PeopleSoft Security Interview Questions & Answers

Question 1. What Are The Different Delivered Security Sets And How Do They Function?

Answer :

The different security sets are: - Department, People with jobs, People without jobs, US federal people with jobs, Recruiting job openings and template based hire.

For each security set, admin can enable or disable the access type. Based on this setup, the system will decide the type of security. For example, department security will be driven based on department tree, which is one access type or it can be driven by department setid which is another access type for the security set department.

For POIs with no job rows, to define security, the security set People without jobs is used. The other options are access types like location, business unit or institution. So, the one which is enabled, will drive the security.

Question 2. What Is Sjt_opr_cls?

Answer :

SJT_OPR_CLS: Contains the User IDs with their data permission lists.

Question 3. What Is Sjt_person?

Answer :

SJT_PERSON: Contains transaction data for the people (employees, contingent workers, Person of Interest). It has row level security attributes (SetID, DeptID etc) for all the employees.

Question 4. What Is Sjt_class_all?

Answer :

SJT_CLASS_ALL: Contains the data permission information for all the data permission lists that are given data access on the ‘Security by Dept Tree’ page or ‘Security by Permission List’ page.

Question 5. What Is Row Level Security? What Are The Different Ways To Design Row Level Security?

Answer :

Row level security is also known as Data Permission Security. It determines the access given to a user for all/specific set of rows through any PeopleSoft component which can be delivered or custom. For a row, access to all the fields is given.

Row level security restricts user’s access to a subset of rows based on the value within a field in the record. That field could be department, job location, job company, job salary grade etc. There are certain PeopleSoft delivered security sets and access types which can be used as a basis of restriction. For e.g., restrict access for a user (using Job data component) to all the employees having a value of ‘SALES’ for the department field in the current effective dated job row.

Question 6. How Is Field Level Security Controlled In Peoplesoft?

Answer :

There is no delivered security for field level, i.e. no configurable control exists for field-level access for a user. If there is a requirement of field level security, then it has to be done at the level of PeopleCode, i.e. programmatically.

Question 7. Suppose If A Person Is Assigned Row Security For A Department, Will He Have Access To All The Child Departments As Well? If Yes, Is There A Way We Can Restrict Access To One Of Those?

Answer :

By default, the user will have access to employees of all the child departments. Although, access to employees in a child department can be restricted through data permission list. To define the security profile of a department tree, navigate to: Setup HRMS -> Security -> Core Row Level Security -> Security by Dept Tree. For the particular row security permission list, access codes can be set to ‘No Access’ for a child department to restrict access.

Question 8. What Are Security Join Tables? Why Is It Necessary To Refresh Sjt Processes?

Answer :

PeopleSoft system stores security data in user and transaction Security Join Tables. (SJTs).

User SJTs are:

• SJT_OPR_CLS: Contains the User IDs with their data permission lists.
• SJT_CLASS_ALL: Contains the data permission information for all the data permission lists that are given data access on the ‘Security by Dept Tree’ page or ‘Security by Permission List’ page.

Transaction SJTs are:

• SJT_PERSON: Contains transaction data for the people (employees, contingent workers, Person of Interest). It has row level security attributes (SetID, DeptID etc) for all the employees.
• SJT refresh processes have to be run to keep security data (in user and transaction SJTs) up to date so that the system enforces data permission using the most current information.

Question 9. Suppose When A User Is Tied To A Primary Permission List How Does It Decide The Department Data Access For The Employee? Where And How Is This Mapping Done?

Answer :

User is tied to a primary permission list in user profile table. This permission list is tied to a setid and deptid in the security setup. This can be done by navigating to Setup HRMS -> Security -> Core row level security -> Security by dept tree. All the departments that get tied here against the permission list are accessible to the user.

Question 10. I Wish To Give Access Of A Page Which Shows The Usa Flag To A User But Wish To Exclude Some Of The Components. How Can I Do That? Explain The Steps?

Answer :

Any user whose Primary Permission List is set up to show a particular country will show its flag as well. The navigation for the same is: Setup HRMS -> Security -> Component and Page Security -> Setup Global Security. If the US flag has to be shown to the user, USA should be selected in the country prompt. There is a link to ‘Excluded Components’ in the panel, which can be used to exclude certain components.

Question 11. Explain The Flow Of Setting Up Application Security. When A New Functionality Is Released How Do We Setup A User In Ps To Get Access To It?

