Bowling Green State University

Demonstration Questions Technical (Day 1)

Can a group of reports be tied to a role/user?

Yes, PeopleSoft allows you to configure what reports users can access through
Process Groups. These groups can be used to provide access to a group of reports or 1
individual report if needed. BGSU can configure and unlimited amount of these
groups to allocate to the end user population when looking to tie reports or processes
to Roles and/or end users.

What is the security hierarchy within?

A security definition refers to a collection of related security attributes that you create
using PeopleTools Security. The three main PeopleSoft security definition object
types are:

User Profiles

Roles

Permission Lists

Because deploying your applications to the Internet significantly increases the

number of potential users your system must accommodate, you need an efficient
method of granting authorization to different user types. PeopleSoft security
definitions provide a modular means to apply security attributes in a scaleable
manner.
Each user of your system has an individual User Profile, which in turn is linked to
one or more Roles. To each Role, you add one or more Permission Lists, which
ultimately control what a user can and can't access. So a user inherits permissions
through the role, but here are a few permissions that are assigned directly to the user
profile, but these are the exception, as in Process Profile, Primary, and Row Level
permission lists.
User Profile:
A User Profile is a set of data describing a particular user of your PeopleSoft system.
This data includes everything from the low-level data that PeopleTools requires, such
as Language Code, to application-specific data, such as the setIDs a user is authorized
to access within the PeopleSoft Financials applications. Some User Profile
information, such as password, is truly security related. Alternatively, some of the
information, such as the email address, is descriptive, and some of the information,
such as Multi Language Enabled, is a preference. User Profiles also maintain the
Roles that are assigned to the user.
User Profiles are different from the application data tables, such as
PERSONAL_DATA, that also store information about people. User Profiles are
relevant when a user interacts with the system by logging in, viewing a worklist entry,
receiving an email, and so on. Application data tables are involved with the core
application functionality, such as payroll processing, not with user interaction.
Page 1 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)
Roles:
You assign Roles to User Profiles. Roles are intermediate objects that link User
Profiles to Permission Lists. You can assign multiple Roles to a User Profile, and you
can assign multiple Permission Lists to a Role. Some examples of Roles might be
Employee, Manager, Customer, Vendor, Student, and so on.
A Manager is also an Employee, and possibly, she may also be a Student. Roles
enable you to mix and match access appropriately.
You have two options when assigning roles, assign Roles manually or you can assign
them dynamically. When assigning roles dynamically, you can use PeopleCode,
Lightweight Directory Access Protocol (LDAP), and Query rules to assign User
Profiles to Roles programmatically.
Permission Lists:
Permission Lists are lists, or groups, of authorizations that you assign to Roles.
Permission Lists store Sign-on times, Page access, PeopleTools access, and so on.
A Permission List may contain one or more types of permissions. The fewer types of
permissions in Permission List the more modular and scaleable your implementation.
To what granularity you decide to take your permission lists is up to you.
A User Profile inherits most of its permissions through the roles that have been
assigned to the User Profile. Some Permission Lists, such as Process Profile or rowlevel security, you apply directly to a User Profile.
Data permissions, or row-level security, appear either through a Primary Permissions
List or a Row Security Permissions list.

Are Crystal Reports a separate purchase from PeopleSoft?

Crystal reports are packaged and supported by PeopleSoft. BGSU will receive an
unlimited user license when deploying this product to its end users for creating,
running and viewing reports online.

Does Crystal Reports need to be loaded on the workstation (i.e., as PeopleTools)?

For Developers that will be created and editing Reports the Crystal Client will need to
be loaded on the desktop. End-users accessing, running and viewing reports can do so
over the Web without any client install or plug-in needed.

What type of support do you suggest to administer security (i.e., a security officer
for each system (HR, Student, or one for all systems)?

PeopleSoft delivers a flexible security model, which can allow for the easy
administration of the entire PeopleSoft system. The administration of security can be

Page 2 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)
a delegated task assigned to both IT and Functional leads for their respective
application (i.e. Financial Aid, Admissions). All applications will be administered
using the Security Manager PeopleTool i.e. the same resources can be shared amongst
the different modules. The Security Manager Tools will deliver a seamless interface
for the End User or IT head to create and administer system wide security for
authentication and authorization rules. Security Manager includes the following
capabilities:
- Administer, create and assign roles for transaction access
- Create User Profiles
- Develop/Modify Permissions lists to define Page level (read/write & update
access)
- Password Controls (i.e. Password expiration, force change, dictionary)
- LDAP interface setup and attribute mapping
- Reporting access to tables (i.e. Define what tables users can view and access)

We use SUN hardware on the UNIX side and leverage SUN Crypto Accelerator
hardware for SSL with Apache. What kind of support for hardware SSL
acceleration with SUN hardware do Websphere/WebLogic provide?

