This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Security

Browse and audit PeopleSoft security configuration: permission lists, roles, and users.

Security

psLens browses PeopleSoft security read-only: permission lists, roles, and users. Use it to audit access without writing SQL against PSOPRDEFN, PSROLEUSER, and PSAUTHITEM. Changes still have to be made in PeopleSoft.

  • Permission Lists — The granular access settings that define menu, component, and page authorizations.
  • Roles — Collections of permission lists assigned to users.
  • Users — User/operator accounts and their associated roles.

How Security Objects Relate

PeopleSoft security flows in one direction:

User → Roles → Permission Lists → Menus/Components/Functions

When investigating access, work from the bottom up:

  1. Start with the permission list that grants the specific access you’re concerned about.
  2. Find which roles include that permission list.
  3. Find which users have those roles.

Or work from the top down:

  1. Find the user whose access you want to understand.
  2. Look at their roles.
  3. Drill into each role to see its permission lists.

User detail pages link out to each role. Role pages link to permission lists and back to assigned users. You can follow an access chain in three clicks without writing a join.

Permission List detail showing properties and menu authorizations

Permission List detail view with properties, menu authorizations, and related data options

1 - Permission Lists

Permission Lists

URL: /permissionlists

Permission lists (PSCLASSDEFN, sometimes called classes) are the lowest-level grantable security object. Every menu, component, page, and function authorization attaches to one.

What You Can Do

  • View Full Definitions: See description, last modified information, and general settings.
  • View Authorizations: See which menus and components the permission list authorizes.
  • View Assigned Roles: See which roles include this permission list.
  • Sign-on Settings: View allowed sign-on times and other access constraints.

When It’s Useful

  • Auditing what access a particular permission list grants before assigning it.
  • Incident response: what could a compromised permission list have touched.
  • Finding permission lists that are overly broad (see also the Full Access Permission Lists report).

2 - Roles

Roles

URL: /roles

Roles (PSROLEDEFN) are named bundles of permission lists. Users get roles, not permission lists directly.

What You Can Do

  • View Included Permission Lists: See the list of permission lists assigned to the role.
  • View Assigned Users: See which users are assigned this role.
  • Metadata Inspection: See the role’s description and last modified information.

When It’s Useful

  • Understanding what an unfamiliar role grants.
  • Checking whether a role contains permission lists that are unexpectedly broad.
  • Finding all users who have a particular role.

3 - Users

Users

URL: /users

Users (PSOPRDEFN, historically called operators) are login accounts. Each carries a set of roles, a primary permission list, a row-security permission list, and a process profile. Search supports both OPRID and name.

What You Can Do

  • View Assigned Roles: See the roles assigned to a user.
  • Core Security Attributes: See primary permission list, row security permission list, and process profile.
  • Account Metadata: View account status (active/inactive), last login, and email address.
  • Password Settings: See password-related settings (whether a password is set, when it expires).

When It’s Useful

  • Checking what access a specific user has.
  • Reviewing user accounts during security audits.
  • Finding accounts that are inactive but still have broad role assignments.
  • Investigating who has access to a sensitive area of the system.