---
reportType: security-dangerous-permissions
database: CS92DEV
generatedAt: 2026-06-12T12:49:22-07:00
---

# Dangerous Permissions Audit

**Database:** CS92DEV

**Generated:** 2026-06-12 12:49:16 PDT

---

This report identifies permission lists that grant access to dangerous capabilities.
These capabilities can be used to bypass security controls, expose sensitive data, or escalate privileges.

## 🔴 CRITICAL: SOAP to CI (WEBLIB_SOAPTOCI)

Grants access to the SOAP-to-Component-Interface web library, allowing programmatic access to Component Interfaces via SOAP without dedicated service operations.

**Found 2 permission list(s) with this access.**

| Permission List | Roles | Unlocked Users |
|-----------------|-------|---------------|
| [HCSPWEBLIB](https://pslens.example.com/permissionlists/HCSPWEBLIB?db=CS92DEV) | AWE Administrator, Applicant, Employee, Manager, Mobile User | 4 |
| [PTPT1200](https://pslens.example.com/permissionlists/PTPT1200?db=CS92DEV) | PeopleTools | 1 |

## 🟠 HIGH: WSDL Generation (WEBLIB_MSGWSDL)

Grants access to generate WSDL documents, which can expose the structure and endpoints of web services.

**Found 2 permission list(s) with this access.**

| Permission List | Roles | Unlocked Users |
|-----------------|-------|---------------|
| [HCSPWEBLIB](https://pslens.example.com/permissionlists/HCSPWEBLIB?db=CS92DEV) | AWE Administrator, Applicant, Employee, Manager, Mobile User | 4 |
| [PTPT1200](https://pslens.example.com/permissionlists/PTPT1200?db=CS92DEV) | PeopleTools | 1 |

## 🔴 CRITICAL: User Profile Management

Grants ability to create, modify, or delete user profiles — the highest-level security object in PeopleSoft.

**Found 2 permission list(s) with this access.**

| Permission List | Roles | Unlocked Users |
|-----------------|-------|---------------|
| [PTPT1100](https://pslens.example.com/permissionlists/PTPT1100?db=CS92DEV) | Security Administrator | 1 |
| [HCSPTOOLS](https://pslens.example.com/permissionlists/HCSPTOOLS?db=CS92DEV) | (no roles assigned) | 0 |

## 🟠 HIGH: Role Management

Grants ability to create, modify, or delete roles, which control permission list assignments across users.

**Found 2 permission list(s) with this access.**

| Permission List | Roles | Unlocked Users |
|-----------------|-------|---------------|
| [PTPT1100](https://pslens.example.com/permissionlists/PTPT1100?db=CS92DEV) | Security Administrator | 1 |
| [HCSPTOOLS](https://pslens.example.com/permissionlists/HCSPTOOLS?db=CS92DEV) | (no roles assigned) | 0 |

## 🟠 HIGH: Permission List Purge

Grants ability to purge permission lists, roles, or user profiles, which could remove security controls.

**Found 2 permission list(s) with this access.**

| Permission List | Roles | Unlocked Users |
|-----------------|-------|---------------|
| [PTPT1100](https://pslens.example.com/permissionlists/PTPT1100?db=CS92DEV) | Security Administrator | 1 |
| [HCSPTOOLS](https://pslens.example.com/permissionlists/HCSPTOOLS?db=CS92DEV) | (no roles assigned) | 0 |

## 🟠 HIGH: URL Definitions Management

No permission lists found with this access. **No findings.**

## 🔴 CRITICAL: Node Configuration

No permission lists found with this access. **No findings.**

## 🟠 HIGH: Process Type Definitions

No permission lists found with this access. **No findings.**

## Summary

- **Total categories checked:** 8
- **Total permission lists with dangerous access:** 10

## Recommendations

- **WEBLIB_SOAPTOCI**: This web library allows any Component Interface to be called via SOAP without a dedicated service operation. Remove this access unless absolutely required for integration.
- **WEBLIB_MSGWSDL**: Restrict WSDL generation access to development environments only. In production, WSDL files should be static.
- **User Profile Management**: Only security administrators should have access to create or modify user profiles. Audit who has this access regularly.
- **Role/Permission Management**: Changes to roles and permission lists can silently escalate privileges. Consider implementing a change management process for these objects.
- **Purge Operations**: The ability to purge security objects should be restricted to a very small number of administrators.

---

*Report generated by psLens*
