Query Security

March 3, 2008 Bala Leave a comment Go to comments

Query is a PeopleTool that helps you build SQL queries to retrieve information from your application tables. Query takes advantage of users security settings, row-level security, and primary permission list. For each Query user, you can specify the records they are allowed to access when building and running queries. We can achieve this by creating Query Access Groups in the Query Access Group Manager, and then you assign users to those groups with Query permissions.

Query Access Group Trees:

Trees are a graphical way of presenting hierarchical information. PeopleSoft Query uses query access group trees to control the access of the tables in your PeopleSoft database. Define a hierarchy of PeopleSoft record definitions, based on logical or functional groupings, and then give users access to one or more nodes of the tree. Users can retrieve information only from those tables whose record definitions to which they have access. Nodes: Query access group trees contain two types of Nodes: groups and records. o Groups are a logical representation of a set of child groups or records. It is similar to folder in Windows. o Records represent a PeopleSoft record definition. Structure: o Always use the ACCESS_GROUP Tree Structure. o Do not use SetID or UKV/BU. o Do not have Details. o Do not use Levels. o No Branches. Requirements: o The Root Node is always a group. o Groups must be unique in a given Tree while records definitions can be repeated. o Groups and records could have Child Groups and Child Records. o Each record needs a unique fully qualified path in the tree. You cant add the same record under the same parent node (group or record). To open an existing Query Access Group Tree, Select PeopleTools, Security, Query Access Manager. Create custom Query Access Group suitable to your organization. Create functional group names and add records under the group. To Add the Query Access Groups to user: o Open the primary Permission List for the user o Go to Query Tab o Click on Access Group Permissions. o Add the tree name, select the proper Access Group, Select Accessible button. Repeat to add more Access groups. o Save the permission List.

Row Level Security:

By default, when you give Query users access to a record definition, they have access to all the rows of data in the table built using the associated record definition.

With row-level security, users can have access to a table without having access to all rows on that table. This type of security is typically applied to tables that hold sensitive data. For example, you might want users to be able to review personal data for employees in their own department, but not for people in other departments. You would give everyone access to the PERSONAL_DATA table, but would enforce row-level security so that they could only see rows where the DEPTID matches their own. PeopleSoft applications implement row-level security by using a SQL view that joins the data table with an authorization table. When a user searches for data in the data table, the system performs a related record join between the view and the base table rather than searching the table directly.

Query Security Record Definitions:

You implement row-level security by having Query search for data using a query security record definition. The query security record definition adds a security check to the search. Query security record definitions serve the same purpose as search record definitions do for panels. Just as a panels search record definition determines what data the user can display in the panel, the query security record definition determines what data the user can display with Query. To get Query to retrieve data by joining a security record definition to the base table, you specify the appropriate Query Security Record when you create the base tables record definition.

To apply row level security: 1. Select PeopleTools, Application Designer to open the Application Designer, and open the record on which you want to apply row-level security. 2. With the record definition open in the Application Designer, click the Properties button, and select the Use tab from the Record Properties dialog box. 3. Select the security record definition (usually a view) in the Query Security Record list box. 4. Once youve set the query security record definition, click OK to close the Record Properties dialog box, then save the record definition. If youve already used SQL Create to build a table from this record definition, you dont need to rebuild it. Note. PeopleSoft row-level security views restrict users from seeing certain rows of data. To secure data through the search record, simply put one of the three Row Level Security fields on your record as a Key, not a List Box Item. The three Row Level Security fields are OPRID (User ID), OPRCLASS (Primary Permission List), and ROWSECCLASS (Row Security Permission List). If one of these fields is on the search record as a Key, not a List Box Item, PeopleTools does the following. PeopleTools adds a WHERE clause when it performing a SELECT through the record forcing the value to be equal to the current users value.

Inside PeopleSoft trees - or - Photosynthesis at PeopleSoft

I've talked with many PeopleSoft customer who have needed to use PeopleSoft trees outside of nVision, Query, or Cube Manager. One of the services I had pushed for was to add this functionality into PeopleCode (especially app engine). Doesn't Tree Manager already have an API? Sort of. Although there is an API available in PeopleCode for trees (called the tree classes), these APIs are focused on describing and maintaining trees (essentially tree manager functions). However, as any good BI person will tell you, it's not the act of maintaining a dimension that's important... it's what you can do with the dimension when you join it to other stuff.

So, what sort of things would you want to do? The things you would want to do is to filter data with a tree or subtotal data using a tree as the grouping mechanism. The former is available to both nVision and PS/Query as either Filtering criteria or "in tree" criteria. The latter is only available in nVision through nPlosion. However, there are lots of things outside of nVision or Query that you would want to do.

Aggregate data using the tree. Those familiar with Summary ledgers in GL understand the concept. You can aggregate data using a tree for other purpose, such as improving performance for downstream processes. For example, if you want to display a count of reported problems by product family for all product families, you're doing this type of aggregation at the product family level of the tree. Filter data using the tree. This is generalizing the "in tree" criteria in PS/Query. A couple of good examples of this are the batch programs used in GL for selecting open receivables to restate, or for selecting what data to use in Allocations. Another example of where this would be valuable would be in search records, where you could find all cases for eastern region customers, that are reported against any product in the Finanicals product line.

Today, PeopleSoft applications and customers use the technique I'm describing below to accomplish this. First, a little more on Trees The first thing to understand is how trees work. A tree is not a standard structure (such as a strict selfreferencing table, as described in Ralf Kimball's definitive book on data warehousing), or a standard denormalized structure. It has a unique structure that allows it to do the following things: Things that are not supported well by denormalized tables.
1. 2. 3. It supports unbalanced (or ragged) hierarchies. It supports dynamic leveling. It supports joining at any level of the hierarchy.

Things that are not supported well by a self-referencing table.

1. It supports finding all children at any level in a single SQL statement regardless of the number of intermediate levels.

So, how does it do it? The key to it is the data model, and the fields added to it (that are maintained by tree manager). Here are the tables in the model:

PSTREEDEFN - This identifies the tree, and the attributes of it (such as where to get application attributes of the nodes, leafs, and levels). PSTREENODE - This is the heart of the tree. It is a self-referencing table that also has additional attributes to facilitate non-recursive access to children of a node. PSTREELEAF - This maps a node to the sets of leafs or detail values that can be used with it. This can be thought of as the "leaf" level in the BI world, but that the leafs can be attached to any level of the tree, even to nodes that have children nodes. User tables - These are tables that store additional attributes to the node, leaf, or level, such as description, size, manager, etc. This allows a tree to be defined against any data element in the application and also opens up a whole host of opportunities for using trees in a given customer enviornment.

It's also important to understand that the tree definition is the starting place for everything, and that all the tools owned tables (i.e. not the user tables) strictly follow the key structure of the tree definition. Because trees are effective dated and utilize setid indirection, this is an important thing, because effective dating and setid indirection is only evaluated for the PSTREEDEFN table and the user tables. This logic is not used when joining between PSTREEDEFN and PSTREENODE. This means that from the perspective of effective dating, any nodes that have not changed between to tree instances are duplicated in the PSTREENODE table.

