Sei sulla pagina 1di 12

Bowling Green State University Demonstration Questions – Technical (Day 1)

ß Can a group of reports be tied to a role/user?

Yes, PeopleSoft allows you to configure what reports users can access through Process Groups. These groups can be used to provide access to a group of reports or 1 individual report if needed. BGSU can configure and unlimited amount of these

groups to allocate to the end user population when looking to tie reports or processes

to Roles and/or end users.

ß What is the security hierarchy within?

A security definition refers to a collection of related security attributes that you create

using PeopleTools Security. The three main PeopleSoft security definition object types are:

User Profiles

Roles

Permission Lists

Because deploying your applications to the Internet significantly increases the number of potential users your system must accommodate, you need an efficient method of granting authorization to different user types. PeopleSoft security definitions provide a modular means to apply security attributes in a scaleable manner.

Each user of your system has an individual User Profile, which in turn is linked to one or more Roles. To each Role, you add one or more Permission Lists, which ultimately control what a user can and can't access. So a user inherits permissions through the role, but here are a few permissions that are assigned directly to the user profile, but these are the exception, as in Process Profile, Primary, and Row Level permission lists.

User Profile:

A User Profile is a set of data describing a particular user of your PeopleSoft system.

This data includes everything from the low-level data that PeopleTools requires, such

as

Language Code, to application-specific data, such as the setIDs a user is authorized

to

access within the PeopleSoft Financials applications. Some User Profile

information, such as password, is truly security related. Alternatively, some of the information, such as the email address, is descriptive, and some of the information, such as Multi Language Enabled, is a preference. User Profiles also maintain the

Roles that are assigned to the user.

User Profiles are different from the application data tables, such as PERSONAL_DATA, that also store information about people. User Profiles are relevant when a user interacts with the system by logging in, viewing a worklist entry, receiving an email, and so on. Application data tables are involved with the core application functionality, such as payroll processing, not with user interaction.

Bowling Green State University Demonstration Questions – Technical (Day 1)

Roles:

You assign Roles to User Profiles. Roles are intermediate objects that link User Profiles to Permission Lists. You can assign multiple Roles to a User Profile, and you can assign multiple Permission Lists to a Role. Some examples of Roles might be Employee, Manager, Customer, Vendor, Student, and so on.

A Manager is also an Employee, and possibly, she may also be a Student. Roles

enable you to mix and match access appropriately.

You have two options when assigning roles, assign Roles manually or you can assign them dynamically. When assigning roles dynamically, you can use PeopleCode, Lightweight Directory Access Protocol (LDAP), and Query rules to assign User Profiles to Roles programmatically.

Permission Lists:

Permission Lists are lists, or groups, of authorizations that you assign to Roles. Permission Lists store Sign-on times, Page access, PeopleTools access, and so on.

A Permission List may contain one or more types of permissions. The fewer types of

permissions in Permission List the more modular and scaleable your implementation. To what granularity you decide to take your permission lists is up to you.

A User Profile inherits most of its permissions through the roles that have been

assigned to the User Profile. Some Permission Lists, such as Process Profile or row-

level security, you apply directly to a User Profile.

Data permissions, or row-level security, appear either through a Primary Permissions List or a Row Security Permissions list.

ß Are Crystal Reports a separate purchase from PeopleSoft?

Crystal reports are packaged and supported by PeopleSoft. BGSU will receive an unlimited user license when deploying this product to its end users for creating, running and viewing reports online.

ß Does Crystal Reports need to be loaded on the workstation (i.e., as PeopleTools)?

For Developers that will be created and editing Reports the Crystal Client will need to be loaded on the desktop. End-users accessing, running and viewing reports can do so over the Web without any client install or plug-in needed.

ß What type of support do you suggest to administer security (i.e., a security officer for each system (HR, Student, or one for all systems)?

PeopleSoft delivers a flexible security model, which can allow for the easy administration of the entire PeopleSoft system. The administration of security can be

Bowling Green State University Demonstration Questions – Technical (Day 1)

a delegated task assigned to both IT and Functional leads for their respective application (i.e. Financial Aid, Admissions). All applications will be administered using the Security Manager PeopleTool i.e. the same resources can be shared amongst the different modules. The Security Manager Tools will deliver a seamless interface for the End User or IT head to create and administer system wide security for authentication and authorization rules. Security Manager includes the following capabilities:

- Administer, create and assign roles for transaction access

- Create User Profiles

- Develop/Modify Permissions lists to define Page level (read/write & update access)

- Password Controls (i.e. Password expiration, force change, dictionary)

- LDAP interface setup and attribute mapping

- Reporting access to tables (i.e. Define what tables users can view and access)

ß We use SUN hardware on the UNIX side and leverage SUN Crypto Accelerator hardware for SSL with Apache. What kind of support for hardware SSL acceleration with SUN hardware do Websphere/WebLogic provide?

