What are dynamic role rules?
• The assignment of roles to User Profiles based on your business rules
• These business rules run against system(s) to assign PeopleSoft access
• Business rule data can reside in a number of places:
– PeopleSoft data
– 3rd party systems
– LDAP
• Allows your PeopleSoft security structure to change in an automated fashion
• The dynamic role rule process removes and grants access to User Profiles
Methods - Assigning dynamic role rules
• There are three technologies you can use to execute your business rules:
o PS/Query
o LDAP Plug-in
o PeopleCode
• One, two, or all three of the technologies listed above can be used
Building Role Rules - PS/Query
• PeopleSoft recommends using PS/Query to build role rules if the membership data resides in your PeopleSoft database
• Access is removed or granted based on the User Profile IDs retrieved by the query
• Can be built on Queries and/or Views
• Business rules can be built into the View and/or Query
• The assignment of roles to User Profiles based on your business rules
• These business rules run against system(s) to assign PeopleSoft access
• Business rule data can reside in a number of places:
– PeopleSoft data
– 3rd party systems
– LDAP
• Allows your PeopleSoft security structure to change in an automated fashion
• The dynamic role rule process removes and grants access to User Profiles
Methods - Assigning dynamic role rules
• There are three technologies you can use to execute your business rules:
o PS/Query
o LDAP Plug-in
o PeopleCode
• One, two, or all three of the technologies listed above can be used
Building Role Rules - PS/Query
• PeopleSoft recommends using PS/Query to build role rules if the membership data resides in your PeopleSoft database
• Access is removed or granted based on the User Profile IDs retrieved by the query
• Can be built on Queries and/or Views
• Business rules can be built into the View and/or Query
Assigning Roles - PeopleCode
• Membership data not contained within the PS database
• Data might exist on other 3rd party systems
• Extremely flexible
o SQLExec functions
o Business Interlinks
o Component Interfaces
Static role assignments
• Roles are assigned to User Profiles manually
• Not scalable
• All security changes require manual intervention
• High administration costs
• High margin for human error
• Membership data not contained within the PS database
• Data might exist on other 3rd party systems
• Extremely flexible
o SQLExec functions
o Business Interlinks
o Component Interfaces
Static role assignments
• Roles are assigned to User Profiles manually
• Not scalable
• All security changes require manual intervention
• High administration costs
• High margin for human error