Once you've identified the tree you want to use (setid, tree name, and effdt are the unique keys), you also know the high order keys to use in the PSTREENODE table to get the nodes for that tree. Now, let's look at the structure of the PSTREENODE table:

Setid Tree Name Effdt TREE_NODE TREE_LEVEL_NUM TREE_NODE_NUM TREE_NODE_NUM_END PARENT_NODE_NUM

As you can see, this table is self-referencing (the PARENT_NODE_NUM tells you the NODE_NUM of a tree node's parent). However, tree manager also maintains the TREE_NODE_NUM_END field, which is what prevents the need to do a recursive set of selects to find all the descendants of a node. Tree nodes are strictly numbered. A tree nodes' descendents will always have a node number that is between the value of its TREE_NODE_NUM and TREE_NODE_NUM_END. Therefore, if I want to select all the descendents of the node "Assets", here is the SQL I would issue:

Select B.TREE_NODE, B.TREE_LEVEL_NUM from PSTREENODE A, PSTREENODE B where A.SETID = B.SETID and A.TREE_NAME = B.TREE_NAME and A.EFFDT = B.EFFDT and A.TREE_NODE = "Assets" and B.TREE_NODE_NUM between A.TREE_NODE_NUM and A.TREE_NODE_NUM_END
You could also filter by level number to get the descendents at a given level. Now, to add in the leafs. For winter trees, this step is not necessary (winter trees are trees where the nodes themselves represent data points of interest, such as positions, whereas with summer trees, the nodes are the hierarchy that categorizes something else, such as most account trees or customer trees). Because leafs are essentially mapping tables, you either join them directly to another table (either the user table to get attributes, or a fact table to get rows). However, for performance purposes, most PeopleSoft processes will stage the data values before joining it to a fact table.
Getting back to the subject at hand, here's the table structure of the PSTREELEAF table:

Setid Tree Name EFFDT TREE_NODE_NUM RANGE_FROM RANGE_TO DYNAMIC_DTL_FLG

As you can see, the high level keys are again the same. Also, you can see that the mapping to the tree node is by node ID, and the mapping to the target table is by either individual key values or by range.

So, let's say we want to find out all account numbers and account types for all accounts under the "Asset" node of the tree. Now, there are three things that need to be looked up in order to determine what to put in the SQL:
1. 2. 3. The table and field where the Accounts are stored. This is stored in a tree table I haven't discussed, which is the PSTREESTRUCT table (which has a reference in the tree defninition). The setid to use for the accounts. As mentioned, setid indirection occurs when going after the user tables. Depending on where your getting your business unit or setid, you will have to do the lookup separately (which is a more complex topic, but is often hard-coded at a customer anyway). The effective date to use for the accounts. Again, this occurs when going after the user table. This means that you have to perform the standard correlated subquery for effective date logic. I won't go into detail on this in this posting, but you can see the SQL by building a query against the table in PS/Query.

So, your SQL will look like the following when after the list of accounts under a tree node:

Select C.ACCOUNT, C.ACCOUNT_TYPE from PSTREENODE A, PSTREELEAF B, GL_ACCOUNT_TBL where A.SETID = B.SETID and A.TREE_NAME = B.TREE_NAME and A.EFFDT = B.EFFDT and A.TREE_NODE = "Assets" and B.TREE_NODE_NUM between A.TREE_NODE_NUM and A.TREE_NODE_NUM_END and C.ACCOUNT between B.RANGE_FROM and B.RANGE_TO
As you can see, this SQL statement didn't have to look at any children nodes at all! Because the leafs are attached using node numbers, and the range on the tree node record identifies all the node numbers of all its children, you could join the leaf directly to the node. Now, it's important to note that this SQL will not perform in DB2, because indexes are not used when joining two fields of different size (which is why nVision has 30 different tables for staging the join between the tree leaf and the data table). Staging the join As mentioned previously, when joining to a fact or data table, one generally stages the join into an intermediate table. nVision and all other PeopleSoft delivered processes use selector tables (in nVision it's PSTREESELECT##, where the ## represents the field size of the field joined to. In nVision, there's a whole subsystem dedicated to managing what goes into the PSTREESELECT tables. For the purposes of this discussion, you can merely create your own selector tables that identify what you are putting in there, and the set of values that it represents. Let's assume, for example, you have a table called "PS_ACCOUNT_TREE_FLAT" to represent the flattened account tree. The SQL to load the data related to the "Assets" node might look as follows:

Insert into PS_ACCOUNT_TREE_FLAT as Select "Assets", B.RANGE_FROM, B.RANGE_TO from PSTREENODE A, PSTREELEAF B where A.SETID = B.SETID and A.TREE_NAME = B.TREE_NAME and A.EFFDT = B.EFFDT and A.TREE_NODE = "Assets"

and B.TREE_NODE_NUM between A.TREE_NODE_NUM and A.TREE_NODE_NUM_END

You could then join to the ledger table as follows:

Select Sum(B.POSTED_TOTAL_AMT) from PS_ACCOUNT_TREE_FLAT A, PS_LEDGER B where A.FILTERED_NODE = "Assets" and B.ACCOUNT between A.RANGE_FROM and A.RANGE_TO
Hopefully, this gives a starting point to determining how to approach this. I suggest playing around with a SQL editor and PS/Query to make sure you understand (I did the same thing with nVision when I was first learning). Keep in mind, however, that the SQL that gets displayed in either an nVision trace or the SQL tab in Query does not include the SQL for populating that tree select table. However, it does show the filtering conditions used for joining the select table to the data table. You can select directly against the tree select table to see what values were put in it, and then look at the PSTREE% tables to compare the two. Follow-on Info For those who use tree manager extensively, we recently added a product that makes it easier to maintain multiple trees together. Additional information can be found here. A demo of this product can be found here.

Using WebLogic Server Console to Monitor PeopleSoft Sessions

October 10, 2008 Bala 1 comment This is Taken from PeopleBooks PeopleTools 8.49. TheWebLogic Server console can display a list of established HTTP sessions for that instance of the WebLogic Server. Session Monitoring is automatically enabled for WebLogic. These instructions describe how monitor the single server configuration of PIA. When in production, note that a multi server configuration would be used to perform these steps to the server instance that you intend to monitor, such as PIA1 or PIA2, or both. 1. Start the PIA server.Start the PIA server either using startPIA.cmd(.sh) or, if installed as a Windows service, NET START peoplesoft-PIA. 2. Log on to PeopleSoftLog on to your PeopleSoft application. If possible, log on from a couple different workstations using different PeopleSoft IDs. For the purpose of this test, do not log off. 3. Log on to the WebLogic Server Administrative Console.In a new browser, access the WebLogic Server console at http://weblogichost:port/console and specify the WebLogic administrative ID you specified during the PIA installation. The default ID and password are system/password, respectively. 4. Monitor established HTTP sessions for the PORTAL web application.On the left, use the following navigation to view the list of established HTTP sessions for the PORTAL web application: 1. Click Deployments, and view the deployment list in the right hand window. 2. Click PeopleSoft. 3. Select the Control tab. 4. Select the PORTAL application module, where the context root of the module is /. 5. Select the Monitoring tab. 6. Select the Sessions tab.

