Defining Application Security

To define application security, use the Security Profile Definition (RSEC_PROFILE_DEFN), Security Membership Definition (RSEC_MEMBER_DEFN), Security View Definition (RSEC_VIEW_DEFN), Security Function Definition (RSEC_FUNC_DEFN), Security Function Group (RSEC_FUNC_GROUP), Security Object Definition (RSEC_OBJECT_DEFN), Security Builder (RSEC_BUILDER_RUN), Security Static Transfer Menu (RSEC_STAT_MENU) components.

This topic discusses how to define application security.

Page Name

Definition Name

Usage

Security Object Page

RSEC_OBJECT_DEFN

Define the characteristics of the security object.

Add Membership List (Definition) Page

RSEC_MEMBER_SMRY

Enter the membership list name and description.

Add Membership List (Object) Page

RSEC_SRTY_WIZ1

Select the membership list security object (Customer, Person, or Role) that you want to add.

Add Membership List (Type) Page

RSEC_SRTY_WIZ2

Select the type of addition to use, either Static to select from a list of object members, or Dynamic to build a SQL query to define criteria for the list.

Customer Static Member List - Add Membership List Page

RSEC_ML_CUSTOMER

Select the customers that you want to add to the membership list from the static list.

Person Static Member List - Add Membership List Page

RSEC_ML_PERSON

Select the individuals from the static list that you want to add to the membership list.

Role Static Member List - Add Membership List Page

RSEC_ML_ROLE

Select the roles from the static list that you want to add to the membership list .

Note: Roles are static and are therefore not available dynamically from a query.

Customer Search - Add Membership List Page

RSEC_CUSTOMER_SRCH

Specify the criteria to use in the query to dynamically select customers for the membership list.

Person Search - Add Membership List Page

RSEC_PRSN_SRCH

Specify the criteria to use in the query to dynamically select individuals for the membership list.

Add View List (Definition) Page

RSEC_VIEW_SMRY

Enter the view list name and description.

Add View List (Object) Page

RSEC_SRTY_WIZ1

Select the view list security object (Catalog, Customer, Hold Code, or Performance Metric) that you want to add.

View List (Type) Page

RSEC_SRTY_WIZ2

Select type of addition to use, either Static to select from a list of objects, or Dynamic to build a SQL query to define criteria for the list.

Catalog Static View List - Add Customer to View List Page

RSEC_VL_CATALOG

Select the catalogs from the static list that you want to add to the view list.

View List Page

RSEC_VIEW_SMRY

Select the catalogs from the static list that you want to add to the view list.

Customer Static View List - Add Customer To View List Page

RSEC_VL_CUSTOMER

Select the customers from the static list that you want to add to the view list.

Hold Static View List - Add View List Page

RSEC_VL_HOLD

Select the hold codes from the static list that you want to add to the view list.

Performance Metrics Security - Add View List Page

RSEC_VL_RA_METRICS

Select the performance metrics from the static list that you want to add to the view list.

Customer Search - Add View List Page

RSEC_CUSTOMER_SRCH

Specify the criteria to use in the query to dynamically select customers for the view list.

Functional Option Page

RSEC_FUNC_DEFN

Define functional options, including enabling amount-related fields, conditional operators, application classes, and messages.

Functional Option Group Page

RSEC_FUNC_GROUP

Group functional options.

Security Profile Page

RSEC_PROFILE

Define a security profile.

Security Profile - Membership Page

RSEC_PROFILEMEMBER

Add membership lists to the security profile.

Refresh Dynamic Lists Page

RSEC_BUILDER_RUN

Set run controls for the List Build process.

Static Menu Transfer Path Page

RSEC_STAT_MENU

Enter static menu transfer paths.

Use the Security Object page (RSEC_OBJECT_DEFN) to define the characteristics of the security object.

Navigation:

Set Up CRM > Security > CRM Application Security > Security Object > Security Object

This example illustrates the fields and controls on the Security Object page.

Security Object page

Field or Control

Description

Object Type

Select either Membership or View Privilege. The Object type determines whether the Security Object is used for defining Membership List or View List.

Field or Control

Description

View Record

View record is used to resolve the list of members for a dynamic membership or view list. The view record must be a distinct subset of the search record that is used in defining the search for dynamic criteria.

Field or Control

Description

Security List Record

Select the record where you want the system to store the results of the query or static list that is associated with the security object. The security list record may vary for each security object.