Support for SSL acceleration will be dependent upon the hardware in place. The Sun
Crypto Accelerator will deliver network security on Sun servers running the Solaris
Operating System, the Sun Open Net Environment (Sun ONE) Web Server software,
or Apache Web server software only.

How do imports handle various batch formats such as DOS, MAC, line breaks,
etc.?

The PeopleSoft batch import file is capable of importing CSV, XML or Fixed width
files from a DOS or MAC platform. PeopleCode routines can be created to extract,
transform and load data from these variety of file formats. In the event that line
breaks may cause complications upon import PeopleCode routines can be created to
accommodate these special requirements.

Does the First Logic function come standard with PeopleSoft?

FirstLogic is a 3rd party application that is sold through FirstLogic, Inc.

How many tables are in the system?

Each module in the PeopleSoft application has tables that are used for functional data
storage (i.e. General Ledger in Financials, Student in Student Administration, and
Employee in Human Resources) and tables for metadata definitions (i.e. page
definitions, workflow definitions, field and label layouts). The numbers of tables
vary, based on PeopleSoft module. To date, there are over 10,000 tables (including

Page 3 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)
System, Tools & applications) used to store business logic and PeopleSoft transaction
data for Student/HRMS.

How many workflows come standard?

PeopleSoft delivers several workflow definitions for each module. Please see the
attached Financials and HR documents that contain out of the box workflow
definitions.

Are PeopleTools used for workflow query development?

PeopleTools are used for workflow development in that setting up the underlining
workflow characteristics such as routings and branching characteristics. Workflow is
also configured as part of the underlining business events that are configured in the
PeopleSoft applications, such as security administration, or personal routing
characteristics.
Users who have security authorization can define queries, which are a reporting
mechanism in the PeopleSoft application, in the Query Manager. System or data
administrators can also define queries in PeopleTools.

Can we use the local email address book?

PeopleSoft maintains an email address for each user of the system so in case the local
email address is unavailable, email can still be sent. PeopleSoft is capable of using
email address defined within LDAP to drive email notifications for system users. If
BGSU intends to use the address book defined within GroupWise to be accessible
directly from PeopleSoft in real-time this integration would need to be created.

Currently, some tables are maintained by user offices. It appears that these rules
are all set by IT. Can this be distributed to user offices based on processes based
on user ID or function?

A centralized security administrator is responsible for maintaining and creating roles

and permission lists in PeopleSoft. The delegation of the roles can be assigned to the
user offices by the central security administrator to a super user who can assign the
roles to their user community for whom they are responsible.

Can queries be created, run and viewed on a MAC?

Yes! PeopleSoft supports the Safari browser on the Macintosh, as well as Internet
Explorer and Netscape browsers.

Can ID numbers for people be generated automatically?

Page 4 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)
PeopleSoft is able to mass generate UserID for authentication into the PeopleSoft
application. A mass generation process can be run to assign UserIds to students,
employees, faculty, etc. For the assignment and creation of Student/Employee IDs
(Student #) these individuals will be assigned IDs manually via the Hire/Admit
process.

If so, what is the format of a generated number?

The Format of the number is currently incremented in numeric form. BGSU can
append any character string or initial to the incremented ID number if needed using a
simple PeopleSoft function.

Can the number include a check digit?

A check digit validation routine can be created as a customization using PeopleCode.

At run time a function would be called to validate the assigned ID number and
generate a Check digit as a result append to the newly assigned UserID.

Can we also generate requisition numbers and other identifying numbers?

Yes.

Are W2s and 1099s delivered and maintained?

W2s and 1099 forms are delivered reports from PeopleSoft. W2s and 1099s are
SQR reports, which are run via the process scheduler based on workflow or manually
run processes. The forms are delivered by PeopleSoft and maintained by BGSU.
Report templates are stored in the file directory to be accessed at run time when
needed. BGSU can copy and modify reports as needed.

How do you monitor problems as they occur?