Support for SSL acceleration will be dependent upon the hardware in place. The Sun Crypto Accelerator will deliver network security on Sun servers running the Solaris Operating System, the Sun Open Net Environment (Sun ONE) Web Server software, or Apache Web server software only.

ß How do imports handle various batch formats such as DOS, MAC, line breaks, etc.?

The PeopleSoft batch import file is capable of importing CSV, XML or Fixed width files from a DOS or MAC platform. PeopleCode routines can be created to extract, transform and load data from these variety of file formats. In the event that line breaks may cause complications upon import PeopleCode routines can be created to accommodate these special requirements.

ß Does the First Logic function come standard with PeopleSoft?

FirstLogic is a 3 rd party application that is sold through FirstLogic, Inc.

ß How many tables are in the system?

Each module in the PeopleSoft application has tables that are used for functional data storage (i.e. General Ledger in Financials, Student in Student Administration, and Employee in Human Resources) and tables for metadata definitions (i.e. page definitions, workflow definitions, field and label layouts). The numbers of tables vary, based on PeopleSoft module. To date, there are over 10,000 tables (including

Bowling Green State University Demonstration Questions – Technical (Day 1)

System, Tools & applications) used to store business logic and PeopleSoft transaction data for Student/HRMS.

ß How many workflows come standard?

PeopleSoft delivers several workflow definitions for each module. Please see the attached Financials and HR documents that contain out of the box workflow definitions.

ß Are PeopleTools used for workflow query development?

PeopleTools are used for workflow development in that setting up the underlining workflow characteristics such as routings and branching characteristics. Workflow is also configured as part of the underlining business events that are configured in the PeopleSoft applications, such as security administration, or personal routing characteristics.

Users who have security authorization can define queries, which are a reporting mechanism in the PeopleSoft application, in the Query Manager. System or data administrators can also define queries in PeopleTools.

ß Can we use the local email address book?

PeopleSoft maintains an email address for each user of the system so in case the local email address is unavailable, email can still be sent. PeopleSoft is capable of using email address defined within LDAP to drive email notifications for system users. If BGSU intends to use the address book defined within GroupWise to be accessible directly from PeopleSoft in real-time this integration would need to be created.

ß Currently, some tables are maintained by user offices. It appears that these rules are all set by IT. Can this be distributed to user offices based on processes based on user ID or function?

A centralized security administrator is responsible for maintaining and creating roles and permission lists in PeopleSoft. The delegation of the roles can be assigned to the user offices by the central security administrator to a super user who can assign the roles to their user community for whom they are responsible.

ß Can queries be created, run and viewed on a MAC?

Yes! PeopleSoft supports the Safari browser on the Macintosh, as well as Internet Explorer and Netscape browsers.

ß Can ID numbers for people be generated automatically?

Bowling Green State University Demonstration Questions – Technical (Day 1)

PeopleSoft is able to mass generate UserID for authentication into the PeopleSoft application. A mass generation process can be run to assign UserId’s to students, employees, faculty, etc. For the assignment and creation of Student/Employee ID’s (Student #) these individuals will be assigned ID’s manually via the Hire/Admit process.

ß If so, what is the format of a generated number?

The Format of the number is currently incremented in numeric form. BGSU can append any character string or initial to the incremented ID number if needed using a simple PeopleSoft function.

ß Can the number include a check digit?

A check digit validation routine can be created as a customization using PeopleCode.

At run time a function would be called to validate the assigned ID number and

generate a Check digit as a result append to the newly assigned UserID.

ß Can we also generate requisition numbers and other identifying numbers?

Yes.

ß Are W2s and 1099s delivered and maintained?

W2’s and 1099 forms are delivered reports from PeopleSoft. W2’s and 1099’s are SQR reports, which are run via the process scheduler based on workflow or manually run processes. The forms are delivered by PeopleSoft and maintained by BGSU. Report templates are stored in the file directory to be accessed at run time when needed. BGSU can copy and modify reports as needed.

ß How do you monitor problems as they occur?

