https://pslens.com/docs/security/Recent content in Security on psLensHugoen-ushttps://pslens.com/docs/security/permission-lists/Mon, 01 Jan 0001 00:00:00 +0000https://pslens.com/docs/security/permission-lists/<h2 id="permission-lists">Permission Lists</h2> <p><strong>URL:</strong> <code>/permissionlists</code></p> <p>Permission lists (PSCLASSDEFN, sometimes called classes) are the lowest-level grantable security object. Every menu, component, page, and function authorization attaches to one.</p> <h3 id="what-you-can-do">What You Can Do</h3> <ul> <li><strong>View Full Definitions:</strong> See description, last modified information, and general settings.</li> <li><strong>View Authorizations:</strong> See which menus and components the permission list authorizes.</li> <li><strong>View Assigned Roles:</strong> See which roles include this permission list.</li> <li><strong>Sign-on Settings:</strong> View allowed sign-on times and other access constraints.</li> </ul> <h3 id="when-its-useful">When It&rsquo;s Useful</h3> <ul> <li>Auditing what access a particular permission list grants before assigning it.</li> <li>Incident response: what could a compromised permission list have touched.</li> <li>Finding permission lists that are overly broad (see also the <a href="https://pslens.com/docs/reports/security/security-full-access/">Full Access Permission Lists report</a>).</li> </ul>https://pslens.com/docs/security/roles/Mon, 01 Jan 0001 00:00:00 +0000https://pslens.com/docs/security/roles/<h2 id="roles">Roles</h2> <p><strong>URL:</strong> <code>/roles</code></p> <p>Roles (PSROLEDEFN) are named bundles of permission lists. Users get roles, not permission lists directly.</p> <h3 id="what-you-can-do">What You Can Do</h3> <ul> <li><strong>View Included Permission Lists:</strong> See the list of permission lists assigned to the role.</li> <li><strong>View Assigned Users:</strong> See which users are assigned this role.</li> <li><strong>Metadata Inspection:</strong> See the role&rsquo;s description and last modified information.</li> </ul> <h3 id="when-its-useful">When It&rsquo;s Useful</h3> <ul> <li>Understanding what an unfamiliar role grants.</li> <li>Checking whether a role contains permission lists that are unexpectedly broad.</li> <li>Finding all users who have a particular role.</li> </ul>https://pslens.com/docs/security/users/Mon, 01 Jan 0001 00:00:00 +0000https://pslens.com/docs/security/users/<h2 id="users">Users</h2> <p><strong>URL:</strong> <code>/users</code></p> <p>Users (PSOPRDEFN, historically called operators) are login accounts. Each carries a set of roles, a primary permission list, a row-security permission list, and a process profile. Search supports both OPRID and name.</p> <h3 id="what-you-can-do">What You Can Do</h3> <ul> <li><strong>View Assigned Roles:</strong> See the roles assigned to a user.</li> <li><strong>Core Security Attributes:</strong> See primary permission list, row security permission list, and process profile.</li> <li><strong>Account Metadata:</strong> View account status (active/inactive), last login, and email address.</li> <li><strong>Password Settings:</strong> See password-related settings (whether a password is set, when it expires).</li> </ul> <h3 id="when-its-useful">When It&rsquo;s Useful</h3> <ul> <li>Checking what access a specific user has.</li> <li>Reviewing user accounts during security audits.</li> <li>Finding accounts that are inactive but still have broad role assignments.</li> <li>Investigating who has access to a sensitive area of the system.</li> </ul>