PeopleSoft currently delivers functionality to monitor transactions and events in the

PeopleSoft application so that system admins can visually check the status of the
application. Application traces, Debugging, X-reference reports and system
monitoring tools (i.e. PSADMIN, PSPING) can be used to monitor daily system
activity.
Currently, the PeopleSoft application can be monitored by 3rd party applications such
as Quest Software, BMC Software, or Computer Associates. System Administrators
can create their own scripts to monitor or test the health of the PeopleSoft
application as well.

How and who is notified there is a problem?

Page 5 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)
Events in the system can be sent to the appropriate system administrator, as Bowling
Green seems fit. Messages can be sent via email, pager, cell phone, and to the users
worklist within the Portal. Messages can be custom defined by Bowling Green to fit
each unique situation.

How do you enter necessary selection criteria and which fields to print? How do
you get totals?

PeopleSoft delivers query and reporting capabilities for PeopleSoft users so that fields
can be manually selected and ordered in their reports. Totals can be created in the
same graphical interface.

A graph (pie chart) was presented, but how was it created?

The pie chart was created by using the Cognos analytic tool to query a data cube and
then present information via Cognos. In addition, PeopleSoft deliveres charting
functions which can be used to create a graph from any PeopleSoft application table.

Can reports be triggered from a combination of tablessome in HR and others in

SIS?

Yes, reports can be created from data in multiple PSFT modules.

How does Blackboard co-exist with PS Portal? For instance, does access to
information links appear in both (my services module vs. Enterprise links)?

PeopleSoft and Blackboard have a constantly evolving relationship where Blackboard

data can be incorporated into the PeopleSoft via pagelet. Bowling Green can define
the links to Blackboard and the integration routines so that the users do not have to
sign in again to the Blackboard transactions they are attempting to view. Other
integration capabilities are going to be delivered that incorporate web service
technology so that transactional data can be seamlessly incorporated into the
PeopleSoft Portal application.

Can views be created by user offices?

Via PeopleTools, views can be created by users with the appropriate security. System
or data administrators who are familiar with the detailed data structures, which make
up the PeopleSoft data model, typically create views. With the input from the user
community, the system or data administrators can create custom views so that data
can be grouped logically and seen as one logical grouping instead of multiple tables.

Can you limit user access to data or roles based on time of day via roles or is it
based on user ID?

Page 6 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)
Restriction can be set by time of day as defined in the primary permission list
assigned to a user id.

Can you ensure audit trail data cannot be altered in any way?

The PeopleSoft application has a detailed security model which prevents everyone
from being able to alter the audit data that is stored. In a relational data model, only
the trusted DBA who has the highest level of database authority can have update
authority on this data.

Does PS have real time integration with all external databases including VSAM,
etc.?

PeopleSoft integration capabilities with mainframe data can be achieved in real time
by using the PeopleSoft Integration Broker technology in conjunction with IBM
Websphere or 3rd party applications such as Jacada.

Since a lot of the security information, permissions, etc., is stored in PeopleSoft

and not in the database, what happens if we need to migrate away from
PeopleSoft to a new application someday?

The security setup in the PeopleSoft application is local to the PeopleSoft application.
However, PeopleSoft is LDAP compliant, which allows security permissions to be
stored outside of the application, and can be transferred to other applications when
necessary.

Can we do snapshot reporting at a specific time in the past?

Yes. PeopleSoft uses effective dating so that transactions can be reported as a

snapshot in time.

Where is the actual role and authority data stored? Is it held in the database? Can
we use existing LDAP authentication information? Can we store role data in
LDAP groups?

Yes, Roles are comparable to groups in LDAP. PeopleSoft gives you the ability to
assign roles to existing LDAP groups in mass using our delivered LDAP interface.

Need more clarification on how to interface with other systems. Example: MBS,
or bookstore system. They need to know who is eligible to make charges, then
send that charge to their bursar account or their department account.

When making charges directly into the PS system, Student Financials Business Unit
security as well as Item Type security can be used to control the posting of charges to

Page 7 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)
various accounts. The latter is really about giving access to only those accounts (i.e.
Item Types) that end users should have access too. For instance, the Parking
department can only have access to and post Parking charges. They cannot post a
tuition charge, for example. All accounts are mapped to the General Ledger when
posted within the student system.

Please clarify authentication, creation and use of electronic signatures.

