PeopleTools Security - Data Security

Data security comprises the following elements:

• Privacy - keeping data hidden from unauthorized parties
• Integrity - keeping transmitted data intact
• Authentication - verifying the identity of an entity that's transferring data
• Access - providing the user with appropriate menus and ability to select pages (components) from those menus
• Authorization - providing users with access to the data to which they should have access
• Non-repudiation - capability to assert that updates or modifications were performed by a particular user based on the user's certificate

Click Here for the PeopleSoft Security PeopleBook

PeopleTools support for Data Security

• Privacy
  Privacy is normally implemented with some type of encryption. Encryption is the scrambling of information such that no one can read it unless they have a piece of data known as a key. PeopleSoft delivers PeopleSoft (Pluggable) Encryption Technology PET
• Integrity
  Integrity can be accomplished with simple checksums or, better, with more complex cryptographic checksums known as one-way hashes, and often with digital signatures as well. PeopleSoft supports Data in Flight by supporting SSL for all data transport - Web, Integration and LDAP.
• Authentication
  Authentication can be accomplished using passwords, or with digital signatures, which are by far the most popular and most reliable method of authentication. As well as internal Password Controls, PeopleSoft supports certificate based single signon and the range of Oracle's Access Management products and those supplied by security vendor partners.
• Access
  Access can be controlled using Roles and Permission Lists. Permission Lists also define available periods, i.e. signon and signoff times.
• Authorization
  Authorization is supported in PeopleTools by Query and Row Level Security. Applications provide additional authorization with extended Row Level and Field Security and through the use of Business Unit and SETID. Permission Lists also control the user's rights to View, Add, Update and Correct information.

Defining Row-Level Security and Query Security Records

• Row-Level Security
  With row-level security, users can have access to a table without having access to all rows on that table. This type of security is typically applied to tables that hold sensitive data.
• Query Security Record Definitions
  You implement row-level security by having Query search for data using a query security record definition. The query security record definition adds a security check to the search.

Application Data Security

• Table-Level Security
  You use PeopleSoft Query to build SQL queries and retrieve information from application tables. For each PeopleSoft Query user, you can specify the records the user is allowed to access when building and running queries.
• Row-Level Security
  You can design special types of SQL views-security views-to control access to individual rows of data stored within application database tables. See this document (logon required) for details of HCM's use of Enterprise HRMS 8.9 Row Level Security - (this also applies to HCM 9.0)
  
  See the application documentation for your for details about implementing row-level security.
• Field Security
  Use PeopleCode to restrict access to particular fields or columns within application tables. For example, if you want a certain class of user to be able to access certain pages, but not to view a particular field on those pages, such as compensation rate, you can write PeopleCode to hide the field for that user class.

Documentation Archive http://www.oracle.com/technetwork/documentation/psftarch-096292.html