the login ID and SYSADM as
the password. Use the table to repeat the queries with the other IDs and passwords and to record the results:
SYSADM/SYSAD
SQL Command M people/peop1e JFITZ/JFITZ
585
Administering Signon Security Lesson 15
3. Enter the following SQL commands. After you enter each SQL command, highlight it and press the F9
key to run the command. Enter the number of rows returned in the appropriate line of the table:
7. Click Test.
12. Copy the commands from the first worksheet to your new worksheet.
13. Try running the commands, one line at a time and answer this question?
Question Answer
586
Lesson 15 Administering Signon Security
587
Administering Signon Security Lesson 15
Activity Overview
Implement password controls. Set passwords to expire after 5 days. Test the PTTRN user ID and change the
password to PTTRN1.
Next, force the password for the CROTH user ID to expire upon next sign in. Test the password expiration.
Finally, turn off password controls and change the password for the PTTRN user ID back to PTTRN.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
600
Lesson 15 Administering Signon Security
2. Enter PSWDEXPR in the Permission List field and click the Search button.
2. Select the Invoke As option and enter PTINT in the User ID and Password fields.
Note. Use PTTRN for the user name and password in this part of the activity.
601
Administering Signon Security Lesson 15
6. Sign out.
10. Select the Password Expired check box and save the profile.
12. Sign in using CROTH for the user name and password to verify that the password for the CROTH user ID
has expired.
Note. Use PTTRN for the user name and password in this part of the activity.
602
Lesson 15 Administering Signon Security
8. Sign out.
603
Administering Signon Security Lesson 15
Instructor Notes
Duration
Activity Information
Point out to the students that JFITZ uses the CPTRNDEV permission list, which has the email password
feature enabled. If you select other users such as PTTRN, you get an error message when you test, even if you
create the hints.
Email Error
In the activity test section, the application does generate a new password when you enter the correct
credentials for JFITZ. Because there is no email access in the classroom, the system displays the SMTP error.
To demonstrate to students that the password is no longer JFITZ, they sign in and receive the invalid user
credentials error.
620
Lesson 15 Administering Signon Security
Activity Overview
The entire implementation team, including John Fitzsimmons, is leaving for a three-week technical training
conference in Costa Rica. You know they are likely to forget their passwords while away.
Enable the necessary forgotten password options. Create the forgotten password permission list
(MAILPSWD) and grant the necessary pages, component interfaces, and web libraries. Create the Forgotten
Password role. Set up the public user profile (GUEST). Set up the Forgot My Password Hint page. Set up the
Forgot My Password Email Text page.
Note. Use the T1B85001 database with the user name and password PTTRN in this activity.
621
Administering Signon Security Lesson 15
9. Click the Select All button and then click the OK button.
15. Click the Full Access (All) button and then click the OK button.
19. Click the Full Access (All) button and then click the OK button.
23. Click the Full Access (All) button and click the OK button.
622
Lesson 15 Administering Signon Security
Results
3. Enter Forgotten Password in the Role Name field, and then click the Add button.
6. Enter MAILPSWD in the Permission List field, and then click the Save button.
Results
2. Enter GUEST as the user profile and click the Search button.
623
Administering Signon Security Lesson 15
Results
These are the results of assigning the Forgotten Password role to the public user:
2. Enter DEV as the profile name and click the Search button.
6. Click Save.
3. Enter MOM in the Password Hint ID field and then click the Add button.
624
Lesson 15 Administering Signon Security
7. Enter PET in the Password Hint ID field and then click the Add button.
10. Select PeopleTools, Security, Password Configuration, Forgotten Password Email Text.
Results
Note. Use JFITZ for the user name and password in this part of activity.
1. Sign in.
625
Administering Signon Security Lesson 15
Response Rover
3. Open a new browser session and paste the text into the address field of the browser.
4. In the URL, change the machine name to match the workstation machine name.
7. Enter JFITZ as the user ID and then click the Continue button.
626
Configuring Single Signon Lesson 16
Activity Overview
Configure single signon between the T1B85001 and T1C85001 databases. Use the PTTRN user ID to test the
configuration. Single signon has been set up on the T1C85001 database.
Note. In this activity, you will use both the T1B85001 and T1C85001 databases, use PTTRN for the user
name and password in both databases.