Electronic signatures within PeopleSoft can include appending an Electronic

Signature or bitmap (image) of a signature to a transaction at run time or digitally
signing a transaction using PKI. At the transaction level both methods will include
minor customization when appending a signature. BGSU will be required to purchase
a license from a trusted (CA) i.e. (Entrust, VeriSign) when attempting to digitally sign
transactions. PeopleSoft delivers the tools and container to store certificates from a
licensed CA on the Web Server for use at run time.

In the interest of automating password changes and synchronization, what format

is the password stored in and do we need to feed passwords to the change
mechanism in clear text or can we feed it in some pre-encoded form.

PeopleSoft passwords are Hashed when stored to the database. PeopleSoft delivers a
Single Signon process, which will allow BGSU to store different Passwords for a user
in different modules but only require the User to know 1 UserID and Password for
system wide authentication thereby circumventing any need for password
synchronization. When using LDAP passwords will be stored and maintained within
the Directory Service and not PeopleSoft. Below is an example of the PeopleSoft
signon process:
1

The user enters the User ID and password into the PeopleSoft signon page.

If the login to the Psoft application server is successful, the server generates a single signon token. The web
server receives the single signon token from the application server, and issues a cookie to the browser.

The user navigates in the application and encounters a hyperlink to the external system. The user clicks on the
link.

The browser passes the PS_TOKEN cookie to your external web server.

The external web server checks for the PS_TOKEN cookie before displaying a signon page.

Once it is determined that the user is accessing your application through PeopleSoft, you retrieve the
authentication token and send it to the PRTL_SS_CI component interface to verify authentication. For instance,
Call PRTL_SS_CI.Authenticate(Auth. token string)

After the system authenticates the token, the system can then make calls to the PRTL_SS_CI.Get_UserID()
function to return the appropriate User ID.

Page 8 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)

How many current clients use row level or field level security?

We dont have exact statistics on this type of metric from our clients, but it is
believed that almost all clients have row level security and most have implemented
some form of field level security.

How are the roles initially assigned to the database of users of the system:
students, faculty, employees and all combinations?

Roles can be assigned by a security administrator by hand, or they can be assigned

dynamically by security queries or PeopleCode based on events in the system (i.e.
promotions, workflow events, conditions, etc.) A dynamic role can be assigned based
on characteristics of a user and can be unassigned when the characteristics change.
Dynamic roles allow permissions to be assigned based on business events that may be
temporary, but necessary to get work done in normal business processing.

Is there a limited number of roles or views that you can create?

No. Unlimited.

How much time must DBA team spend on occasional security problem diagnosis?

DBA time varies, but will decrease as time goes on and the system has been in
production. The DBA will be required to monitor the health of the database to make
sure response time is adequate.

Who updates SQL or PeopleCodeBGSU or PeopleSoft?

PeopleSoft delivers a robust application design application called PeopleTools.

PeopleTools allows Bowling Green to alter or create new functionality in the
PeopleSoft application to fit Bowling Greens unique requirements. The changes
Bowling Green creates or applies are tracked by PeopleSoft, so when upgrades occur,
those changes are applied and not lost. The PeopleSoft Upgrade Manager controls
this process.

Who typically maintains the views related to field level security?

Security administrators who have access to PeopleTools typically maintain the views
related to field level security.

Page 9 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)

What process or tools eliminates duplicate accounts or people from the system if
they have been added by mistake?

PeopleSoft, as defined by BGSU, can setup data validation rules so that when
accounts are created, duplicate data will not be input into the system. However,
FirstLogic also has tools to identify accounts that may be duplicates that are not
caught by the data validation rules.

Can BGSU define custom roles and security? Can users view specific fields only
or is it all or nothing?

Via the security administration tools in PeopleSoft, BGSU can define their own
custom roles and permission lists based on their own unique requirements. Security
can be defined at multiple levels so that the appropriate level of access is granted to a
users based on the type of transaction that is being issued, or blanket security given to
that user. Users can view specific fields on a page based on field level security. Each
user or role can see different fields based on security access.

How can a view be tied to an application routine?

Views, which are a logical grouping of physical tables, are created by a system or
data administrator in the application designer; a component of PeopleTools. The
fields in a view can be placed on a page just as a physical record (or table) has its
fields defined on a page. Views are typically used to group similar data and present
multiple records (or tables) in one view.

Can Java web server be other than WebLogic/WebSphere (such as TomCat)?

