Definition Security

Definition Security is used to control access to PeopleSoft definitions through Application Designer. By default a group called PEOPLETOOLS is delivered. Within this group are all the definitions that are read-only to all users except those with permission lists that contain the group.

If a definition is secured through definition security, you'll soon know about it when you open it in Application Designer and get the following message:

definition_security_not_authorized.png

You are not authorized to update the field because it belongs to the PeopleTools group and chances are you won't have security access to the group. More information about definition security is available in PeopleBooks using the search keywords: Definition Security.

The definition security tool is available through Application Designer — Go > Definition Security. It is a simple tool to manage definition security groups and associate them with permission lists. To use it, choose File -> Open -> Group and select the default group, PEOPLETOOLS. This brings up a list of all definitions in the PEOPLETOOLS group. Select your definition type from the drop down (e.g. Records) and let it load all records (can take some time).

definition-security-tool.png

Anything on the left hand side is not excluded from this group, which means that it cannot be altered. Anything on the right hand side is excluded and can be altered. So, find the appropriate definition and move it from the left to the right hand side (not excluded to excluded) using the single right arrow. Double arrows move everything from one side to the other. Finally chose, File -> Save to save your changes. Your object can now be modified. You should always put the definition back into the group after you're done. So repeat the process moving from the right hand side (excluded list) to the left hand side (not excluded).

The SQL below shows fields in the PeopleTools group (secured) and those excluded from the group (free for developers to work with).

The underlying tables for definition security include:

  • PSOBJGROUP - Object group definitions
  • PSOPROBJ - Operator object group

As delivered you can see that there is no permission list with access to the PEOPLETOOLS object group:

select * 
from PSOPROBJ 
where OBJGROUPID = 'PEOPLETOOLS' 
and DISPLAYONLY <> 1;

What this query is searching for is any rows in the PSOPROBJ record that have the PEOPLETOOLS group included (not display only which means excluded).

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License