Security | Essential roles when setting up a new user
A. New User Profiles
Typically, new User IDs are created by copying the profile of an existing user. However, how do you deal with creating a new User ID from scratch? You may be reluctant to copy one of the delivered PeopleSoft profiles as these do not contain the exact access that you require. Or more likely, you are not 100% sure exactly what powers you are granting to the user. This is especially a problem when you are creating a ‘guest’ type of account, and you want to make sure the user only has the most basic level of security.
This post considers the essential security roles needed to set up a basic user profile.
B. Essential Roles for General Users
Firstly, any user that requires front end access should have the following Roles as a minimum:
- HCM SOA Services Portal Access – provides access to the basic portal components.
- PeopleSoft User – grants access to the core pages in the system, such as ‘Change Password’ and ‘Query Viewer’. In some cases, ‘PeopleSoft User’ is considered too powerful for general users, so the security administrator ends creating a copy of the ‘PeopleSoft User’ Role and ‘PTPT1000’ Permission List, editing the access as required.
- Standard Non-Page Permissions – grants access to basic PeopleTools objects other than pages and components. This Role should not be amended. Again, create a copy if you wish to make changes.
C. Essential Roles for Guest Users
If the user is a ‘guest’ user (a user that does not need to pass through an authentication procedure to enter the system), the following security Roles should be included:
- HCM SOA Services Portal Access
- PeopleSoft Guest – equivalent to ‘PeopleSoft User’ but more restricted in access
- Standard Non-Page Permissions
D. Other Important Roles
Finally, here are a few other important Roles. Typically these are only necessary for certain types of users:
- PeopleTools – required for developer access.
- Portal Administrator – also required for developers who need to update the portal structure and content
- ReportDistAdmin – required to access process log files for all users across the system. Any user lacking this role will only be able to see their own log files.
- Security Administrator – required for any super-user who needs the ability to update user profiles, roles, permission lists, etc.