Field or Control

Description

Object Source Navigation

Select the object source to which you want the system to navigate while creating dynamic membership or view lists. Selecting the object source that corresponds to the security object that you are creating provides for the proper transfer of the object source during the creation of dynamic membership or view lists. Data searches that are enabled for application security are only available as part of the selection. It is important to choose the correct search definition for the security object.

Field or Control

Description

Static List Navigation

Select the static list that you want the system to navigate to during the creation of the security profile.

This is the navigation that is used for entering static list data or viewing static list data that is either dynamically created or manually entered. You set up static list navigations on the Static Menu transfer page. The system builds the Static List page with the static list record as a level 1 grid.

Cache Option

Select the cache option that you want the system to use for the security object. The caching option is mainly used for customer security. Basically, when a customer is added or updated in the Customer Data Model (CDM), it tells the system how often to cache the list members in the list tables and run the Application Engine job that creates the dynamic queries.

Field or Control

Description

Security Object Options

Select one or multiple security object options values:

  • Allow Dynamic Members: Select this check box if you want to create dynamic membership or view lists.

  • Allow Reuse: Select this check box if you want to create lists that can be associated with more than one security profile. If you clear this check box, the static or dynamic lists that you create can be attached to only a single security profile, and the security list record for these security objects will contain the security profile value.

    Note: This check box is used for performance reasons. When you select this check box, the system adds the security profile ID to the Security List Table. Using this option enables the system to make a three-table join and retrieve results quickly.

  • Secure All: Select this check box if you want the system to apply the view record on the security object definition. If you clear this check box, no security is applied on the view record. Clearing this check box also causes applications to skip the security check.

    Note: This check box is used for performance reasons. For example, if one of your security profiles is set up to give access to All, the security API will not return any data. It is implied that the calling application would display everything. In this situation users in Order Capture Administration have access to all hold codes. When the Order Capture application calls the Security API, the Security API gives the administrators access to all hold codes. In the code for the Order Capture application the system doesn't have to create an extra Where clause to show the filtered list of hold codes.

    Note: If you clear this check box, the SQL API returns a state status of three (3). If the SQL string that is returned contains SQL, then security must be applied. Empty strings cause the system to skip the security check. ERROR (or some other constant) indicates that the context has access to no security profiles and zero rows should be returned.

  • Allow All: Select this check box if you want the system to display the All field when you are adding view or membership lists to the security profile.

  • Allow Multiple Members: Select this check box if you want the system to display the Multiple Listas an available option when you are creating a view or membership lists.

  • Allow Single Member: Select this check box if you want the system to display the Single Member as an available option when you are creating a view or membership list.

  • Show In Wizard: Select this check box if you want the system to display the security object as a selectable option in the drop-down list box when you are creating membership or view lists.

Related Security Objects

Select the security objects that you want to be available with a security profile. For example, if a Membership-type security object is defined and associated with two related View-type security objects, then if a Security Profile is created using the same Membership object, only the two related objects that were specified on the Security Object page will be visible as options in the Security Object drop down list that appears after selecting the Add View List option for that Security Profile.

Warning! Note that as delivered, the system is designed to only process certain combinations of membership and view objects, and that these combinations apply only to certain products (applications) within the system. These combinations are shown in the accompanying table. Only these combinations should be used when setting up your data. Other combinations are not supported in the system as delivered, and would require customized coding to implement.

When adding values to the Related Security Objects field, the supported combinations are:

Membership Object

View Object

Product (Application Usage)

CUSTOMERMEMBER (Customer)

CATALOG (Catalog)

Order Capture

PERSON (Person)

CATALOG (Catalog)

Order Capture

PERSON (Person)

HOLDCODE (Hold Code)

Order Capture

ROLE (Role)

HOLDCODE (Hold Code)

Order Capture

Use the Add Membership List (definition) page (RSEC_MEMBER_SMRY) to enter the membership list name and description.

Navigation:

Set Up CRM > Security > CRM Application Security > Add Membership List > Add Membership List

This example illustrates the fields and controls on the Add Membership List (definition) page .

 Add Membership List (definition) page

Enter a name for the membership list that you want to create. Select the Active status. Enter text that describes the type of membership list that you are creating.

Use the Add Membership List (object) page (RSEC_SRTY_WIZ1) to select the membership object and the members to which you want the security object to apply.

Navigation:

Click Next at the bottom of the Add Membership List (definition) page.

This example illustrates the fields and controls on the Add Membership List (object) page.

Add Membership List (object) page

Field or Control

Description

Security Object

Select the security object that you want to use for your membership list:

  • Customer

  • Person

  • Role

Note: You can also create your own security object and select it from this list. You would, however, need to call the delivered security APIs at runtime to access security.