Note. You can customize the list of fields that you want to monitor using the Customize this table link. Categories: PS Admin Tags: WebLogic Server Console

BEA Tuxedo Commands & Utilities

September 22, 2008 Bala Leave a comment http://www.peoplesoftexpert.com/mediawiki/index.php/Bea_Tuxedo The above link gives a list of BEA Tuxedo Commands and Utilities. Categories: PS Admin Tags: BEA Tuxedo Commands & Utilities

PeopleTools client installation Batch file

September 19, 2008 Bala 3 comments To install PeopleTools client on individual machine, you may create a batch file with the folloiwng lines in it and execute it to create Peopletools Client. @echo off [PS_HOME]\bin\client\winx86\pscfg -clean -quiet echo Setting up PeopleTools Environment [PS_HOME]\bin\client\winx86\pscfg -import:[PS_HOME]\peoplesoft.cfg -setup -quiet [PS_HOME] could be like C:\PSFT\FN88PRD\ peoplesoft.cfg is the configuration file. Categories: PS Admin Tags: Client installation Batch File

SQL server database audit

September 14, 2008 Bala Leave a comment We had a requirement to audit any SQL actions a user executes on any table, by loggin into SQL Query Analyser. We used SQL profiler to create a script as given below. Using the script, we created a new procedure in master database with an automatic start-on-restart option turned on. Once we restart sql server, the audit process start writing to a file which can be opened from SQL profiler. This file starts a new file once it reaches the file size maximum limit defined in the script or whenever SQL Server is rebooted. You may modify this script based on your requirement. CREATE PROCEDURE dbo.dba_startup_audit AS Create a Queue declare @rc int declare @TraceID int declare @maxfilesize bigint DECLARE @File NVARCHAR(100) Declare @Year nvarchar(10)

Declare @Month nvarchar(10) Declare @Day nvarchar(10) Declare @Hour nvarchar(10) Declare @Minute nvarchar(10) set @Year = DATEPART(year,GETDATE()) set @Month = DATEPART(month,GETDATE()) set @Day = DATEPART(day, GETDATE()) set @Hour = DATEPART(hour, GETDATE()) set @Minute = DATEPART(minute, GETDATE()) SET @File = NC:\temp\db_audit_trace+@Year+@Month+@Day+@Hour+@Minute set @maxfilesize = 10 exec @rc = sp_trace_create @TraceID output, 2, @File, @maxfilesize, NULL if (@rc != 0) goto error Set the events declare @on bit set @on = 1 exec sp_trace_setevent @TraceID, 10, 1, @on exec sp_trace_setevent @TraceID, 10, 2, @on exec sp_trace_setevent @TraceID, 10, 6, @on exec sp_trace_setevent @TraceID, 10, 8, @on exec sp_trace_setevent @TraceID, 10, 10, @on exec sp_trace_setevent @TraceID, 10, 11, @on exec sp_trace_setevent @TraceID, 10, 12, @on exec sp_trace_setevent @TraceID, 10, 14, @on exec sp_trace_setevent @TraceID, 10, 22, @on exec sp_trace_setevent @TraceID, 10, 35, @on exec sp_trace_setevent @TraceID, 12, 1, @on exec sp_trace_setevent @TraceID, 12, 2, @on exec sp_trace_setevent @TraceID, 12, 6, @on exec sp_trace_setevent @TraceID, 12, 8, @on exec sp_trace_setevent @TraceID, 12, 9, @on exec sp_trace_setevent @TraceID, 12, 10, @on exec sp_trace_setevent @TraceID, 12, 11, @on exec sp_trace_setevent @TraceID, 12, 12, @on exec sp_trace_setevent @TraceID, 12, 14, @on exec sp_trace_setevent @TraceID, 12, 22, @on exec sp_trace_setevent @TraceID, 12, 35, @on exec sp_trace_setevent @TraceID, 12, 41, @on exec sp_trace_setevent @TraceID, 13, 1, @on exec sp_trace_setevent @TraceID, 13, 2, @on exec sp_trace_setevent @TraceID, 13, 6, @on exec sp_trace_setevent @TraceID, 13, 8, @on exec sp_trace_setevent @TraceID, 13, 9, @on exec sp_trace_setevent @TraceID, 13, 10, @on exec sp_trace_setevent @TraceID, 13, 11, @on exec sp_trace_setevent @TraceID, 13, 12, @on exec sp_trace_setevent @TraceID, 13, 14, @on exec sp_trace_setevent @TraceID, 13, 22, @on exec sp_trace_setevent @TraceID, 13, 35, @on exec sp_trace_setevent @TraceID, 13, 41, @on

exec sp_trace_setevent @TraceID, 14, 1, @on exec sp_trace_setevent @TraceID, 14, 2, @on exec sp_trace_setevent @TraceID, 14, 6, @on exec sp_trace_setevent @TraceID, 14, 8, @on exec sp_trace_setevent @TraceID, 14, 9, @on exec sp_trace_setevent @TraceID, 14, 10, @on exec sp_trace_setevent @TraceID, 14, 11, @on exec sp_trace_setevent @TraceID, 14, 12, @on exec sp_trace_setevent @TraceID, 14, 14, @on exec sp_trace_setevent @TraceID, 14, 22, @on exec sp_trace_setevent @TraceID, 14, 35, @on exec sp_trace_setevent @TraceID, 14, 41, @on exec sp_trace_setevent @TraceID, 15, 1, @on exec sp_trace_setevent @TraceID, 15, 2, @on exec sp_trace_setevent @TraceID, 15, 6, @on exec sp_trace_setevent @TraceID, 15, 8, @on exec sp_trace_setevent @TraceID, 15, 9, @on exec sp_trace_setevent @TraceID, 15, 10, @on exec sp_trace_setevent @TraceID, 15, 11, @on exec sp_trace_setevent @TraceID, 15, 12, @on exec sp_trace_setevent @TraceID, 15, 14, @on exec sp_trace_setevent @TraceID, 15, 22, @on exec sp_trace_setevent @TraceID, 15, 35, @on exec sp_trace_setevent @TraceID, 15, 41, @on exec sp_trace_setevent @TraceID, 17, 1, @on exec sp_trace_setevent @TraceID, 17, 6, @on exec sp_trace_setevent @TraceID, 17, 8, @on exec sp_trace_setevent @TraceID, 17, 9, @on exec sp_trace_setevent @TraceID, 17, 10, @on exec sp_trace_setevent @TraceID, 17, 11, @on exec sp_trace_setevent @TraceID, 17, 12, @on exec sp_trace_setevent @TraceID, 17, 14, @on exec sp_trace_setevent @TraceID, 17, 22, @on exec sp_trace_setevent @TraceID, 17, 35, @on exec sp_trace_setevent @TraceID, 17, 41, @on exec sp_trace_setevent @TraceID, 40, 1, @on exec sp_trace_setevent @TraceID, 40, 2, @on exec sp_trace_setevent @TraceID, 40, 6, @on exec sp_trace_setevent @TraceID, 40, 8, @on exec sp_trace_setevent @TraceID, 40, 10, @on exec sp_trace_setevent @TraceID, 40, 11, @on exec sp_trace_setevent @TraceID, 40, 12, @on exec sp_trace_setevent @TraceID, 40, 14, @on exec sp_trace_setevent @TraceID, 40, 22, @on exec sp_trace_setevent @TraceID, 40, 35, @on exec sp_trace_setevent @TraceID, 41, 1, @on exec sp_trace_setevent @TraceID, 41, 2, @on exec sp_trace_setevent @TraceID, 41, 6, @on