PeopleSoft supports:
Web Servers
BEA WebLogic Server
IBM WebSphere Server
Optional Reverse Proxy Servers (HTTP Servers):
Microsoft IIS v4 on Windows NT 4
Microsoft IIS v5 on Windows 2000
iPlanet Web Server, Enterprise Edition
Apache (WebLogic only)
IBM HTTP Server (IHS) (WebSphere only). Packaged with WebSphere install.

What application are you using for single sign-on?

Single Sign-on is delivered for the PeopleSoft application from PeopleSoft. It is

PeopleSofts own application. PeopleSoft can be incorporated with other SSO
applications like Netegrity or Oblix.

Page 10 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)

How do we maintain changes or upgrade for these database and field changes?

The Upgrade Manager utility, which is part of PeopleTools, manages the PeopleSoft
upgrade processes. When a change is made by Bowling Green to any object in the
PeopleSoft application, the metadata for that object is updated and defined as a user
defined change so that during the upgrade process, all changes are captured, verified,
and migrated with the Upgrade Manager. The Upgrade Manager manages the
upgrade process.

How are they available in different regions? Example: If you want to modify a
screen by adding a new field, how would you do this change and be able to test
without modifying the production screen?

In a typical PeopleSoft architecture, most customers have a development, test, and

product environments. This is so enhancements to the PeopleSoft application can be
thoroughly tested before the changes and migrated to the production environment.
PeopleSoft has a process called Data Mover, which manages the process of moving
changes from one PeopleSoft landscape (i.e. Development to Test, Test to
Production). PeopleSoft recommends having a development and/or test environment
so that changes can be tested without impacting production systems.

Can a username change or must the username be deleted and readded?

In the security administrator, if a user name must be changed, the following process
should be followed:
1) Copy the existing user profile name to the new profile name
2) Test the sign in process to the new user profile name
3) Delete the old user profile name

What version of WebLogic is used?

WebLogic 6.1 is the current supported level.

Will business rules will be modified by PeopleTools and PeopleCode?

Business Rules can be defined in multiple locations in PeopleSoft depending on the

events being defined. For example, security is setup via the security administrator in
the PeopleSoft application. Financial configurations, such as General Ledger setup,
are done via the Financials module, and likewise for benefits in Human Resources. In
some cases, business rules will need to be defined in PeopleTools, such as workflow
branching configurations. There may be times during that process that PeopleCode
will need to be written. However, most business rules are defined in the PeopleSoft
applications themselves without a line of code being written.

Page 11 of 12

Student 10/28/03

Bowling Green State University

Demonstration Questions Technical (Day 1)

Are the queries that appear on the portal page processed realtime only or can they
be cached or set to expire results within a specific time frame?

The queries in the portal pagelets are run real-time when the user logs in or clicks on
the refresh button on the pagelet or the browser.

How are changes deployed from development to test without recreating elements?

In a typical PeopleSoft architecture, most customers have a development, test, and

product environments. This is so enhancements to the PeopleSoft application can be
thoroughly tested before the changes and migrated to the production environment.
PeopleSoft has a process called Data Mover, which manages the process of moving
changes from one PeopleSoft landscape (i.e. Development to Test, Test to
Production). PeopleSoft recommends having a development and/or test environment
so that changes can be tested without impacting production systems.

Over time BGSU may have multiple changes to the system. When implementing
a new release of PeopleSoft, does PeopleSoft automatically account for these
changes? If not, does PS inform DBA of changes to the system?

The Upgrade Manager utility, which is part of PeopleTools, manages the PeopleSoft
upgrade processes. When a change is made by Bowling Green to any object in the
PeopleSoft application, the metadata for that object is updated as a user defined
change, so that during the upgrade process, all changes are captured, verified, and
migrated. As part of the upgrade process, a report will be created stating what was
changed by Bowling Green. Bowling Green will have the option to carry forward all
modifications they made, or only carry forward a sub set of changes. This process is
all defined via the Upgrade Manager.

Is all security done by a master admin or are there sub admins.? Can some
security be delegated?

Both. Security can be centralized or decentralized to sub admins in departments or

organizations. Typically a central security administrator creates the permission lists
and roles needed. Administration at the department level can be decentralized and the
responsibility for role assignment can be delegated to a super user in each department.

Wireless access has been mentioned in a number of contexts. Which means of

access are supported, i.e., WAP, browser-based, etc,

PeopleSoft supports WAP enabled devices and PocketPC devices. Please refer to the
Hardware and Software guide for supported device

Page 12 of 12

Student 10/28/03