646
Lesson 16 Configuring Single Signon
It uses Password Authentication. The password does not display , but it is 123.
8. Click Return
It is a remote node.
It uses Password Authentication. The password does not display , but it is 123.
Password 123
12. Access the Connectors tab and click the Ping Node button.
647
Configuring Single Signon Lesson 16
6. Sign on as PTTRN/PTTRN.
10. Enter User Profiles - T1C for the Name and click the Done button.
648
Lesson 17 Maintaining Security Definitions Among Multiple Databases
Instructor Notes
Note. Point out that students will be transferring permission lists and roles from the T1B85001 database to the
T1C85001 database. The definitions will transfer because both databases are at the same PeopleTools release
level.
659
Maintaining Security Definitions Among Multiple Databases Lesson 17
Activity Overview
Copy the COURSE01 and SETUP01 permission lists and the Instructor Manager role to the T1C85001
database.
Transfer all user profiles from the T1B85001 database to the T1C85001 database.
Note. Use PTTRN for the user name and password in this activity.
660
Lesson 17 Maintaining Security Definitions Among Multiple Databases
8. Enter SETUP01 in the Name field and click the Insert button.
11. Enter Instructor Manager in the name field and click the Insert button.
12. Double-click Instructor Manager or highlight it and click the Insert button.
16. Sign in to the T1C85001 database, using PTTRN as the user ID and password.
20. Open the PeopleSoft Application Designer for the T1C85001 database.
23. Select the Upgrade tab and verify the SEC_DEFNS_PRJ project and its security definitions.
661
Maintaining Security Definitions Among Multiple Databases Lesson 17
1. Open the PeopleTools folder on the desktop and double-click Data Mover.
Database T1B85001
Password PTTRN
10. Open the PeopleTools folder on the desktop and double-click Data Mover.
Database T1C85001
User ID PTTRN
Password PTTRN
662
Lesson 17 Maintaining Security Definitions Among Multiple Databases
18. Select File, Exit and click Yes to save the script.
19. Sign on to the browser for T1C85001 database as the <<student name>> user ID and password.
663
Lesson 17 Maintaining Security Definitions Among Multiple Databases
Instructor Notes
679
Maintaining Security Definitions Among Multiple Databases Lesson 17
Activity Overview
Configure the T1B85001 database for default user profile synchronization with the T1C85001 database. Then
test the implementation by changing your password in the T1B database and verifying that it changed in the
T1C database.
680
Lesson 17 Maintaining Security Definitions Among Multiple Databases
Results
681
Maintaining Security Definitions Among Multiple Databases Lesson 17
2. Select PeopleTools, Integration Broker, Service Operations Monitor, Administration, Domain Status.
Note. If the dispatchers do not show ACT, then change the Domain Status to Inactive and click Update.
Change the Domain Status back to Active and click Update again.
682
Lesson 17 Maintaining Security Definitions Among Multiple Databases
Results
3. Select the user profile you created in activity 3 (your first initial and last name).
6. Select PeopleTools, Integration Broker, Service Operations Monitor, Monitoring, Asynchronous Services.
Results
683
Maintaining Security Definitions Among Multiple Databases Lesson 17
3. Select the user profile you created in activity XX (your first initial and last name).
Results
684
Lesson 17 Maintaining Security Definitions Among Multiple Databases
Slide 297
Duration
1. On the B database, select PeopleTools, Integration Broker, Service Operation Monitor, Monitoring,
Asynchronous Services.
3. Check the Status for the latest USER_PROFILE service operation it will say Error.
691
Maintaining Security Definitions Among Multiple Databases Lesson 17
7. In the C database, select PeopleTools, Integration Broker, Integration Setup, Service Operations.
12. In the B database, click the Resubmit button on the Details page for the transaction.
692
Lesson 17 Maintaining Security Definitions Among Multiple Databases
Activity Overview
In this activity, you will set up configurable user profile synchronization. Use these steps to set it up:
2. Examine the USER_PROFILE.VERSION_XFR message in the B database and identify the fields that
will not be copied.
3. Enable the security PeopleCode option used for configurable user profile synchronization.
4. Activate the USER_PROFILE_XFR service operation on the C database and activate the appropriate
5. Test user profile synchronization by changing the Process Profile, Primary Permission List and Employee
ID for a user profile in the B database.