exec sp_trace_setevent @TraceID, 41, 8, @on exec sp_trace_setevent @TraceID, 41, 10, @on exec sp_trace_setevent @TraceID, 41, 11, @on exec sp_trace_setevent @TraceID, 41, 12, @on exec sp_trace_setevent @TraceID, 41, 14, @on exec sp_trace_setevent @TraceID, 41, 22, @on exec sp_trace_setevent @TraceID, 41, 35, @on exec sp_trace_setevent @TraceID, 46, 1, @on exec sp_trace_setevent @TraceID, 46, 2, @on exec sp_trace_setevent @TraceID, 46, 6, @on exec sp_trace_setevent @TraceID, 46, 8, @on exec sp_trace_setevent @TraceID, 46, 10, @on exec sp_trace_setevent @TraceID, 46, 11, @on exec sp_trace_setevent @TraceID, 46, 12, @on exec sp_trace_setevent @TraceID, 46, 14, @on exec sp_trace_setevent @TraceID, 46, 22, @on exec sp_trace_setevent @TraceID, 46, 34, @on exec sp_trace_setevent @TraceID, 47, 1, @on exec sp_trace_setevent @TraceID, 47, 2, @on exec sp_trace_setevent @TraceID, 47, 6, @on exec sp_trace_setevent @TraceID, 47, 8, @on exec sp_trace_setevent @TraceID, 47, 10, @on exec sp_trace_setevent @TraceID, 47, 11, @on exec sp_trace_setevent @TraceID, 47, 12, @on exec sp_trace_setevent @TraceID, 47, 14, @on exec sp_trace_setevent @TraceID, 47, 22, @on exec sp_trace_setevent @TraceID, 47, 35, @on exec sp_trace_setevent @TraceID, 82, 1, @on exec sp_trace_setevent @TraceID, 82, 6, @on exec sp_trace_setevent @TraceID, 82, 8, @on exec sp_trace_setevent @TraceID, 82, 9, @on exec sp_trace_setevent @TraceID, 82, 10, @on exec sp_trace_setevent @TraceID, 82, 11, @on exec sp_trace_setevent @TraceID, 82, 12, @on exec sp_trace_setevent @TraceID, 82, 14, @on exec sp_trace_setevent @TraceID, 82, 22, @on exec sp_trace_setevent @TraceID, 82, 35, @on exec sp_trace_setevent @TraceID, 82, 41, @on exec sp_trace_setevent @TraceID, 104, 1, @on exec sp_trace_setevent @TraceID, 104, 2, @on exec sp_trace_setevent @TraceID, 104, 6, @on exec sp_trace_setevent @TraceID, 104, 8, @on exec sp_trace_setevent @TraceID, 104, 10, @on exec sp_trace_setevent @TraceID, 104, 11, @on exec sp_trace_setevent @TraceID, 104, 12, @on exec sp_trace_setevent @TraceID, 104, 14, @on exec sp_trace_setevent @TraceID, 104, 22, @on exec sp_trace_setevent @TraceID, 104, 35, @on

 Set the Filters declare @intfilter int declare @bigintfilter bigint exec sp_trace_setfilter @TraceID, 10, 0, 7, NPeople% exec sp_trace_setfilter @TraceID, 10, 0, 7, Nsqlmon.pl exec sp_trace_setfilter @TraceID, 10, 0, 7, NSQL Profiler exec sp_trace_setfilter @TraceID, 10, 0, 7, NSQLAgent% exec sp_trace_setfilter @TraceID, 10, 0, 7, NMS SQLEM% exec sp_trace_setfilter @TraceID, 10, 0, 7, Nsqlsvr_collector.pl% exec sp_trace_setfilter @TraceID, 10, 0, 7, Nsqlsvr_backup_collector.pl% exec sp_trace_setfilter @TraceID, 10, 0, 7, Nps_app_version_pop.pl% exec sp_trace_setfilter @TraceID, 10, 0, 7, NSQLDMO% exec sp_trace_setfilter @TraceID, 10, 1, 6, NSQL Query Analyzer% exec sp_trace_setfilter @TraceID, 1, 1, 6, NSelect% exec sp_trace_setfilter @TraceID, 1, 1, 6, NInsert% exec sp_trace_setfilter @TraceID, 1, 1, 6, NUpdate% exec sp_trace_setfilter @TraceID, 1, 1, 6, NCreate% exec sp_trace_setfilter @TraceID, 1, 1, 6, NDrop% exec sp_trace_setfilter @TraceID, 1, 1, 6, NDelete% set @intfilter = 100 exec sp_trace_setfilter @TraceID, 22, 0, 4, @intfilter exec sp_trace_setfilter @TraceID, 35, 1, 6, NHR83FS Set the trace status to start exec sp_trace_setstatus @TraceID, 1 display trace id for future references select TraceID=@TraceID goto finish error: select ErrorCode=@rc finish: GO exec sp_procoption Ndba_startup_audit, Nstartup, Ntrue GO Categories: PS Admin, PS DBA Tags: sql server database audit

Steps to check REN Server failure

August 4, 2008 Bala Leave a comment The REN Server is a Real Time Event Notification system that allows reports to be printed to a separate browser window. If you are getting Communication with REN Server failed (HTTP 403 Forbidden) error message, when trying to open a report to a separate browser window or trying to ping the REN server, then follow the following steps suggested by PeopleSoft for checking REN server. Case # 1: Make sure that you have the proper REN server permissions configured.

