Dangerous Permissions Audit
Categories:
Tailored Operational Context
- Target Database: —
- Context Type: —
- Alert Severity: —
- Triggered Time: —
- Firing Context:
—
Dangerous Permissions Audit Report
Report ID: security-dangerous-permissions
Category: Security
Purpose
This report identifies permission lists that grant access to dangerous capabilities in PeopleSoft. Each of the eight checks is a known attack path: SOAP-to-CI lets a permission-list holder call any Component Interface without a dedicated service operation, USERPROFILES lets them mint new accounts, IB_NODE lets them point a node at attacker-controlled infrastructure. Each category is assigned a severity level (CRITICAL or HIGH) to help prioritize remediation.
What It Checks
The report audits 8 categories of dangerous access:
CRITICAL Severity
| Category | Menu/Bar Item | Risk |
|---|---|---|
| SOAP to CI (WEBLIB_SOAPTOCI) | MENUNAME = 'WEBLIB_SOAPTOCI' | Allows programmatic access to Component Interfaces via SOAP without dedicated service operations |
| User Profile Management | MENUNAME = 'MAINTAIN_SECURITY', bar items: USERPROFILES, USER_SAVEAS, USERMAINT_DIST (non-display-only) | Ability to create, modify, or delete user profiles — the highest-level security object |
| Node Configuration | MENUNAME = 'IB_CONFIGURE', bar item: IB_NODE (non-display-only) | Ability to define or modify Integration Broker nodes, including authentication credentials |
HIGH Severity
| Category | Menu/Bar Item | Risk |
|---|---|---|
| WSDL Generation (WEBLIB_MSGWSDL) | MENUNAME = 'WEBLIB_MSGWSDL' | Can expose the structure and endpoints of web services |
| Role Management | MENUNAME = 'MAINTAIN_SECURITY', bar items: ROLEMAINT, ROLESAVEAS (non-display-only) | Ability to create, modify, or delete roles, controlling permission assignments |
| Permission List Purge | MENUNAME = 'MAINTAIN_SECURITY', bar items: PURGE_PERMLIST, PURGE_ROLEDEFN, PURGE_USR_PROFILE (non-display-only) | Ability to purge permission lists, roles, or user profiles |
| URL Definitions Management | MENUNAME = 'MAINTAIN_SECURITY', bar item: URL_MAINTENANCE (non-display-only) | Ability to create or modify URL definitions for redirects or external integrations |
| Process Type Definitions | MENUNAME = 'PROCESSMONITOR', bar item: PRCSTYPE (non-display-only) | Ability to modify process type definitions controlling batch process execution |
Table Queried
PSAUTHITEM — Authorization Items
Queried once per category with the specific WHERE clause for that check.
| Field | Description |
|---|---|
| CLASSID | Permission list that has this access |
| MENUNAME | Menu name being authorized |
| BARITEMNAME | Menu bar item name |
| DISPLAYONLY | Display-only flag (0 = full access, 1 = display only) |
PSROLECLASS — Role/Permission List Assignments
Queried per permission list found, via GetPermissionListRoles.
| Field | Description |
|---|---|
| CLASSID | Permission list |
| ROLENAME | Role that includes this permission list |
PSOPRALIASTYPE / PSOPRDEFN — User Counts
Queried in batch via GetUnlockedUserCountForRoles to count unlocked users per role.
Data Flow
1. For each of 8 dangerous capability categories:
|
v
2. Query PSAUTHITEM with category-specific WHERE clause
-> Extract unique permission lists (CLASSID)
|
v
3. For each permission list found:
-> Fetch assigned roles via PSROLECLASS
|
v
4. Batch query unlocked user counts for all roles
|
v
5. Sort findings by total unlocked user count (descending)
|
v
6. Generate per-category section with severity badge,
description, and permission list table
|
v
7. Generate summary and recommendations
Parameters
This report has no configurable parameters.
Report Output
The generated report contains:
- Header with database name and generation timestamp
- Per-category sections (8 total), each with:
- Severity badge (CRITICAL or HIGH)
- Description of the dangerous capability
- Count of permission lists with this access
- Table with: Permission List (linked), Roles, Unlocked User count
- Or “No findings” if no permission lists have this access
- Summary with total categories checked and total permission lists found
- Recommendations for each category
Interpreting Results
- CRITICAL findings should be reviewed immediately. SOAP-to-CI access, user profile management, and node configuration can all be used for privilege escalation or unauthorized data access.
- HIGH findings should be scheduled for remediation. These capabilities are security-sensitive but may have legitimate use cases in limited quantities.
- Permission lists with no roles assigned may be orphaned but should still be reviewed — they could be assigned in the future.
- High unlocked user counts indicate broad exposure to the dangerous capability and should be prioritized for remediation.
- Display-only access is excluded. The report only flags non-display-only (
DISPLAYONLY = 0) access for menu-based checks, so findings represent actual write/execute capability.
Recommendations
- Remove WEBLIB_SOAPTOCI access in production environments unless absolutely required for integration — use dedicated service operations instead
- Restrict WSDL generation to development environments only; in production, serve static WSDL files
- Limit user profile management to a small number of designated security administrators
- Implement change management processes for role and permission list modifications
- Restrict purge operations to emergency use only and require approval workflows
- Audit node configuration access regularly, as nodes contain authentication credentials