Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Query is a PeopleTool that helps you build SQL queries to retrieve information from your application tables. Query takes advantage of users security settings, row-level security, and primary permission list. For each Query user, you can specify the records they are allowed to access when building and running queries. We can achieve this by creating Query Access Groups in the Query Access Group Manager, and then you assign users to those groups with Query permissions.
Trees are a graphical way of presenting hierarchical information. PeopleSoft Query uses query access group trees to control the access of the tables in your PeopleSoft database. Define a hierarchy of PeopleSoft record definitions, based on logical or functional groupings, and then give users access to one or more nodes of the tree. Users can retrieve information only from those tables whose record definitions to which they have access. Nodes: Query access group trees contain two types of Nodes: groups and records. o Groups are a logical representation of a set of child groups or records. It is similar to folder in Windows. o Records represent a PeopleSoft record definition. Structure: o Always use the ACCESS_GROUP Tree Structure. o Do not use SetID or UKV/BU. o Do not have Details. o Do not use Levels. o No Branches. Requirements: o The Root Node is always a group. o Groups must be unique in a given Tree while records definitions can be repeated. o Groups and records could have Child Groups and Child Records. o Each record needs a unique fully qualified path in the tree. You cant add the same record under the same parent node (group or record). To open an existing Query Access Group Tree, Select PeopleTools, Security, Query Access Manager. Create custom Query Access Group suitable to your organization. Create functional group names and add records under the group. To Add the Query Access Groups to user: o Open the primary Permission List for the user o Go to Query Tab o Click on Access Group Permissions. o Add the tree name, select the proper Access Group, Select Accessible button. Repeat to add more Access groups. o Save the permission List.
By default, when you give Query users access to a record definition, they have access to all the rows of data in the table built using the associated record definition.
With row-level security, users can have access to a table without having access to all rows on that table. This type of security is typically applied to tables that hold sensitive data. For example, you might want users to be able to review personal data for employees in their own department, but not for people in other departments. You would give everyone access to the PERSONAL_DATA table, but would enforce row-level security so that they could only see rows where the DEPTID matches their own. PeopleSoft applications implement row-level security by using a SQL view that joins the data table with an authorization table. When a user searches for data in the data table, the system performs a related record join between the view and the base table rather than searching the table directly.
You implement row-level security by having Query search for data using a query security record definition. The query security record definition adds a security check to the search. Query security record definitions serve the same purpose as search record definitions do for panels. Just as a panels search record definition determines what data the user can display in the panel, the query security record definition determines what data the user can display with Query. To get Query to retrieve data by joining a security record definition to the base table, you specify the appropriate Query Security Record when you create the base tables record definition.
To apply row level security: 1. Select PeopleTools, Application Designer to open the Application Designer, and open the record on which you want to apply row-level security. 2. With the record definition open in the Application Designer, click the Properties button, and select the Use tab from the Record Properties dialog box. 3. Select the security record definition (usually a view) in the Query Security Record list box. 4. Once youve set the query security record definition, click OK to close the Record Properties dialog box, then save the record definition. If youve already used SQL Create to build a table from this record definition, you dont need to rebuild it. Note. PeopleSoft row-level security views restrict users from seeing certain rows of data. To secure data through the search record, simply put one of the three Row Level Security fields on your record as a Key, not a List Box Item. The three Row Level Security fields are OPRID (User ID), OPRCLASS (Primary Permission List), and ROWSECCLASS (Row Security Permission List). If one of these fields is on the search record as a Key, not a List Box Item, PeopleTools does the following. PeopleTools adds a WHERE clause when it performing a SELECT through the record forcing the value to be equal to the current users value.
So, what sort of things would you want to do? The things you would want to do is to filter data with a tree or subtotal data using a tree as the grouping mechanism. The former is available to both nVision and PS/Query as either Filtering criteria or "in tree" criteria. The latter is only available in nVision through nPlosion. However, there are lots of things outside of nVision or Query that you would want to do.
Aggregate data using the tree. Those familiar with Summary ledgers in GL understand the concept. You can aggregate data using a tree for other purpose, such as improving performance for downstream processes. For example, if you want to display a count of reported problems by product family for all product families, you're doing this type of aggregation at the product family level of the tree. Filter data using the tree. This is generalizing the "in tree" criteria in PS/Query. A couple of good examples of this are the batch programs used in GL for selecting open receivables to restate, or for selecting what data to use in Allocations. Another example of where this would be valuable would be in search records, where you could find all cases for eastern region customers, that are reported against any product in the Finanicals product line.