Navigate to PeopleTools > Security > Permissions and Roles > Permission Lists. Select the primary permission list that is tied to the user profile that you are testing with. You will also have to grant permissions to the USER ID that is configured for your Process Scheduler database signon settings, if that user is different than the one that you are currently logged in as. Once the permission list is up, go to the PeopleTools tab. Click on the Realtime Event Notification Permissions link in the middle of the page. On the next page, make sure that the access code for Reporting Window is set to full access. Next, go to the Web Libraries tab. Make sure that there is an entry for WEBLIB_RPT. If it is not there, then please add the library in. Once that is added, click on the edit link and make sure that the access permissions are set to full access. Make sure to save the changes before exiting. Next, navigate to PeopleTools > Portal > Node Definitions and click search to bring up all of your nodes. Sort so that your default local node is listed at the top. Click on the name link for the default local node and make sure that the Authentication Option is set to password and that a password has been entered. Finally, navigate to PeopleTools > Security > Security Objects > Single Signon. Make sure that your default local node is listed there. Case #2 If using an authentication domain, make sure that the REN server configuration is specifying the domain: -Navigate to PeopleTools -> REN Server Configuration -> REN Server Cluster -Select your REN Server Cluster -Verify Authentication Domain has been specified -Verify that the domain is specified in the REN Server Browser URL Case # 3 This case applies to PeopleTools 8.44 only. If the initial PIA deployment did not specify an Authentication Domain, but the environment now has one, it is necessary to add the Authentication Domain to the active Web Profile. Navigate to PeopleTools > Web Profile. Search for and select the active Web Profile. (If you do not know what Web Profile is currently active, check your configuration.properties file. It will tell you what Web Profile is currently active). Once you have the Web Profile up, the first tab should be labeled General. Make sure the field for Authentication Domain field on the General tab has your companys Authentication Domain (ex. mycompany.com). Make sure to save your changes and bounce the web server for the change to take effect, then go back and try running your Ping Test. Case # 4: One customer reported that in their REN Server Configuration > REN Server Definition page, the Application Server Domain name was case sensitive. After they changed the Application Server Domain name to match how it was defined through PSADMIN (in this case, to include lowercase characters), they were able to access the REN server. Case # 5: If you are still having issues after trying the suggestions above, then try clearing cache in case some Ren configuration changes were made, but cache was not cleared afterwards. To clear cache, bring down the PIA web server and the application server and clear the cache. Also, clear the cache and cookies from your browser and close all browser sessions. Restart the PIA web server and application server. Then run ping test again.

Using WebLogic Server Console to Monitor PeopleSoft Sessions

This is Taken from PeopleBooks PeopleTools 8.49. TheWebLogic Server console can display a list of established HTTP sessions for that instance of the WebLogic Server. Session Monitoring is automatically enabled for WebLogic. These instructions describe how monitor the single server configuration of PIA. When in production, note that a multi server configuration would be used to perform these steps to the server instance that you intend to monitor, such as PIA1 or PIA2, or both. 1. Start the PIA server.Start the PIA server either using startPIA.cmd(.sh) or, if installed as a Windows service, NET START peoplesoft-PIA. 2. Log on to PeopleSoftLog on to your PeopleSoft application. If possible, log on from a couple different workstations using different PeopleSoft IDs. For the purpose of this test, do not log off. 3. Log on to the WebLogic Server Administrative Console.In a new browser, access the WebLogic Server console at http://weblogichost:port/console and specify the WebLogic administrative ID you specified during the PIA installation. The default ID and password are system/password, respectively. 4. Monitor established HTTP sessions for the PORTAL web application.On the left, use the following navigation to view the list of established HTTP sessions for the PORTAL web application: 1. Click Deployments, and view the deployment list in the right hand window. 2. Click PeopleSoft. 3. Select the Control tab. 4. Select the PORTAL application module, where the context root of the module is /. 5. Select the Monitoring tab. 6. Select the Sessions tab. Note. You can customize the list of fields that you want to monitor using the Customize this table link.

PeopleTools client installation Batch file

To install PeopleTools client on individual machine, you may create a batch file with the folloiwng lines in it and execute it to create Peopletools Client. @echo off [PS_HOME]\bin\client\winx86\pscfg -clean -quiet echo Setting up PeopleTools Environment [PS_HOME]\bin\client\winx86\pscfg -import:[PS_HOME]\peoplesoft.cfg -setup -quiet [PS_HOME] could be like C:\PSFT\FN88PRD\ peoplesoft.cfg is the configuration file.

Report Distribution Report Manager

When we schedule a processes/Report to run by loggin in as say, VP1, then to see the output/report you have to login with the same User Id VP1. If the requirement is that another user need to see the same output/report, without using VP1 user id, then we need to do report distribution and give the user access to report manager so the user can view others reports. One way of achieving this as given below.

Add the following roles to user o ReportDistAdmin or ReportSuperUser(See the Note below). o Any role containing permission List CPPT1040 (gives access to Report manager) or similar one. To all the processes/reports that user needs to have access, add the userid to distribution list of that processe/report. o Go to the process/report run control page o Slect run control Id o Click run o Click distribution link for the process/report. o Select either a user and enter his User Id. o You have to submit the process/report, once for the distribution data you have entered to save. Submit the process/report for testing. Now if the user logs in and go to Administration tab in Report Manager, he could see the process/reports and link to see the output/report. User can see the output/report using process monitor also.

Note: The difference between the administrator (ReportDistAdmin) and super user (ReportSuperUser) roles is that the administrator role can access and update any report in the Report Manager. The super user role can update only reports that they are authorized to view. Report Manager related other blog entries are given below:

greysparling Report Manager Performance Using Report manager Report manager

Email distribution error

I tried to distribute a report by email, set distribution type as Email and format as PDF and enter either a user with proper email or enter a desired email in Distributio detail. The report ended with an error, saying unable to send email. I opened up the message log file and the error text was as shown below. 3 parameters Parameter 0 = psmail Parameter 1 = -INPUTC:\DOCUME~1\hrdev\Local Parameter 2 = Settings\Temp\PRCD3.tmpSMTP Settings: SMTPServer = outbound.smtp.net SMTPPort = 25 SMTPServer1 = SMTPPort1 = 0 SMTPSender = psadmin@peoplesoft.com SMTPSourceMachine = Error opening file, error code 2 Error opening file, error code 2 Error opening file, error code 2 Error opening file, error code 2 Error opening file, error code 2 Error opening file, error code 2ERROR: sender or recipient are missing.Command line arguments are incorrect Failure email not sent

This error is because User defined environment variables TEMP and TMP is set to a long string like C:\DOCUME~1\hrdev\Local Settings\Temp. The space in that string, makes one parameter split into two parameters. Obviously the paramter2 and parameter3 put separately makes the file location unreadable and hence email fails. To resolve this problem the User defined Environment variables TEMP and TMP should be set to a simple string like C:\temp, with no space in it. Since the User defined environment variables are user ID specific, Make sure that the user who boots the application server and process scheudler server should login and reset the TEMP and TMP user variable. After Changing the variable, the same user need to restart the process scheduler server. ************************************************************ Email Distribution Parameters:
The Email subject, Message Text, and Email Address List data entered on the email distribution page is stored in the PSPRCSRQSTTEXT table. The key for this table is process instance. SELECT * FROM PSPRCSRQSTTEXT WHERE PRCSINSTANCE = 123456

bea.jolt.ApplicationException: TPESVCFAIL
When you try to log online and you get the following error message: CHECK APPSERVER LOGS. THE SITE BOOTED WITH INTERNAL DEFAULT SETTINGS, BECAUSE OF: bea.jolt.ApplicationException: TPESVCFAIL application level service failure (PeopleSoft Solution ID 200766418 PT 8.44) This could be because of the Peoplsoft Default web profile user ID PTWEBSERVER got locked. Run the below SQL to resolve the above issue. UPDATE PSOPRDEFN SET ACCTLOCK=0 WHERE OPRID=PTWEBSERVER The PTWEBSERVER account provides the portal servlet with minimal security access, sufficient only to launch the portal environment, but without access to any pages or other PIA objects. This account uses the PTPT1500 permission list. Also before update the above sql, make sure that this user, role, and permission list are currently in your database by using the following SQLs. select * from PSCLASSDEFN where CLASSID = PTPT1500 select * from PSAUTHSIGNON where CLASSID = PTPT1500 select * from PSROLEDEFN where ROLENAME = PeopleTools Web Server select * from PSROLECLASS where ROLENAME = PeopleTools Web Server select * from PSOPRDEFN where OPRID = PTWEBSERVER select * from PSROLEUSER where ROLEUSER = PTWEBSERVER

