PeopleSoft is a metadata-driven application, meaning that all its building blocks are stored within database tables.
PeopleSoft Security is no exception to this.
Understanding the tables related to Permission Lists and Roles can be useful when writing queries to troubleshoot access issues. For instance, you may want to determine why a user cannot access a specific page or find out which pages a user can access.
PeopleSoft Security is a broad topic. In this post, we will primarily focus on the meta-tables used for Permission Lists and Roles. Additionally, we will examine a few other tables that are part of the security model.
User and Role Tables
| Record Name | Description | Remarks |
|---|---|---|
| PSOPRDEFN | Operator Definition | The main user table listing all the OPRIDs. Nav: PeopleTools > Security > User Profiles > User Profiles | General page |
| PSROLEUSER | Role User | This table shows the roles assigned to users. Nav: PeopleTools > Security > User Profiles > User Profiles | Roles page |
| PSROLEDEFN | Role Definition | The table that defines Roles. Nav: PeopleTools > Security > Permissions and Roles > Roles | General page and Workflow page |
| PSROLECLASS | Role Classes | This table lists the Permission Lists associated with a Role as shown on the Roles | Permission Lists page. |
| PSROLEMEMBER | Role Members | This table lists the users assigned this Role as shown on the Members page. |
| PSROLEDYNMEMBER | Dynamic Role Members | This table lists the users that have been dynamically assigned this Role as shown on the Dynamic Members page |
| PSROLECANGRANT | Roles That Can Be Granted | This table lists the Roles that can be granted by this Role as shown on the Role Grant page. |
| PSROLEGRANTORVW | Roles That Can Grant – View | This table lists the Roles that can grant this Role as shown on the Role Grant page. |
Permission List Tables
| Record Name | Description | Remarks |
|---|---|---|
| PSCLASSDEFN | Permissions Lists Definition | The table that defines Permission Lists. Nav: PeopleTools > Security > Permissions and Roles > Permission Lists |
| PSAUTHITEM | Authorized Menu Item | This table lists all the Menu Items that a Permission List has access to. The value of the AUTHORIZEDACTIONS field decides the level of access. These are the decimal values of the possible authorisation actions. 1 – Add 2 – Update Display 4 – Update/Display All 8 – Correction 128 – Data Entry For all the authorised actions for a Menu Item, these numbers are added together and stored in the So if the value in the AUTHORIZEDACTIONS filed is 15, it means that the Permission List provides Add (1), This table is used on the Pages, PeopleTools, Web Libraries and Definition Security pages |
| PSAUTHPRCS | Authorized Process Groups | Lists all the Process Groups that the Permission list has access to. Nav: PeopleTools > Security > Permissions and Roles > Permission Lists | Process |
| PSPRCSPRFL | Process Profile | Lists the Process Profile Permissions that the Permission list has. PeopleTools > Security > Permissions and Roles > Permission Lists | Process |
| PSAUTHSIGNON | Authorized Sign-on Period | The table is used to define authorised signon periods for users, specifying when they are allowed to access the system. PeopleTools > Security > Permissions and Roles > Permission Lists | Sign-on Times |
| PSAUTHBUSCOMP | Authorized Comp.Interfaces | This table lists all the Component Interfaces that a Permission List has access to. |
| PSAUTHWS | Authorized Web Services | This table lists all the Web Services that a Permission List has access to. |
| PSAUTHAS | Authorized Application Service | This table lists all the Application Services that a Permission List has access to. |
| PS_SCRTY_ACC_GRP | Access Group Security | This table lists the Query Security Trees / Access groups that the Permission List has access to. Query page |
| PS_SCRTY_QUERY | PS/Query Profile | The table is used to define what Query-related privileges the Permission List has for example, allow the creation of Role queries. Query page |
| PSQRYACCLSTRECS | Query Access Record List | Populated by the Query Access List process. Stores details of which permission list has access to what records. |
| PSPTSCRTY_ADS_A | ADS Access Group Security | Application Data Sets related security listing Trees and Access Groups. This record is used on the Data Migration page |
| PSPTSCRTY_ADS_P | ADS Process Profile Security | ADS compare report related permissions. This record is also used on the Data Migration page |
| SCRTY_SRCHGRP | Search Group Authorizations | Permissions related to Search Groups Search Groups page |
| PSOPROBJ | Operator Object Group | Definition Security groups the Permission List has access to. |
| PS_PTACM_ACCESSTBL | Automated Configuration Management Templates that the Permission List has access to. This is used on the ACM Templates page |
|
| PSAUTHOPTN | Permissions related to Personalization Options This is used on the Personalizations page. |
|
| PSCLASSDEL | Maintains a list of all Permission Lists that were deleted. | |
| PSPERMORIGIN | Permission Creation Tracking | Maintains a list of all Permission Lists that were copied from another one. |
| PSAUTHCB | Authorized Chat Bot Apps | |
| PSAUTHCHNLMON | Msg Monitor Channel Security | |
| PSAUTHQUEUEMON | Msg Monitor Channel Security | |
| PSAUTHMP | Mobile Page Access | |
| PSPURGEPERMLIST | Permissions List Purge History |
As you can see, some of these tables are not well documented. So if you have more info on any of them, please let me know in the comments.
