Can anyone help me with the script (or table names to be checked) to check for users who have PT access? Thanks in advance
Date: 20 Mar 2009 08:30
Number of posts: 4
RSS: New posts
As you probably know, PeopleTools access is set by permission list:
PeopleTools > Security > Permissions & Roles > Permission Lists > [Open a Permission List] > PeopleTools tab
The PeopleTools access you will find on this page is for:
- Application designer
- Data mover
- Definition security access
- Query access
- Performance monitor PPMI
The table PSAUTHITEM is what determines which permission lists have access to what PeopleTools through menus.
So you need to know the menu associated with each of the PeopleTools applications:
|Performance Monitor PPMI||PERFMONPPMI|
How did I work all this out? Open the Permission Lists > PeopleTools page in application designer (its called ACL_MISCTOOLS, then click view definition on each of the PeopleTools links (Application Designer, Data Mover etc). Each link is stored in the work record MISCTOOLS_WRK and the PeopleCode for the fields on this record contain the queries against PSAUTHITEM. Note that the application designer one is a little bit more tricky as it contains secondary pages.
Once you know the menus, it is just a matter of querying the relevant menus, finding permission lists with access, and identifying which users have those permission lists. Here's a query that does this for the APPLICATION_DESIGNER menu:
select OC.OPRID, OC.OPRCLASS from PSOPRCLS OC where OPRCLASS = 'PSADMIN' or OPRCLASS in ( select CLASSID from PSAUTHITEM where MENUNAME = 'APPLICATION_DESIGNER' and AUTHORIZEDACTIONS >= 1 ) order by OC.OPRID, OPRCLASS
Note that this query takes into account the PeopleSoft Administrator role (permission list PSADMIN) as users with this role will also have access to PeopleTools.
This query only checks authorized actions is > 1 (some action available - e.g. add, update, update/display or correction). If you need to know exactly what the authorized actions are, you would need to return each bar in the menu and check the authorized actions. This article explains authorized actions in more detail.
I am wondering if someone is given the application designer rights through menus, will the person be able to make use of the rights?
I understand that there is a need to install peopletools as application designer cannot be assess through the web. Can peopletools be easily installed and use on a client pc?
PeopleTools (application designer/data mover/configuration manager etc) can be installed relatively easily on a PC, you do need to know a bit about how to connect to the database though. See this article on installing PeopleTools locally for further information.