PeopleSoft currently delivers functionality to monitor transactions and events in the PeopleSoft application so that system admins can visually check the status of the application. Application traces, Debugging, X-reference reports and system monitoring tools (i.e. PSADMIN, PSPING) can be used to monitor daily system activity.

Currently, the PeopleSoft application can be monitored by 3 rd party applications such

as Quest Software, BMC Software, or Computer Associates. System Administrators

can create their own scripts to monitor or test the ‘health’ of the PeopleSoft application as well.

ß How and who is notified there is a problem?

Bowling Green State University Demonstration Questions – Technical (Day 1)

Events in the system can be sent to the appropriate system administrator, as Bowling Green seems fit. Messages can be sent via email, pager, cell phone, and to the users worklist within the Portal. Messages can be custom defined by Bowling Green to fit each unique situation.

ß How do you enter necessary selection criteria and which fields to print? How do you get totals?

PeopleSoft delivers query and reporting capabilities for PeopleSoft users so that fields can be manually selected and ordered in their reports. Totals can be created in the same graphical interface.

ß A graph (pie chart) was presented, but how was it created?

The pie chart was created by using the Cognos analytic tool to query a data cube and then present information via Cognos. In addition, PeopleSoft deliveres charting functions which can be used to create a graph from any PeopleSoft application table.

ß Can reports be triggered from a combination of tables—some in HR and others in SIS?

Yes, reports can be created from data in multiple PSFT modules.

ß How does Blackboard co-exist with PS Portal? For instance, does access to information links appear in both (“my services module vs. Enterprise links)?

PeopleSoft and Blackboard have a constantly evolving relationship where Blackboard data can be incorporated into the PeopleSoft via pagelet. Bowling Green can define the links to Blackboard and the integration routines so that the users do not have to sign in again to the Blackboard transactions they are attempting to view. Other integration capabilities are going to be delivered that incorporate web service technology so that transactional data can be seamlessly incorporated into the PeopleSoft Portal application.

ß Can views be created by user offices?

Via PeopleTools, views can be created by users with the appropriate security. System or data administrators who are familiar with the detailed data structures, which make up the PeopleSoft data model, typically create views. With the input from the user community, the system or data administrators can create custom views so that data can be grouped logically and seen as one logical grouping instead of multiple tables.

ß Can you limit user access to data or roles based on time of day via roles or is it based on user ID?

Bowling Green State University Demonstration Questions – Technical (Day 1)

Restriction can be set by time of day as defined in the primary permission list assigned to a user id.

ß Can you ensure audit trail data cannot be altered in any way?

The PeopleSoft application has a detailed security model which prevents everyone from being able to alter the audit data that is stored. In a relational data model, only the trusted DBA who has the highest level of database authority can have update authority on this data.

ß Does PS have real time integration with all external databases including VSAM, etc.?

PeopleSoft integration capabilities with mainframe data can be achieved in real time by using the PeopleSoft Integration Broker technology in conjunction with IBM Websphere or 3 rd party applications such as Jacada.

ß Since a lot of the security information, permissions, etc., is stored in PeopleSoft and not in the database, what happens if we need to migrate away from PeopleSoft to a new application someday?

The security setup in the PeopleSoft application is local to the PeopleSoft application. However, PeopleSoft is LDAP compliant, which allows security permissions to be stored outside of the application, and can be transferred to other applications when necessary.

ß Can we do “snapshot” reporting at a specific time in the past?

Yes. PeopleSoft uses effective dating so that transactions can be reported as a snapshot in time.

ß Where is the actual role and authority data stored? Is it held in the database? Can

we use existing LDAP authentication information? LDAP groups?

Can we store role data in

Yes, Roles are comparable to groups in LDAP. PeopleSoft gives you the ability to assign roles to existing LDAP groups in mass using our delivered LDAP interface.

ß Need more clarification on how to interface with other systems. Example: MBS, or bookstore system. They need to know who is eligible to make charges, then send that charge to their bursar account or their department account.

When making charges directly into the PS system, Student Financials Business Unit security as well as Item Type security can be used to control the posting of charges to

Bowling Green State University Demonstration Questions – Technical (Day 1)

various accounts. The latter is really about giving access to only those accounts (i.e. Item Types) that end users should have access too. For instance, the Parking department can only have access to and post Parking charges. They cannot post a tuition charge, for example. All accounts are mapped to the General Ledger when posted within the student system.

ß Please clarify authentication, creation and use of electronic signatures.