Membership Applies To

Indicate to whom you want the membership list to apply. Select:

  • All: Select if you want to the membership list to apply to all members associated with the security object.

  • Multiple Members: Select if you want the membership list to apply to select group of members that are associated with the security object. When you click Next, the system displays the next Add Membership List page, where you can select the membership type that you want to use (either dynamic or static).

  • Single Member: Select if you want the membership list to apply to a single member associated with the security object. When you click Next, the system displays the page that is associated with the security object (either customers, persons, or roles).

Next

Click to go to the next page. The system displays a new page based on the selections that you have made on the previous Add Membership List pages.

Use the Add Membership List (type) page (RSEC_SRTY_WIZ2) to specify whether you want to select objects (customers, or persons) from a static list or dynamically using a SQL query.

Navigation:

Select Dynamic and then click Next at the bottom of the Add Membership List (object) page.

This example illustrates the fields and controls on the Add Membership List (type) page.

 Add Membership List (type) page

Field or Control

Description

Membership Type

Select from these values:

  • Dynamic: Select to choose a dynamic list of members. When you click Next, a search page appears based on the security object that you selected on the second Add Membership List page.

  • Static: Select to choose a static list of members. When you click Next, a page appears based on the security object that you selected on the second Add Membership List page.

Next

Click to go to the next page. The system displays a new page based on the selections that you made on the previous pages.

Use the Customer Static Member List - Add Membership List page (RSEC_ML_CUSTOMER) to select the customers from the static list that you want to add to the membership list.

Navigation:

With the security object of Customer selected on the Add Membership List (object) page, select Static, and then click Next at the bottom of the Add Membership List (type) page.

This example illustrates the fields and controls on the Customer Static Member List - Add Membership List page.

Customer Static Member List - Add Membership List Page

Select the SetID and customer that you want to add to the membership list. Click the Add Customer button to add new customer members.

Use the Role Static Member List - Add Membership List page (RSEC_ML_ROLE) to select roles from the static list that you want to add to the membership list.

Navigation:

With the security object of Role selected on the Add Membership List (object) page, select Static, and then click Next at the bottom of the Add Membership List (type) page.

This example illustrates the fields and controls on the Role Static Member List - Add Membership List page.

Role Static Member List - Add Membership List page

Select the role that you want to add to the membership list. Click the Add Role button to add new member roles.

Use the Add View List (definition) page (RSEC_VIEW_SMRY) to enter the view list name and description.

Navigation:

Set Up CRM > Security > CRM Application Security > Add View List > Add View List

This example illustrates the fields and controls on the Add View List (definition) page.

Add View List (definition) page

Enter a name for the view list that you want to create. Select the Active status. Enter text that describes the type of view list that you are creating.

Use the Add View List (object) page (RSEC_SRTY_WIZ1) to select the view list security object (Catalog, Customer, Hold Code, or Performance Metric) that you want to add.

Navigation:

Click the Next button from the Add View List (definition) page.

This example illustrates the fields and controls on the Add View List (object) page.

Add View List (object) page

Field or Control

Description

Security Object

Select the security object that you want to use for your view list. Choose from one of these delivered values:

  • Catalog

  • Customer

  • Hold Codes

  • Performance Metric

Note: You can also create your own security object and select it from this list.

View Applies To

Select one of these values to indicate to whom you want the view list to apply:

  • All: Select this value if you want the view list to apply to all members associated with the security object.

  • Multiple Members: Select this value if you want the view list to apply to select group of members that are associated with the security object. When you click Next, the system displays the next Add View List page, where you can select the view type that you want to use (either dynamic or static).

  • Single Member: Select this value if you want the view list to apply to a single member associated with the security object. When you click Next, the system displays the page that is associated with the security object (either hold codes, catalogs, performance metrics, or customers.

Next

Click to go to the next page. The system displays a new page based on the selections that you made on the previous Add View List pages.

Use the Add View List (type) page (RSEC_SRTY_WIZ2).to select type of addition to use, either Static to select from a list of objects, or Dynamic to build a SQL query to define criteria for the list.

Navigation:

Select type of addition to use, either Static to select from a list of objects, or Dynamic to build a SQL query to define criteria for the list.

This example illustrates the fields and controls on the Add View List (type) page.

Add View List (type) page

Field or Control

Description

View Type

Select one of these values:

  • Dynamic: Select to define criteria for a dynamic list of members that you want included in your view list. When you click Next, a search page appears based on the security object that you selected on the second Add View List page.