693
Maintaining Security Definitions Among Multiple Databases Lesson 17
4. Expand the record PSOPRDEFN in the message tree at the bottom of the page.
Results
Enable CopyRowsetDeltaOriginal_mod
To enable CopyRowsetDeltaOriginal_mod:
694
Lesson 17 Maintaining Security Definitions Among Multiple Databases
4. Click Save.
5. Select the check box for SYNC_USER_FROM_B routing and click the Inactivate Selected Routing
15. Select the check box for Any-to-Local routing and click the Activate Selected Routing button.
Results
695
Maintaining Security Definitions Among Multiple Databases Lesson 17
3. Select the user profile you created in activity 3 (your first initial and last name).
Primary CPTRNDEV
7. Click Save.
696
Lesson 17 Maintaining Security Definitions Among Multiple Databases
2. Select PeopleTools, Integration Broker, Service Operation Monitor, Monitoring, Asynchronous Services.
5. Select the user profile you created in activity 3 (your first initial and last name).
The Process Profile and Primary permission lists were not updated, however the Empl ID was updated.
697
Lesson 18 Configuring PeopleSoft Applications for Directory Authentication
Slide 316
Duration
Oracle Internet Directory has a number requirement for the password field. The password for all directory
entries is the user ID and the number one. For example, the password for BLOCH is BLOCH1.
739
Configuring PeopleSoft Applications for Directory Authentication Lesson 18
Activity Overview
Configure the T1B85001 database for directory authentication.
Verify that Signon PeopleCode is enabled. Configure and cache the TRAINING directory. Create the
TRAINING authentication and user profile maps. Next, test the configuration using the uid attribute.
Then, alter the authentication map to use the email address attribute for signon authentication.
The directory server contains all training users, including Betty Locherty:
740
Lesson 18 Configuring PeopleSoft Applications for Directory Authentication
Note. Use PTTRN for the user name and password in this part of the activity.
3. Select the Enabled check box for the LDAP_AUTHENTICATION function on the FUNCLIB_LDAP
record.
5. Select the Enabled check box for the LDAP_PROFILESYNCH function on the FUNCLIB_LDAP record.
Results
741
Configuring PeopleSoft Applications for Directory Authentication Lesson 18
Password oratrain1
Port 389
Results
742
Lesson 18 Configuring PeopleSoft Applications for Directory Authentication
Directory ID TRAINING
Directory ID TRAINING
SeqNum 1
Results
743
Configuring PeopleSoft Applications for Directory Authentication Lesson 18
3. Enter TRAINING in the Map Name field and click the Add button.
ID Type NON
744
Lesson 18 Configuring PeopleSoft Applications for Directory Authentication
Attribute Name cn
Results
This is the first page of the results of creating user profile maps:
745
Configuring PeopleSoft Applications for Directory Authentication Lesson 18
3. Sign out.
746
Lesson 18 Configuring PeopleSoft Applications for Directory Authentication
User ID BLOCH
Password BLOCH1
6. Sign out.
Note. Use PTTRN for the user name and password in this part of the activity.
User ID BLocherty@ccb.com
Password BLOCH1
8. Sign out.
747
Lesson 18 Configuring PeopleSoft Applications for Directory Authentication
Instructor Notes
When you test the dynamic role rule, James Fung's name returns. When you run the role rule, the rule does
not dynamically assign James Fung to the Training Manager role because you already assigned that role to
him when you created his user profile.
753
Configuring PeopleSoft Applications for Directory Authentication Lesson 18
Activity Overview
Set up a dynamic role rule based on directory information. Then, implement that role online.
In the Oracle Internet Directory, the DS_Manager group contains two members:
754
Lesson 18 Configuring PeopleSoft Applications for Directory Authentication
Description Training
4. In the Build Filter section, click the triangle to expand the scroll.
Attribute cn
Operation =
Value DS_Manager
Results
755
Configuring PeopleSoft Applications for Directory Authentication Lesson 18
8. Click Yes.
Results
You should see two directory users and four query users:
756
Lesson 18 Configuring PeopleSoft Applications for Directory Authentication
6. Enter BLOCH in the User ID field and then click the Search button.
Results
The Training Manager role is present as a dynamic role for Betty Locherty:
757
Configuring PeopleSoft Applications for Directory Authentication Lesson 18
758