Electronic signatures within PeopleSoft can include appending an ‘Electronic Signature’ or bitmap (image) of a signature to a transaction at run time or digitally signing a transaction using PKI. At the transaction level both methods will include minor customization when appending a signature. BGSU will be required to purchase a license from a trusted (CA) i.e. (Entrust, VeriSign) when attempting to digitally sign transactions. PeopleSoft delivers the tools and container to store certificates from a licensed CA on the Web Server for use at run time.

ß In the interest of automating password changes and synchronization, what format is the password stored in and do we need to feed passwords to the change mechanism in clear text or can we feed it in some pre-encoded form.

PeopleSoft passwords are ‘Hashed’ when stored to the database. PeopleSoft delivers a Single Signon process, which will allow BGSU to store different Passwords for a user in different modules but only require the User to know 1 UserID and Password for system wide authentication thereby circumventing any need for password synchronization. When using LDAP passwords will be stored and maintained within the Directory Service and not PeopleSoft. Below is an example of the PeopleSoft signon process:

1

The user enters the User ID and password into the PeopleSoft signon page.

2

If the login to the Psoft application server is successful, the server generates a single signon token. The web server receives the single signon token from the application server, and issues a cookie to the browser.

3

The user navigates in the application and encounters a hyperlink to the external system. The user clicks on the link.

4

The browser passes the PS_TOKEN cookie to your external web server.

5

The external web server checks for the PS_TOKEN cookie before displaying a signon page.

6

Once it is determined that the user is accessing your application through PeopleSoft, you retrieve the authentication token and send it to the PRTL_SS_CI component interface to verify authentication. For instance, Call PRTL_SS_CI.Authenticate(Auth. token string)

7

After the system authenticates the token, the system can then make calls to the PRTL_SS_CI.Get_UserID() function to return the appropriate User ID.

Bowling Green State University Demonstration Questions – Technical (Day 1)

ß How many current clients use row level or field level security?

We don’t have exact statistics on this type of metric from our clients, but it is believed that almost all clients have row level security and most have implemented some form of field level security.

ß How are the roles initially assigned to the database of users of the system:

students, faculty, employees and all combinations?

Roles can be assigned by a security administrator by hand, or they can be assigned dynamically by security queries or PeopleCode based on events in the system (i.e. promotions, workflow events, conditions, etc.) A dynamic role can be assigned based on characteristics of a user and can be unassigned when the characteristics change. Dynamic roles allow permissions to be assigned based on business events that may be temporary, but necessary to get work done in normal business processing.

ß Is there a limited number of roles or views that you can create?

No. Unlimited.

ß How much time must DBA team spend on occasional security problem diagnosis?

DBA time varies, but will decrease as time goes on and the system has been in production. The DBA will be required to monitor the health of the database to make sure response time is adequate.

ß Who updates SQL or PeopleCode—BGSU or PeopleSoft?

PeopleSoft delivers a robust application design application called PeopleTools. PeopleTools allows Bowling Green to alter or create new functionality in the PeopleSoft application to fit Bowling Green’s unique requirements. The changes Bowling Green creates or applies are tracked by PeopleSoft, so when upgrades occur, those changes are applied and not lost. The PeopleSoft Upgrade Manager controls this process.

ß Who typically maintains the “views” related to field level security?

Security administrators who have access to PeopleTools typically maintain the views related to field level security.

Bowling Green State University Demonstration Questions – Technical (Day 1)

ß What process or tools eliminates duplicate accounts or people from the system if they have been added by mistake?

PeopleSoft, as defined by BGSU, can setup data validation rules so that when accounts are created, duplicate data will not be input into the system. However, FirstLogic also has tools to identify accounts that may be duplicates that are not caught by the data validation rules.

ß Can BGSU define custom roles and security? Can users view specific fields only or is it all or nothing?

Via the security administration tools in PeopleSoft, BGSU can define their own custom roles and permission lists based on their own unique requirements. Security can be defined at multiple levels so that the appropriate level of access is granted to a users based on the type of transaction that is being issued, or blanket security given to that user. Users can view specific fields on a page based on field level security. Each user or role can see different fields based on security access.

ß How can a view be tied to an application routine?

Views, which are a logical grouping of physical tables, are created by a system or data administrator in the application designer; a component of PeopleTools. The fields in a view can be placed on a page just as a physical record (or table) has its fields defined on a page. Views are typically used to group similar data and present multiple records (or tables) in one “view”.

ß Can Java web server be other than WebLogic/WebSphere (such as TomCat)?