Today, PeopleSoft applications and customers use the technique I'm describing below to accomplish this. First, a little more on Trees The first thing to understand is how trees work. A tree is not a standard structure (such as a strict selfreferencing table, as described in Ralf Kimball's definitive book on data warehousing), or a standard denormalized structure. It has a unique structure that allows it to do the following things: Things that are not supported well by denormalized tables.
1. 2. 3. It supports unbalanced (or ragged) hierarchies. It supports dynamic leveling. It supports joining at any level of the hierarchy.
So, how does it do it? The key to it is the data model, and the fields added to it (that are maintained by tree manager). Here are the tables in the model:
PSTREEDEFN - This identifies the tree, and the attributes of it (such as where to get application attributes of the nodes, leafs, and levels). PSTREENODE - This is the heart of the tree. It is a self-referencing table that also has additional attributes to facilitate non-recursive access to children of a node. PSTREELEAF - This maps a node to the sets of leafs or detail values that can be used with it. This can be thought of as the "leaf" level in the BI world, but that the leafs can be attached to any level of the tree, even to nodes that have children nodes. User tables - These are tables that store additional attributes to the node, leaf, or level, such as description, size, manager, etc. This allows a tree to be defined against any data element in the application and also opens up a whole host of opportunities for using trees in a given customer enviornment.
It's also important to understand that the tree definition is the starting place for everything, and that all the tools owned tables (i.e. not the user tables) strictly follow the key structure of the tree definition. Because trees are effective dated and utilize setid indirection, this is an important thing, because effective dating and setid indirection is only evaluated for the PSTREEDEFN table and the user tables. This logic is not used when joining between PSTREEDEFN and PSTREENODE. This means that from the perspective of effective dating, any nodes that have not changed between to tree instances are duplicated in the PSTREENODE table.
Once you've identified the tree you want to use (setid, tree name, and effdt are the unique keys), you also know the high order keys to use in the PSTREENODE table to get the nodes for that tree. Now, let's look at the structure of the PSTREENODE table:
Setid Tree Name Effdt TREE_NODE TREE_LEVEL_NUM TREE_NODE_NUM TREE_NODE_NUM_END PARENT_NODE_NUM
As you can see, this table is self-referencing (the PARENT_NODE_NUM tells you the NODE_NUM of a tree node's parent). However, tree manager also maintains the TREE_NODE_NUM_END field, which is what prevents the need to do a recursive set of selects to find all the descendants of a node. Tree nodes are strictly numbered. A tree nodes' descendents will always have a node number that is between the value of its TREE_NODE_NUM and TREE_NODE_NUM_END. Therefore, if I want to select all the descendents of the node "Assets", here is the SQL I would issue:
Select B.TREE_NODE, B.TREE_LEVEL_NUM from PSTREENODE A, PSTREENODE B where A.SETID = B.SETID and A.TREE_NAME = B.TREE_NAME and A.EFFDT = B.EFFDT and A.TREE_NODE = "Assets" and B.TREE_NODE_NUM between A.TREE_NODE_NUM and A.TREE_NODE_NUM_END
You could also filter by level number to get the descendents at a given level. Now, to add in the leafs. For winter trees, this step is not necessary (winter trees are trees where the nodes themselves represent data points of interest, such as positions, whereas with summer trees, the nodes are the hierarchy that categorizes something else, such as most account trees or customer trees). Because leafs are essentially mapping tables, you either join them directly to another table (either the user table to get attributes, or a fact table to get rows). However, for performance purposes, most PeopleSoft processes will stage the data values before joining it to a fact table.
Getting back to the subject at hand, here's the table structure of the PSTREELEAF table:
Setid Tree Name EFFDT TREE_NODE_NUM RANGE_FROM RANGE_TO DYNAMIC_DTL_FLG
As you can see, the high level keys are again the same. Also, you can see that the mapping to the tree node is by node ID, and the mapping to the target table is by either individual key values or by range.
