<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Articles on psLens</title><link>https://pslens.com/blog/</link><description>Recent content in Articles on psLens</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Mon, 13 Jul 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://pslens.com/blog/index.xml" rel="self" type="application/rss+xml"/><item><title>Why psLens Runs on Go, a Hypermedia UI Stack, and SWS Instead of Living Inside PeopleSoft</title><link>https://pslens.com/blog/why-pslens-runs-on-go-hypermedia-and-sws/</link><pubDate>Mon, 13 Jul 2026 00:00:00 +0000</pubDate><guid>https://pslens.com/blog/why-pslens-runs-on-go-hypermedia-and-sws/</guid><description>&lt;p&gt;When I started building psLens, I was not trying to create another PeopleSoft bolt-on. I wanted a tool that could sit beside PeopleSoft, search metadata fast, run audits, monitor Process Scheduler and Integration Broker, and stay easy to deploy and maintain.&lt;/p&gt;
&lt;p&gt;That requirement set ruled out a lot of obvious choices.&lt;/p&gt;
&lt;p&gt;psLens now runs as a standalone &lt;a href="https://github.com/golang/go"&gt;Go&lt;/a&gt; application with server-rendered UI components built in &lt;a href="https://github.com/a-h/templ"&gt;templ&lt;/a&gt;, live updates handled by &lt;a href="https://data-star.dev"&gt;Datastar&lt;/a&gt; (&lt;a href="https://github.com/starfederation/datastar"&gt;GitHub&lt;/a&gt;), and a PeopleSoft-side access layer provided by &lt;a href="https://sws.books.cedarhillsgroup.com/docs/"&gt;SWS&lt;/a&gt;. That combination is not accidental. Each part solves a specific problem that PeopleSoft teams run into when they try to build admin and security tooling the old way.&lt;/p&gt;</description></item><item><title>Which Service Operations Can Half Your Users Call?</title><link>https://pslens.com/blog/service-operations-exposed-to-most-users/</link><pubDate>Tue, 07 Jul 2026 00:00:00 +0000</pubDate><guid>https://pslens.com/blog/service-operations-exposed-to-most-users/</guid><description>&lt;p&gt;Ask a PeopleSoft security administrator &amp;ldquo;who can call this web service?&amp;rdquo; and you will usually get a pause. There is no delivered screen that ranks service operations by how many users can reach them. The grant is buried one level below where anyone looks: a service operation is authorized to a &lt;em&gt;permission list&lt;/em&gt;, and permission lists ride &lt;em&gt;roles&lt;/em&gt; out to users. A single broadly-held role can quietly put a data-moving web service in reach of hundreds of accounts that have no business calling it.&lt;/p&gt;</description></item><item><title>Your PeopleSoft Nodes Probably Don't Have Passwords</title><link>https://pslens.com/blog/peoplesoft-nodes-without-passwords/</link><pubDate>Thu, 02 Jul 2026 00:00:00 +0000</pubDate><guid>https://pslens.com/blog/peoplesoft-nodes-without-passwords/</guid><description>&lt;p&gt;Here is a finding from a delivered Campus Solutions 9.2 development image: &lt;strong&gt;62 active message nodes, 58 of them with no authentication configured.&lt;/strong&gt; That is not an unusual environment. It is what delivered images look like, and refreshed non-prod environments inherit it.&lt;/p&gt;
&lt;h2 id="why-it-matters"&gt;Why It Matters&lt;/h2&gt;
&lt;p&gt;A message node with &lt;code&gt;AUTHOPTN = 'N'&lt;/code&gt; accepts messages without authenticating the sender. Any system that can reach your Integration Broker gateway can send messages to or through that node. Whether that is exploitable depends on what routings and service operations the node participates in — but &amp;ldquo;unauthenticated by default and nobody has looked&amp;rdquo; is not a posture you want to explain to an auditor.&lt;/p&gt;</description></item><item><title>Who Can Access This PeopleSoft Component? The SQL, and the Gotchas</title><link>https://pslens.com/blog/who-can-access-this-peoplesoft-component/</link><pubDate>Thu, 02 Jul 2026 00:00:00 +0000</pubDate><guid>https://pslens.com/blog/who-can-access-this-peoplesoft-component/</guid><description>&lt;p&gt;&amp;ldquo;Who can get to this component?&amp;rdquo; is one of the most common questions a PeopleSoft security administrator gets, and PeopleSoft has no delivered screen that answers it in one place. The data lives in three tables, and the joins are easy to get subtly wrong.&lt;/p&gt;
&lt;h2 id="the-security-chain"&gt;The Security Chain&lt;/h2&gt;
&lt;p&gt;PeopleSoft component access flows through a fixed chain:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;&lt;code&gt;PSOPRDEFN&lt;/code&gt;&lt;/strong&gt; — user accounts&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;&lt;code&gt;PSROLEUSER&lt;/code&gt;&lt;/strong&gt; — which roles each user holds&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;&lt;code&gt;PSROLECLASS&lt;/code&gt;&lt;/strong&gt; — which permission lists each role carries&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;&lt;code&gt;PSAUTHITEM&lt;/code&gt;&lt;/strong&gt; — what each permission list grants: menu, component, and page entries with their authorized actions&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;A user can reach a component if &lt;em&gt;any&lt;/em&gt; permission list on &lt;em&gt;any&lt;/em&gt; of their roles has a &lt;code&gt;PSAUTHITEM&lt;/code&gt; row for it.&lt;/p&gt;</description></item></channel></rss>