PeopleTools like all other portal navigation security is managed by permission lists. The delivered PeopleTools access permission list is PTPT1200. This is associated with the delivered PeopleTools role. If there hasn't been many changes related to PeopleTools security in your environment, it may simply be a matter of removing the PeopleTools role from the relevant user.
If this doesn't work then there are one or more permission list(s) associated with the user which is giving them access to the PeopleTools folder. In this case you'll need to check which permission lists show the PeopleTools folder.
To do this, you first need to look in:
- PeopleTools > Portal > Structure and Content
Find the PeopleTools folder, press the edit hyperlink and have a look at the folder security tab. These are the permission lists that allow the user to see the PeopleTools folder (PT_PEOPLETOOLS). This doesn't mean they can access the underlying components. It just means they can see the PeopleTools item on their navigation menu. What you are trying to find are the permission list(s) that let them see that.
Working with security, it is often easier to query the relevant information from the database. In this case, finding the permission list(s) which give the user access to the PeopleTools portal folder (PT_PEOPLETOOLS).
Remember to replace <OPRID> with the appropriate user's operator ID:
select
OC.OPRID,
OC.OPRCLASS as PERMISSION_LIST
from
PSPRSMPERM P inner join PSOPRCLS OC
on P.PORTAL_PERMNAME = OC.OPRCLASS
where
P.PORTAL_OBJNAME = 'PT_PEOPLETOOLS'
and PORTAL_NAME = 'EMPLOYEE'
and OC.OPRID = '<OPRID>'
order by
OPRID, PERMISSION_LIST;
You may find one of two things:
- The user shouldn't have the permission list
- The permission list shouldn't have accesss to the PeopleTools folder (and underlying items)
So you'll either need to remove the permission list from the user, or modify the permission list.
One very important exception to note about PeopleTools access is access to the process monitor. You may find quite a few users have access to the PeopleTools folder and just the Process monitor page which is quite legitimate.
If the permission list is giving too much access, look at menu security through the pages tab in:
- PeopleTools > Security > Permissions & Roles > Permission Lists
Then take away component security (edit components hyperlink) as appropriate.
Hope that helps.