So, let's say we want to find out all account numbers and account types for all accounts under the "Asset" node of the tree. Now, there are three things that need to be looked up in order to determine what to put in the SQL:
1. 2. 3. The table and field where the Accounts are stored. This is stored in a tree table I haven't discussed, which is the PSTREESTRUCT table (which has a reference in the tree defninition). The setid to use for the accounts. As mentioned, setid indirection occurs when going after the user tables. Depending on where your getting your business unit or setid, you will have to do the lookup separately (which is a more complex topic, but is often hard-coded at a customer anyway). The effective date to use for the accounts. Again, this occurs when going after the user table. This means that you have to perform the standard correlated subquery for effective date logic. I won't go into detail on this in this posting, but you can see the SQL by building a query against the table in PS/Query.
So, your SQL will look like the following when after the list of accounts under a tree node:
Select C.ACCOUNT, C.ACCOUNT_TYPE from PSTREENODE A, PSTREELEAF B, GL_ACCOUNT_TBL where A.SETID = B.SETID and A.TREE_NAME = B.TREE_NAME and A.EFFDT = B.EFFDT and A.TREE_NODE = "Assets" and B.TREE_NODE_NUM between A.TREE_NODE_NUM and A.TREE_NODE_NUM_END and C.ACCOUNT between B.RANGE_FROM and B.RANGE_TO
As you can see, this SQL statement didn't have to look at any children nodes at all! Because the leafs are attached using node numbers, and the range on the tree node record identifies all the node numbers of all its children, you could join the leaf directly to the node. Now, it's important to note that this SQL will not perform in DB2, because indexes are not used when joining two fields of different size (which is why nVision has 30 different tables for staging the join between the tree leaf and the data table). Staging the join As mentioned previously, when joining to a fact or data table, one generally stages the join into an intermediate table. nVision and all other PeopleSoft delivered processes use selector tables (in nVision it's PSTREESELECT##, where the ## represents the field size of the field joined to. In nVision, there's a whole subsystem dedicated to managing what goes into the PSTREESELECT tables. For the purposes of this discussion, you can merely create your own selector tables that identify what you are putting in there, and the set of values that it represents. Let's assume, for example, you have a table called "PS_ACCOUNT_TREE_FLAT" to represent the flattened account tree. The SQL to load the data related to the "Assets" node might look as follows:
Insert into PS_ACCOUNT_TREE_FLAT as Select "Assets", B.RANGE_FROM, B.RANGE_TO from PSTREENODE A, PSTREELEAF B where A.SETID = B.SETID and A.TREE_NAME = B.TREE_NAME and A.EFFDT = B.EFFDT and A.TREE_NODE = "Assets"
Select Sum(B.POSTED_TOTAL_AMT) from PS_ACCOUNT_TREE_FLAT A, PS_LEDGER B where A.FILTERED_NODE = "Assets" and B.ACCOUNT between A.RANGE_FROM and A.RANGE_TO
Hopefully, this gives a starting point to determining how to approach this. I suggest playing around with a SQL editor and PS/Query to make sure you understand (I did the same thing with nVision when I was first learning). Keep in mind, however, that the SQL that gets displayed in either an nVision trace or the SQL tab in Query does not include the SQL for populating that tree select table. However, it does show the filtering conditions used for joining the select table to the data table. You can select directly against the tree select table to see what values were put in it, and then look at the PSTREE% tables to compare the two. Follow-on Info For those who use tree manager extensively, we recently added a product that makes it easier to maintain multiple trees together. Additional information can be found here. A demo of this product can be found here.