PeopleSoft supports:

Web Servers

• BEA WebLogic Server

• IBM WebSphere Server

Optional Reverse Proxy Servers (HTTP Servers):

• Microsoft IIS v4 on Windows NT 4

• Microsoft IIS v5 on Windows 2000

• iPlanet Web Server, Enterprise Edition

• Apache (WebLogic only)

• IBM HTTP Server (IHS) (WebSphere only). Packaged with WebSphere install.

ß What application are you using for single sign-on?

Single Sign-on is delivered for the PeopleSoft application from PeopleSoft. It is PeopleSoft’s own application. PeopleSoft can be incorporated with other SSO applications like Netegrity or Oblix.

Bowling Green State University Demonstration Questions – Technical (Day 1)

ß How do we maintain changes or upgrade for these database and field changes?

The Upgrade Manager utility, which is part of PeopleTools, manages the PeopleSoft upgrade processes. When a change is made by Bowling Green to any object in the PeopleSoft application, the metadata for that object is updated and defined as a user defined change so that during the upgrade process, all changes are captured, verified, and migrated with the Upgrade Manager. The Upgrade Manager manages the upgrade process.

ß How are they available in different regions? Example: If you want to modify a screen by adding a new field, how would you do this change and be able to test without modifying the production screen?

In a typical PeopleSoft architecture, most customers have a development, test, and product environments. This is so enhancements to the PeopleSoft application can be thoroughly tested before the changes and migrated to the production environment. PeopleSoft has a process called Data Mover, which manages the process of moving changes from one PeopleSoft landscape (i.e. Development to Test, Test to Production). PeopleSoft recommends having a development and/or test environment so that changes can be tested without impacting production systems.

ß Can a username change or must the username be deleted and readded?

In the security administrator, if a user name must be changed, the following process should be followed:

1)

Copy the existing user profile name to the new profile name

2)

Test the sign in process to the new user profile name

3)

Delete the old user profile name

ß

What version of WebLogic is used?

WebLogic 6.1 is the current supported level.

ß Will business rules will be modified by PeopleTools and PeopleCode?

Business Rules can be defined in multiple locations in PeopleSoft depending on the events being defined. For example, security is setup via the security administrator in the PeopleSoft application. Financial configurations, such as General Ledger setup, are done via the Financials module, and likewise for benefits in Human Resources. In some cases, business rules will need to be defined in PeopleTools, such as workflow branching configurations. There may be times during that process that PeopleCode will need to be written. However, most business rules are defined in the PeopleSoft applications themselves without a line of code being written.

Bowling Green State University Demonstration Questions – Technical (Day 1)

ß Are the queries that appear on the portal page processed realtime only or can they be cached or set to expire results within a specific time frame?

The queries in the portal pagelets are run real-time when the user logs in or clicks on the refresh button on the pagelet or the browser.

ß How are changes deployed from development to test without recreating elements?

In a typical PeopleSoft architecture, most customers have a development, test, and product environments. This is so enhancements to the PeopleSoft application can be thoroughly tested before the changes and migrated to the production environment. PeopleSoft has a process called Data Mover, which manages the process of moving changes from one PeopleSoft landscape (i.e. Development to Test, Test to Production). PeopleSoft recommends having a development and/or test environment so that changes can be tested without impacting production systems.

ß Over time BGSU may have multiple changes to the system. When implementing a new release of PeopleSoft, does PeopleSoft automatically account for these changes? If not, does PS inform DBA of changes to the system?

The Upgrade Manager utility, which is part of PeopleTools, manages the PeopleSoft upgrade processes. When a change is made by Bowling Green to any object in the PeopleSoft application, the metadata for that object is updated as a user defined change, so that during the upgrade process, all changes are captured, verified, and migrated. As part of the upgrade process, a report will be created stating what was changed by Bowling Green. Bowling Green will have the option to carry forward all modifications they made, or only carry forward a sub set of changes. This process is all defined via the Upgrade Manager.

ß Is all security done by a master admin or are there sub admins.? Can some security be delegated?

Both. Security can be centralized or decentralized to sub admins in departments or organizations. Typically a central security administrator creates the permission lists and roles needed. Administration at the department level can be decentralized and the responsibility for role assignment can be delegated to a super user in each department.

ß Wireless access has been mentioned in a number of contexts. Which means of access are supported, i.e., WAP, browser-based, etc,

PeopleSoft supports WAP enabled devices and PocketPC devices. Please refer to the Hardware and Software guide for supported device