  • Static: Select to choose a static list of members. When you click Next, a page appears based on the security object that you selected on the second Add View List page.

Next

Click to go to the next page. The system displays a new page based on the selections that you made on the previous pages.

Use the Customer Static View List - Add Customer To View List (RSEC_VL_CUSTOMER) to select the customers from the static list that you want to add to the view list.

This example illustrates the fields and controls on the Add View List (static) page.

 Customer Static View List - Add Customer To View List page

This page displays different fields based on the security object that you selected on the previous page. Select the setID (if this field appears) and the catalog, customer, hold code, or performance metric that you want to add to the view list.

Use the Customer Search - Add View List page to specify the criteria to use in the query to dynamically select customers for the view list.

This example illustrates the fields and controls on the Customer Search - Add View List page.

Customer Search - Add View List page

Select or enter the criteria that you want to use to create a view list. The system uses the criteria that you select to create a dynamic view list. To see the results of the criteria that you enter, click the Preview button. When you are satisfied with the results, click the Finish button at the bottom of the page.

Use the Functional Option page (RSEC_FUNC_DEFN) to define functional options, including enabling amount-related fields, conditional operators, application classes, and messages.

Navigation:

Set Up CRM > Security > CRM Application Security > Functional Option > Functional Option

This example illustrates the fields and controls on the Functional Option page (1 of 2).

Functional Option page (1 of 2)

This example illustrates the fields and controls on the Functional Option page (2 of 2).

Functional Option page (2 of 2)

Field or Control

Description

Functional Option and Description

Enter a name for the functional option and then enter a description.

Field or Control

Description

Revoke Wins

Conflicts may happen when a user is associated with multiple security profiles using functional options that conflict or when the same security profile has overrides for conflicting functional options. Select this check box if you want the system to not override the security for the functional option that you are creating when there are conflicts within or among different security profiles.

Note: If one functional option group grants an option and another revokes it, the revoke takes precedence. If the Revoke Wins check boxes are not selected in the same scenario, the option is granted.

Field or Control

Description

Related to Amount

Select to enable amount-related fields during the setup of functional option groups and specific functional options within the security profile.

Field or Control

Description

Maximum Amount Wins

Select this check box to indicate that you want the maximum amount to win when there are functional options that conflict within or among different security profiles

Field or Control

Description

Use Conditional Operator

Select to enable the conditional operator field during the setup of functional option groups and specific functional options within the security profile for amount-related fields.

Field or Control

Description

Base Currency

Select the currency that is used most often for the functional option that you are creating.

Field or Control

Description

Application Class ID, Application Class Path, and Option Value Translate Field

Use these fields if you are writing PeopleCode programs required to evaluate the functional option. Select the ID and path of the application class that the system carries out when a user accesses the function or when the program runs. Also, you can specify a value translate field with values that will be interpreted by the calling application to perform a specific functional action. For example, the display template uses a translate field that makes the fields display-only or changeable.

See Understanding Display Templates.

Field or Control

Description

Message Set Number and Denial Reason

Select the message that you want the system to display if a user is denied access to the function.

Use the Functional Option Group page (RSEC_FUNC_GROUP) to group functional options.

Navigation:

Set Up CRM > Security > CRM Application Security > Functional Option Group > Functional Option Group

This example illustrates the fields and controls on the Functional Option Group page.

Functional Option Group page

Use functional option groups to group functional options. You may then associate the functional option groups with security profiles. Creating functional option groups and using them with security profiles can help make security maintenance faster and more efficient.

Field or Control

Description

Functional Option Group and Description

Enter a name for the functional option group and then enter a description.

Functional Option Tab

Field or Control

Description

Functional Option

Select the functional options that you want to include in the functional option group.

Option Value

Select the value that you want to use for the functional option. This field is available for entry only if a translate field was set up on the functional option.

Revoke

Select this check box if you want the system to override the security for the functional option when there are conflicts within or among different security profiles.

Note: Revoke applies to the functional option only (for example, does a user have authorization to transfer money). If one functional option group says yes and another says no, the functional option that has the Revoke Wins check box selected wins and resolves the conflict.

For transfer amounts, there is another type of conflict resolution called Max Amount Wins. In this situation, if one functional option group gives you access to 2000 USD and another gives you access to 3000 USD, the maximum amount wins and you have the authority to transfer up to 3000 USD.

Add Function Option

Click to add a new row in the functional option grid.

Amount Related Tab

The fields that appear on this page are used if the functional option is associated with an amount field.