Note. You can customize the list of fields that you want to monitor using the Customize this table link. Categories: PS Admin Tags: WebLogic Server Console
Declare @Month nvarchar(10) Declare @Day nvarchar(10) Declare @Hour nvarchar(10) Declare @Minute nvarchar(10) set @Year = DATEPART(year,GETDATE()) set @Month = DATEPART(month,GETDATE()) set @Day = DATEPART(day, GETDATE()) set @Hour = DATEPART(hour, GETDATE()) set @Minute = DATEPART(minute, GETDATE()) SET @File = NC:\temp\db_audit_trace+@Year+@Month+@Day+@Hour+@Minute set @maxfilesize = 10 exec @rc = sp_trace_create @TraceID output, 2, @File, @maxfilesize, NULL if (@rc != 0) goto error Set the events declare @on bit set @on = 1 exec sp_trace_setevent @TraceID, 10, 1, @on exec sp_trace_setevent @TraceID, 10, 2, @on exec sp_trace_setevent @TraceID, 10, 6, @on exec sp_trace_setevent @TraceID, 10, 8, @on exec sp_trace_setevent @TraceID, 10, 10, @on exec sp_trace_setevent @TraceID, 10, 11, @on exec sp_trace_setevent @TraceID, 10, 12, @on exec sp_trace_setevent @TraceID, 10, 14, @on exec sp_trace_setevent @TraceID, 10, 22, @on exec sp_trace_setevent @TraceID, 10, 35, @on exec sp_trace_setevent @TraceID, 12, 1, @on exec sp_trace_setevent @TraceID, 12, 2, @on exec sp_trace_setevent @TraceID, 12, 6, @on exec sp_trace_setevent @TraceID, 12, 8, @on exec sp_trace_setevent @TraceID, 12, 9, @on exec sp_trace_setevent @TraceID, 12, 10, @on exec sp_trace_setevent @TraceID, 12, 11, @on exec sp_trace_setevent @TraceID, 12, 12, @on exec sp_trace_setevent @TraceID, 12, 14, @on exec sp_trace_setevent @TraceID, 12, 22, @on exec sp_trace_setevent @TraceID, 12, 35, @on exec sp_trace_setevent @TraceID, 12, 41, @on exec sp_trace_setevent @TraceID, 13, 1, @on exec sp_trace_setevent @TraceID, 13, 2, @on exec sp_trace_setevent @TraceID, 13, 6, @on exec sp_trace_setevent @TraceID, 13, 8, @on exec sp_trace_setevent @TraceID, 13, 9, @on exec sp_trace_setevent @TraceID, 13, 10, @on exec sp_trace_setevent @TraceID, 13, 11, @on exec sp_trace_setevent @TraceID, 13, 12, @on exec sp_trace_setevent @TraceID, 13, 14, @on exec sp_trace_setevent @TraceID, 13, 22, @on exec sp_trace_setevent @TraceID, 13, 35, @on exec sp_trace_setevent @TraceID, 13, 41, @on
exec sp_trace_setevent @TraceID, 14, 1, @on exec sp_trace_setevent @TraceID, 14, 2, @on exec sp_trace_setevent @TraceID, 14, 6, @on exec sp_trace_setevent @TraceID, 14, 8, @on exec sp_trace_setevent @TraceID, 14, 9, @on exec sp_trace_setevent @TraceID, 14, 10, @on exec sp_trace_setevent @TraceID, 14, 11, @on exec sp_trace_setevent @TraceID, 14, 12, @on exec sp_trace_setevent @TraceID, 14, 14, @on exec sp_trace_setevent @TraceID, 14, 22, @on exec sp_trace_setevent @TraceID, 14, 35, @on exec sp_trace_setevent @TraceID, 14, 41, @on exec sp_trace_setevent @TraceID, 15, 1, @on exec sp_trace_setevent @TraceID, 15, 2, @on exec sp_trace_setevent @TraceID, 15, 6, @on exec sp_trace_setevent @TraceID, 15, 8, @on exec sp_trace_setevent @TraceID, 15, 9, @on exec sp_trace_setevent @TraceID, 15, 10, @on exec sp_trace_setevent @TraceID, 15, 11, @on exec sp_trace_setevent @TraceID, 15, 12, @on exec sp_trace_setevent @TraceID, 15, 14, @on exec sp_trace_setevent @TraceID, 15, 22, @on exec sp_trace_setevent @TraceID, 15, 35, @on exec sp_trace_setevent @TraceID, 15, 41, @on exec sp_trace_setevent @TraceID, 17, 1, @on exec sp_trace_setevent @TraceID, 17, 6, @on exec