Data permission is controlled using
Transaction Security Data and User Security Data.
Transaction Security Data
Certain transaction fields on a
transaction data row are used to secure access to that row. The data in these
fields is called transaction security data.
When the value of the transaction
security data matches the value that a user can access (user security data),
the system makes the entire row of data available to the user.
Data
Type
|
Transaction
Component & Record
|
Fields
Available for Transaction Security Data
|
Departments
|
Departments
component (DEPARTMENT_TBL)
Record: PS_ DEPT_TBL
|
|
Job openings
|
Job Opening page
(HRS_JO_360)
Record: PS_HRS_JOB_OPENING
|
|
Employees
Contingent workers
POIs with jobs
|
Add Employment
Instance component (JOB_DATA_EMP)
Add Contingent
Worker Instance component (JOB_DATA_CWR)
Add POI Instance
component (JOB_DATA_POI)
Job Data component
(JOB_DATA)
Record: PS_JOB
|
|
POIs without jobs
|
Add a POI
Relationship component (PERS_POI_ADD)
Maintain a Person's
POI Reltn component (PERS_POI_MAINTAIN)
Record: PS_ PER_POI_SCRTY
|
|
Note: If a person is created without a job data record or POI type
record, the system will save the person as a POI without job with a POI Type of
Unknown.
Only users with data permission access
to unknown POIs can access their data and create either a job data or POI type
record for them.
User Security Data
User security data enables the system
to ensure that users have access only to that which you have granted them
access. Data permission is granted to row security (tree-based) permission lists
(ROWSECCLASS) and regular (role-based) permission lists (CLASSID).
Note: When you add a permission list to the Security by Dept. Tree
component, the system saves it as ROWSECCLASS. Row Security Permission List is
assigned to users on the Row Security field (User Profile – General page).
Note: You can use the same permission list as a row security
permission list and a role-based permission list by adding it to both the
Security by Dept Tree component and Security by Permission List component and
then adding them to the user on the User Profile - General page and by way of
roles.
Data
Type
|
Security
Page
|
Record
|
Row security
permission lists
|
Security by Dept
Tree page
|
SCRTY_TBL_DEPT
|
Role-based
permission lists
|
Security by
Permission List page
|
SJT_CLASS
|
Permission lists
assigned to roles
|
Roles - Permission
Lists page
|
PSROLECLASS
|
Roles assigned to
users
|
User Profile -
Roles page
|
PSROLEUSER
|
Row security
permission lists assigned to users
|
User Profile -
General page
|
PSOPRDEFN
|
Note: Data from PSROLECLASS, PSROLEUSER, and PSOPRDEFN is loaded
into SJT_OPR_CLS either automatically by the system, when you enable the
USER_PROFILE and ROLE_MAINT messages, or when Refresh SJT_OPR_CLS process is
run.
Also, data from SCRTY_TBL_DEPT and
SJT_CLASS is loaded into SJT_CLASS_ALL when Refresh SJT_CLASS_ALL process is
run.
Very interesting code. I also use Ideals virtual data room.
ReplyDelete