Field or Control

Description

Conditional Operator

Select the conditional operator (for example, equal to, less than, greater then, and so on) that you want to use for the functional option.

Field or Control

Description

Amount

Enter the amount that you want associated with the conditional operator for the functional option.

Field or Control

Description

Denial Reason

Select the reason that you want the system to display if the user is denied access to the transaction related to the functional option.

For example, let's say you have given order capture representatives the ability to override prices. At some point in the season, you may want all of them to be denied from overriding prices on the items that you sell. You can go to the functional option group definition and set the Revoke Wins check box. From that point onward, the order capture representatives are denied from doing price overrides. You can set up similar situations for leads, opportunities, cases, and so on.

Use the Security Profile page (RSEC_PROFILE) to define a security profile.

Navigation:

Set Up CRM > Security > CRM Application Security > Add Security Profile > Security Profile

This example illustrates the fields and controls on the Security Profile page.

Security Profile page

Defining security profiles involves the granting of view lists and/or functional options. You then grant or associate one or multiple membership lists with the security profile. An enterprise administrator or enterprise channel manager should know how to create and maintain security profiles, as well as understand how security is impacted when a security profile changes.

Warning! Inactivating a security profile removes the associated membership and view lists

Field or Control

Description

Name and Description

Enter a name for the security profile and then enter a description.

Add Functional Option Group

Click to access the Functional Options Group page, where you can select the functional option groups that you want to include in the security profile. You can also use this page to view the functional options that are associated with the functional option group. The Enterprise Administrator who is assigning the Functional Option Groups must be aware of the groups that make sense for a given Membership list. Out of the box, all functional options and functional options groups that are delivered by PeopleSoft work with the 'Role' Security Membership Object.

Add View List

Click to access the Add View List page, where you can select the view lists that you want to include in the security profile.

Run button

Click to access the Refresh Dynamic Lists page, where you can set up a process to periodically refresh the lists that you have associated with the security profiles that you created. View lists and Membership lists that are built based on dynamic criteria are refreshed.

Use the Security Profile - Membership page (RSEC_PROFILEMEMBER) to add membership lists to the security profile.

Navigation:

Set Up CRM > Security > CRM Application Security > Add Security Profile > Membership

This example illustrates the fields and controls on the Security Profile - Membership page.

Security Profile - Membership page

Field or Control

Description

Add Membership List

Click to access the Add Membership List page, where you can select the membership lists that you want to include in the security profile.

Run button

Click to access the Refresh Dynamic Lists page, where you can set up a process to periodically refresh the lists that you have associated with the security profiles that you created. View lists and Membership lists that are built based on dynamic criteria are refreshed.

Use the Refresh Dynamic Lists page (RSEC_BUILDER_RUN) to set run controls for the List Build process.

Navigation:

  • Set Up CRM > Security > CRM Application Security > Refresh Dynamic Lists > Refresh Dynamic Lists

  • Click Run from the Security Profile page.

This example illustrates the fields and controls on the Refresh Dynamic Lists page.

Refresh Dynamic Lists page

Use this page to refresh the lists, security objects, and profiles that you have created to implement security for your PeopleSoft CRM environment. If the content of the lists, objects, and profiles changes frequently, you can set up this process to run daily, every few minutes, or every few hours.

Note: When a new user registers in Order Capture Self Service, they will not have immediate permission to view the product catalog. Application security needs to be triggered to get the appropriate product catalog access for the person who has just registered.

Field or Control

Description

Process Type

Select one of these values based on the type of list that you want to refresh:

  • Dynamic List Refresh.

  • New and Updated List Members.

  • Data Integrity.

Process Scope

Select one of these lists or objects that you want to refresh:

  • All Objects

  • Security Object

  • Security Profile

  • Membership List

  • View List

Note: If you select All Objects, you do not need to specify the objects that you want to refresh. If you select any other value, you must use the field that corresponds to your selection to select a list, profile, or object name.

Use the Static Menu Transfer Path page (RSEC_STAT_MENU) to enter static menu transfer paths.

Navigation:

Set Up CRM > Security > CRM Application Security > Static Menu Transfer Path > Static Menu Transfer Path

This example illustrates the fields and controls on the Static Menu Transfer Path page.

Static Menu Transfer Path page

Use this page to create static menu transfer paths for entering or viewing static list data that is either dynamically created or manually entered. The static list navigations that you create on this page appear in the Static List Navigation drop-down list box on the Security Object page. Static list navigation is used when you create a security profile.