Send email problem & SMTP Trace

To resolve any problem related to sending emails using SMTP server in PeopleSoft, we can enable SMTP trace option at appserver or process scheudler server level. This will produce the smtp log file giving us more details about why the send email is failing. Some common places where we could get the send email related issues are while Sendmail peoplecode function is failing when used in an application engine (process scheduler server related) or end users getting an online error message : Unable to Send Email, Invalid email ID etc while saving the page (Appserver related). The error message may not be sufficient to know exactly where is the problem. To get more details about why send email is failing, you need to add/update the following in your appserver configuration (psappserv.cfg) or batch server Configuration (psprcs.cfg) under SMTP Settings. SMTPTrace=1 ;1 means enabled, 0 Disabled. This setting is dynamic and does not require reboot of the Server, which is very good for troubleshooting in production environments. Once turned on, it will generate Trace file SMTP.LOG in LOGS Folder under $PS_HOME\appserv\domain_name\logs\SMTP.LOG for Appserver and $PS_HOME\appserv\prcs\domain_name\logs\SMTP.LOG for Batchserver. This SMTP.LOG will show in detail where exactly the send email is failing and help us to fix the problem. Once the problem is fixed, disable the SMTP trace option.

PSAE and PSAESRV

PSAESRV is Application Engine server processes that handles Application Engine requests PSAE is an executable that executes the application engine request. PeopleSoft conducted a study and shown that PSAE is just as good as PSAESRV for most practical purposes. If you have an AE job that runs longer than 10 sec, PSAE is equivalent to PSAESRV. PSAE has the added advantage of being recycled at the end of each AE job, cleaning up any outstanding SQL cursors to the database that may have been left behind. Since PSAE recycles after each use, it does not has any possible memory leakage problem that may occupied the precious system memory. In short, PSAE is a cleaner workhorse. To shutdown PSAESRV, when you configure the Process Scheduler, you can change the default of the PSAESRV instance to 0. Values for config section PSAESRV Max Instances =0 Recycle Count=1000 Allowed Consec Service Failures=2

ctrl+J command to show database name

By default the ctrl+J command in any peoplesoft online page gives you the following details Browser IE/6.0 Operating System WINNT Browser Compression ON (gzip)

Tools Release 8.45.18 Application Release Financials/SCM 8.80.01.000 Service Pack 1 Page VNDR_ID1_SUM Component VNDR_ID Menu MAINTAIN_VENDORS If you want to add the following more details to the above screen, User ID SYSADMIN Database Name FIN88T Database Type MICROSFT Application Server //123.34.5.67:9400 Open the configuration.properties file on your webserver and set connectionInformation=true as shown below. # If set to true, the database name and other potentially sensitive connection information # will appear in the HTML generated for use in a help display. # Default: false connectionInformation=true Save the configuration.properties file and reboot your webserver. Now the ctrl+J command will show the userid, database name, database type and application server name. From People Tools 8.48 onwards, we can do this online. Go to PeopleTools > Web profile > Web Profile > Web Profile Configuration Choose apporpriate Profile Name like PROD for production. On Web Profile Configuration, click on Debugging tab, and then check radio button for Show Connection & Sys Info. Save the Page.

Windows OS commands
Few common windows operating system related commands To know windows IP configuration go to command propmt and type ipconfig /all this shows detailed information about the IP configuration of the the server you have logged in. To know the connection status to another IP address, use ping ipaddress command To trace all the IP address that is between your current server to the destination IP address use tracert ipaddress command To know the hostname use hostname command, it will show the host name. To know all the prots on the server use the following command C:\> netstat -an The Netstat command can list currently used ports, which might be helpful if you suspect an application is

clashing with another one on an active port. The -an switch is used to show all connections and listening ports in numeric form.

Get up and running with the Tuxedo Administration Console

Posted by Tipster in Administration, Infrastructure, PeopleSoft, PS Admin, Tuxedo. trackback

April 2, 2007

I think Ive stumbled across a better way of remotely administering servers than using remote control software and PSADMIN. Theres a tool called the Tuxedo Administration Console (or sometimes WebGUI) which does the job also. It looks like this:

Once youve done a little bit of config (no more than 15 minutes, and its just config, theres nothing additional to install) you just point the web browser on your client PC to a URL and it loads up the above screen. You drop down the Domain menu to choose which App Server or Process Scheduler to administer, then use it to start and stop the domain, or you can do individual processes if you prefer. (For example, on my current client site we have a developer who frequently hangs the domain by using all of the PSAPPSERV processes during debugging. Using this tool, we could change the Max App Servers setting and then boot a couple of extra App Servers, all in a few clicks and without rebooting the domain.) These are the steps I took to get the Admin Console running (substitute your own machine names and ports where appropriate):

1. for each app server and process scheduler you wish to administer, edit the *.ubx file under either the app serv
or proc sched directories. Go to the PS_ENVFILE section and add: PS_SERVDIR={$PS_SERVDIR} PS_SERVER_CFG={$PS_SERVDIR}{FS}{CFGFILE} locate the webgui.ini file under <tuxedo install directory>\udataobj\webgui\ and in the second section add a line for each domain you wish to administer (i.e. a line for each app server or process scheduler). There are instructions in file, but the line will look something like this. DOMAIN=HR9DMO;D:\pshome\appserv\HR9DMO\PSTUXCFG

2.

3. Start the Tuxedo Web Server and Listener

cd /d d:\bea\tux* tuxwsvr -l //vm-hr9dmo:8080 -i D:\bea\Tuxedo8.1\udataobj\tuxwsvr.ini Wlisten From your client log on to http://vm-hr9dmo:8080/webguitop.html. The username and password will be that chosen when Tuxedo was installed (likely admin/password) chose the domain you wish to admin from the drop down domain menu, then you can drill down and activate/inactivate (webgui terminology for start-up/shut-down) whatever you wish.

4. 5.

Hope that helps. If you have any issues, I found the tuxedo website more useful than Peoplebooks or customer connection, however your mileage may vary. Also, the tuxedo helpfile is here: <bea_home>\Tuxedo8.1\help\guiguide\index.htm This post was edited on 7th Nov 07 to include corrections on the port number, as suggested by David Kurtz in his comment below.