Answer :

When a new functionality needs to be provided access for users, then roles and permissions are used. The functionality is associated to a menu—component—page. So the user needs to get access to the page in one of the various modes like: Add, update or view only. For this, the menu – component – page layer is tied to a permission list. This permission list is then attached to a role and the user is then provided this role through user profile. As a result user will be able to access the functionality.

Question 12. Describe The Flow Of Setting Up Application Security. When A New Functionality Is Released How Do We Setup A User In Ps To Get Access To It?

Answer :

When a new functionality needs to be provided access for users, then roles and permissions are used. The functionality is associated to a menu—component—page. So the user needs to get access to the page in one of the various modes like: Add, update or view only. For this, the menu – component – page layer is tied to a permission list. This permission list is then attached to a role and the user is then provided this role through user profile. As a result user will be able to access the functionality.

Question 13. If An Organization Does Not Fit To Be Position Driven Then What Are The Other Options In People Soft To Setup The Hierarchy?

Answer :

If the organization is not fit to be position driven, then the other options available are:

By Person: In this approach, job codes are used to classify job data into groups. Job codes have one to many relationships with employees, i.e. multiple employees can have the same job code. Jobs to be performed are identified in the organization. Job codes can be shared across departments, locations or companies.

Partial Position: There might be a situation wherein the system has to be driven by both the approaches – by person and by position. In this case, partial position management can be implemented. Driving by position might work for certain departments or executive levels whereas others can be person driven.

Question 14. Can You Explain I Wish To Give Access Of A Page Which Shows The Usa Flag To A User But Wish To Exclude Some Of The Components. How Can I Do That? Explain The Steps?

Answer :

Any user whose Primary Permission List is set up to show a particular country will show its flag as well. The navigation for the same is: Setup HRMS -> Security -> Component and Page Security -> Setup Global Security. If the US flag has to be shown to the user, USA should be selected in the country prompt. There is a link to ‘Excluded Components’ in the panel, which can be used to exclude certain components.

Question 15. When A User Is Tied To A Primary Permission List How Does It Decide The Department Data Access For The Employee? Where And How Is This Mapping Done?

Answer :

User is tied to a primary permission list in user profile table. This permission list is tied to a setid and deptid in the security setup. This can be done by navigating to Setup HRMS -> Security -> Core row level security -> Security by dept tree. All the departments that get tied here against the permission list are accessible to the user.

Question 16. Do You Know How Is Security By Department Tree Different Than Security Access Types?

Answer :

Security by department tree defines which setid and deptid a permission list has access to. Security access types are different ways in which security can be driven for a security set. For example department security can be driven by department tree or department setid. Both these are security access types which belong to security set department.

Question 17. How Is Security By Department Tree Different Than Security Access Types?

Answer :

Security by department tree defines which setid and deptid a permission list has access to. Security access types are different ways in which security can be driven for a security set. For example department security can be driven by department tree or department setid. Both these are security access types which belong to security set department.

Question 18. If I Am Able To See The Brazil Flag In A Component By Means Of Global Security, Will I Be Able To See Brazil Employees Too?

Answer :

No, you would not be able to see Brazil employees. Global Security grants you the permission to see a particular flag and not the data. Access to employees is given by means of Row level Security.

Question 19. Suppose Organization Xyz Uses Ps Department Security. There Are 4 Levels In The Department Tree 1,2,3 And 4 With 4 Being At The Top Of The Tree. If A Manager A Is In Dept 3 And Has 2 Direct Reports In The Same Department. Can The Direct Reports View Data

Answer :

If the direct reports are also in department 3 then they can see the data for employees in department 2 and 1 only. They cannot see the data for a population which is above their department tree node. Since 4 is above 3 they cannot see the data.

Question 20. Suppose Organization Abc Uses Department Security With Dept 1 As The Parent Department. Dept 2 Is The Child Of Dept 1, Dept 3 And Dept 4 Are The Child Of Dept 2. A Person Is Given The Read/write Access To Dept 1. Which Departments Will He Have Access To? Can We Restrict The Access To Dept 3? If Yes, How?

Answer :

Since Dept 1 is the parent department and read/write access is given for Dept 1, the user will have access to all the departments under Dept 1, i.e. Dept 2, Dept 3 and Dept 4.

Yes, we can restrict the access to Dept 3 by giving ‘No Access’ to Dept 3 while defining the access code for Dept 3 on the Security be Dept Tree page of the respective permission list.