Comments
1. Rajesh Kohli - June 24, 2007
Hi, Great Post!! I understand most of it but the 3rd step where it says Start the Tuxedo Web Server and Listner, I am a little confused with that one. Please explain. Reply

2. PeopleSoft Tipster - June 26, 2007

Sure the tuxwsvr is a mini web server that you use to serve up the Web GUI. The -l tells it what to listen on for new connections, and the -i tells it where to load config parameters from. The wlisten is the other half of the setup, and listens for commands issued by users of the Web GUI. If you have a look around for the processes that should help, as will the tuxedo help file given in the article and a quick google should fill in any gaps. Reply

3. David Kurtz - July 4, 2007

You should not use port 4003 for the web server because is also used by default by the wlisten process to communicate with the applet (look at the NADDR setting in %TUXDIR%\udataobj\webgui\webgui.ini). You are likely to get the following error:

tuxwsvr -l //myhost:4003 -i d:\ps\bea\Tuxedo8.1\udataobj\tuxwsvr.ini wlisten -i d:\ps\bea\Tuxedo8.1\udataobj\webgui\webgui.ini WEBGUI_CAT:16583: ERROR: Could not establish listening endpoint //myhost:4003 I would recommend that you use port 80 on Windows, and another port higher that 2048 on Unix (because otherwise you would need to run the web server with root privilege). In Tuxedo 8.1, if you edit configuration parameters with the administrative applet you will directly update the compiled domain configuration file PSTUXCFG. When you reconfigure the domain with psadmin you will lose those changes. If you want to retain those changes you have to remember to make them to the configuration file yourself. Alternatively you can decompile PSTUXCFG with the Tuxedo tmunloadcf utility to a text file to see what has been changed. It is useful to have a decompiled version before any changes are made via the applet, so you can see what has changed. Reply

4. Saravanan - July 6, 2007

Hi, I m Sarvanan. In the following URL I could ablr to undestand that hr89dmo is the instance name. But what is that vmhttp://vm-hr9dmo:4003/webguitop.html Can you explain this? Reply

5. PeopleSoft Tipster - July 6, 2007

The whole of the first section is the hostname of the server. So the server in this case a Virtual Machine is called vm-hr9dmo. The port its listening on is 4003 (which if you read David Kurtzs post above may not have been a good idea) and the page youre requesting is webguitop.html. Reply

6. PS Admin - November 6, 2007

I get the following error when I started the tuxwsvr. WEBGUI_CAT:16505: ERROR: Could not establish listening endpoint mydomain.com:4003INFO: Terminating tuxwsvr process. I could start the wlistener. Reply

7. PS Admin - November 6, 2007

This is the command I used:( Linux) tuxwsvr -l mydomain.com:4003 -i $TUXDIR/udataobj/tuxwsvr.ini -L $PS_HOME/appsvr/hrdmo/LOGS Reply

8. David - November 6, 2007

I have listed the values belows of my ini files, commands and URL. I get the first web page but the second errors out. Can anyone help? webgui.ini # Web GUI initialization file. # Created by BEA software installation program. # TUXDIR=C:/BEA/Tuxedo8.1 INIFILE=C:/BEA/Tuxedo8.1/udataobj/webgui/webgui.ini NADDR=//PSWEB1:8080 DEVICE=/dev/tcp CODEBASE=/java DOCBASE=/doc SNAPDIR=C:/BEA/Tuxedo8.1/udataobj/webgui/java/snapshot SNAPBASE=/java/snapshot # # In order to configure one or more domains as part of the Web GUI pull-down # menu, add lines to this file of the form DOMAIN=domainname;tuxconfig DOMAIN=HCSP1;C:/PSOFT/HCSP1/PT848/appserv/HCSP1 tuxwsvr.ini # tuxwsvr initialization file. # Created by BEA software installation program. # CGI /cgi-bin C:/bea/Tuxedo8.1/udataobj/webgui/cgi-bin HTML /java C:/bea/Tuxedo8.1/udataobj/webgui/java HTML /doc C:/bea/Tuxedo8.1/help HTML / C:/bea/Tuxedo8.1/udataobj/webgui Dos Commands tuxwsvr -l //PSWEB1:89 -i %TUXDIR%\udataobj\tuxwsvr.ini -L c:\psoft\HCSP1\PT848\appserv\HCSP1\LOGS\LOGS wlisten

From Browser : http://psweb1:89/webguitop.html When I click the button that reads Click Here to Run the BEA Tuxedo I get the window titled Cannot find server Microsoft Internet Explorer and the URL changes to http://host/CGI-BIN/tuxadm?TUXDIR=TUXDIRVALUE Reply

9. PeopleSoft Tipster - November 7, 2007

PSADMIN, if you have a look at the comment David Kurtz posted he pointed out that I had a port conflict. Ive amended the original post to use port 8080 instead of 4003. As David pointed out, this should resolve the Could not establish listening endpoint error. Reply

10. PeopleSoft Tipster - November 7, 2007

DAVID, Check the DOMAIN line in your ini file. Yours reads: DOMAIN=HCSP1;C:/PSOFT/HCSP1/PT848/appserv/HCSP1, while mine reads: DOMAIN=HR9DMO;D:\pshome\appserv\HR9DMO\PSTUXCFG Append the filename for the PSTUXCFG file and let us know how you get on. Reply

11. PS - November 15, 2007

Will this also work if appserver is on unix and webserver / Tuxedo is on windows What would be domainname in step 2 if it is on unix Reply

12. PeopleSoft Tipster - November 16, 2007

This isnt something Ive ever tried, and Im not in a position to test this now but I dont see why it wouldnt. The domain name would be the same as App Server domains are named in a similar way regardless of whether they reside on Windows or Unix. Reply

13. William - November 27, 2007

Hi, I am trying to configure bea tuxedo admin console. i manage to get the initial console screen using the url: http://wdqakcwx1a9.cmpa.org:9090/webguitop.html When i click on the button click here to administer BEA tuxedo admin console i get an error:

Internet Explorer cannot display the webpage. The url of the page that errors out is: http://host/CGI-BIN/tuxadm?TUXDIR=TUXDIRVALUE i am using the following commands to start the web server and listener: tuxwsvr -l //WDQAKCWX1A9.cmpa.org:9090 -i C:\bea\Tuxedo8.1\udataobj\tuxwsvr.ini wlisten -i C:\bea\Tuxedo8.1\udataobj\webgui\webgui.ini i am enclosing the supporting config files: # tuxwsvr initialization file. # Created Mar 20, 2006 9:18:29 AM by BEA software installation program. # CGI /cgi-bin c:\bea\Tuxedo8.1\udataobj\webgui\cgi-bin HTML /java c:\bea\Tuxedo8.1\udataobj\webgui\java HTML /doc c:\bea\Tuxedo8.1\help HTML / c:\bea\Tuxedo8.1\udataobj\webgui # Web GUI initialization file. # Created Mar 20, 2006 9:18:29 AM by BEA software installation program. # TUXDIR=c:\bea\Tuxedo8.1 INIFILE=c:\bea\Tuxedo8.1\udataobj\webgui\webgui.ini NADDR=//WDQAKCWX1A9.cmpa.org:7070 DEVICE=/dev/tcp CODEBASE=/java DOCBASE=C:\bea\Tuxedo8.1\udataobj\jolt\doc TEMPLATE=C:\bea\Tuxedo8.1\udataobj\webgui\webgui.html SNAPDIR=c:\bea\Tuxedo8.1\udataobj\webgui\java\snapshot SNAPBASE=/java/snapshot # # In order to configure one or more domains as part of the Web GUI pull-down # menu, add lines to this file of the form DOMAIN=domainname;tuxconfig DOMAIN=CRMDM90;D:\PSOFT\crmdm90\appserv\prcs\CRMDM90\PSTUXCFG *PS_ENVFILE {WINDOWS} PS_SERVDIR={$PS_SERVDIR} PS_SERVER_CFG={$PS_SERVDIR}{FS}{CFGFILE} PATH={$PS_HOME}\bin\server\winx86;{$Process Scheduler\DBBIN};{$Tuxedo Settings\Add to PATH}; {$PS_HOME}\verity\{VERITY_OS}\{VERITY_PLATFORM}\bin INFORMIXSERVER={$Startup\ServerName} {WINDOWS}

regards, William Reply

14. moufid - November 28, 2007

Hi Davies, Thanks for the tip! Now my problem is trying to find the added value of this tool lol. -Words of a newbieReply

15. John - December 12, 2007

wlisten issue: I am getting the following in my ULOG file. Anyone have a clue as to how to resolve this? I have it working on another UNIX server, I just cannot get it to run on this one. 082951.dcr-pshr-tmp1-1!wlisten.598212.1.-2: WEBGUI_CAT:3102: INFO: wlisten starting 082951.dcr-pshr-tmp1-1!wlisten.598212.1.-2: WEBGUI_CAT:3108: WARN: Network device does not exist Reply

16. John - December 13, 2007

Update: The wlisten messages do not seem to be relevant. What happens is when I click on the Click here to run the Tuxedo Admin Console link it just brins up a blank page and does it rather quickly. It is not firing off tuxadm. Any thoughts? Reply

17. Karthigeyan - January 2, 2008

Where is that we create a user id and password for tuxedo. My tuxedo was successful but was never asked the userid and password. Now that i try to go for the psadmin GUI, i m being asked userid and password. Because of this i m not able to proceed. Please help Reply

18. PeopleSoft Tipster - January 2, 2008

The password is entered during installation of Tuxedo. By default I think its system/password. Reply

19. Muthukumar - January 3, 2008

Or use tpsysadm/password or tpsysoper/password BTW, I get this error during activation of pub/sub handler group: -10:CMDTUX_CAT:1711: ERROR: Could not boot any servers Any idea? I was able to activate the same using PSADMIN utility and was able to deactivate using PSADMIN as well as WEBGUI. Any insight would be of immense help. Reply

20. Karthigeyan - January 3, 2008

During the installation was only asked the tlisten password which I gave. But userid/password for Tuxedo as such was never asked. Can you please guide me through. Reply

21. Muthukumar - January 3, 2008

From your post : Where is that we create a user id and password for tuxedo. My tuxedo was successful but was never asked the userid and password. Now that i try to go for the psadmin GUI, i m being asked userid and password. Because of this i m not able to proceed. Please help We we referring to PSADMIN gui userid/password which you had mentioned that the utility was asking to supply. Tipster: Can you pls provide your thoughts on : 10:CMDTUX_CAT:1711: ERROR ? cheers. Reply

22. PeopleSoft Tipster - January 3, 2008

Muthukumar, sorry, I havent encountered the 1711 error before. Assuming youve checked the obvious (that its not down to being already booted, or the ports arent in use by some other process that wasnt started when you booted them through other means) I dont know. Try one of the message boards (it-toolbox or peoplesoft-fans), youll reach a lot more people that way and Im sure someone will be able to help. Reply

23. Narasing - February 6, 2008

I completed all the steps. Started tuxwsvr & wlisten with port 8080. I have supplied the id/pwd = tpsysadm/password and the page hangs and GUI is not being launched at this stage. When I kill the process, I get a window pop up that says connection failed.. I do not see anything in the logs directory as well. Any helpi sgreatly appreaciated. Reply

24. Fathah - March 16, 2008

I able to start Tuxedo Admin console, but all the buttons except settings and help are disable, there is no domian tree at the left panel. What all I have to do to add one domain.

PeopleSoft Security
Sunday, 18 April 2010 04:03 | Written by Administrator |

PeopleSoft Security Security Tree A security structure that graphically represents the hierarchy of your organization. Tree Level Represents a logical division in your business hierarchy (ex: department, branch or region). Tree Node Represents an organizational entity on the tree. Tree Manager A PeopleSoft tool that provides a visual means to build a hierarchy of security for all organizational entities. Query Trees Graphical representation of Tables to which you wish to control query access. Access Groups Nodes in Query Trees where you would group Operators and assign them access to all tables under the node. User Profiles: A User Profile describes a particular user of the PeopleSoft system. User Profiles define individual PeopleSoft users. You define User Profiles and then link them to one or more Roles. Typically, a User Profile must be linked to at least one Role in order to be a valid profile. User Profiles maintain the Roles that are assigned to the user.

Roles are assigned to User Profiles. Roles are intermediate objects that link User Profiles to Permission Lists. Multiple Roles can be assigned to a User Profile, and you can assign multiple Permission Lists to a Role. Some examples of Roles might be Employee, Manager, Customer, and so on. Permission Lists are lists, or groups, of authorizations that you assign to Roles. Permission Lists store Sign-on times, Page access, PeopleTools access, and so on.

A Permission List may contain one or more types of permissions. The more types of permissions in Permission List the more modular and scalable your implementation. A User Profile inherits most of its permissions through the roles that have been assigned to the User Profile. Data permissions or row-level security appears either through a Primary Permission lists or a Row Security Permissions list.

Row-level security controls access to the subset of data rows within tables the user is authorized to read or update. The decision to implement row-level security will be based on the need to provide that level of data security. To establish row level security, you must first decide the necessary data security level required, which key fields to secure, and whether security will be defined through User IDs or Permission Lists. With row-level support, PeopleSoft security can restrict individual users or Permission Lists from specific rows of data that are controlled by key fields. For example: Business unit Set ID Ledger (and ledger group) Book Project Therefore, users would only be able to view those rows for which they have security access for a specified Business Unit or Project, for example. Once row level security is turned on in for a particular PeopleSoft module, it applies to all applications within that module, not specific applications. Additionally, a method for implementing row-level security can be by User ID. Key fields can be associated to User IDs as well as Projects. Projects will also perform row-level security by User ID through the Use List. This sets up Projects to implement row level security in a team-based method.

PeopleSoft security mainly depends on Rowlevel security. Security works best if it is based on organizational structure. Types of security supplied by PeopleSoft: Departmental security No security International security Tree Manager: 3 steps in setting up department security: Create the security tree Update department security tree Grant and restrict access to the entities