sp_trace_setevent @TraceID, 17, 8, @on exec sp_trace_setevent @TraceID, 17, 9, @on exec sp_trace_setevent @TraceID, 17, 10, @on exec sp_trace_setevent @TraceID, 17, 11, @on exec sp_trace_setevent @TraceID, 17, 12, @on exec sp_trace_setevent @TraceID, 17, 14, @on exec sp_trace_setevent @TraceID, 17, 22, @on exec sp_trace_setevent @TraceID, 17, 35, @on exec sp_trace_setevent @TraceID, 17, 41, @on exec sp_trace_setevent @TraceID, 40, 1, @on exec sp_trace_setevent @TraceID, 40, 2, @on exec sp_trace_setevent @TraceID, 40, 6, @on exec sp_trace_setevent @TraceID, 40, 8, @on exec sp_trace_setevent @TraceID, 40, 10, @on exec sp_trace_setevent @TraceID, 40, 11, @on exec sp_trace_setevent @TraceID, 40, 12, @on exec sp_trace_setevent @TraceID, 40, 14, @on exec sp_trace_setevent @TraceID, 40, 22, @on exec sp_trace_setevent @TraceID, 40, 35, @on exec sp_trace_setevent @TraceID, 41, 1, @on exec sp_trace_setevent @TraceID, 41, 2, @on exec sp_trace_setevent @TraceID, 41, 6, @on
exec sp_trace_setevent @TraceID, 41, 8, @on exec sp_trace_setevent @TraceID, 41, 10, @on exec sp_trace_setevent @TraceID, 41, 11, @on exec sp_trace_setevent @TraceID, 41, 12, @on exec sp_trace_setevent @TraceID, 41, 14, @on exec sp_trace_setevent @TraceID, 41, 22, @on exec sp_trace_setevent @TraceID, 41, 35, @on exec sp_trace_setevent @TraceID, 46, 1, @on exec sp_trace_setevent @TraceID, 46, 2, @on exec sp_trace_setevent @TraceID, 46, 6, @on exec sp_trace_setevent @TraceID, 46, 8, @on exec sp_trace_setevent @TraceID, 46, 10, @on exec sp_trace_setevent @TraceID, 46, 11, @on exec sp_trace_setevent @TraceID, 46, 12, @on exec sp_trace_setevent @TraceID, 46, 14, @on exec sp_trace_setevent @TraceID, 46, 22, @on exec sp_trace_setevent @TraceID, 46, 34, @on exec sp_trace_setevent @TraceID, 47, 1, @on exec sp_trace_setevent @TraceID, 47, 2, @on exec sp_trace_setevent @TraceID, 47, 6, @on exec sp_trace_setevent @TraceID, 47, 8, @on exec sp_trace_setevent @TraceID, 47, 10, @on exec sp_trace_setevent @TraceID, 47, 11, @on exec sp_trace_setevent @TraceID, 47, 12, @on exec sp_trace_setevent @TraceID, 47, 14, @on exec sp_trace_setevent @TraceID, 47, 22, @on exec sp_trace_setevent @TraceID, 47, 35, @on exec sp_trace_setevent @TraceID, 82, 1, @on exec sp_trace_setevent @TraceID, 82, 6, @on exec sp_trace_setevent @TraceID, 82, 8, @on exec sp_trace_setevent @TraceID, 82, 9, @on exec sp_trace_setevent @TraceID, 82, 10, @on exec sp_trace_setevent @TraceID, 82, 11, @on exec sp_trace_setevent @TraceID, 82, 12, @on exec sp_trace_setevent @TraceID, 82, 14, @on exec sp_trace_setevent @TraceID, 82, 22, @on exec sp_trace_setevent @TraceID, 82, 35, @on exec sp_trace_setevent @TraceID, 82, 41, @on exec sp_trace_setevent @TraceID, 104, 1, @on exec sp_trace_setevent @TraceID, 104, 2, @on exec sp_trace_setevent @TraceID, 104, 6, @on exec sp_trace_setevent @TraceID, 104, 8, @on exec sp_trace_setevent @TraceID, 104, 10, @on exec sp_trace_setevent @TraceID, 104, 11, @on exec sp_trace_setevent @TraceID, 104, 12, @on exec sp_trace_setevent @TraceID, 104, 14, @on exec sp_trace_setevent @TraceID, 104, 22, @on exec sp_trace_setevent @TraceID, 104, 35, @on
Set the Filters declare @intfilter int declare @bigintfilter bigint exec sp_trace_setfilter @TraceID, 10, 0, 7, NPeople% exec sp_trace_setfilter @TraceID, 10, 0, 7, Nsqlmon.pl exec sp_trace_setfilter @TraceID, 10, 0, 7, NSQL Profiler exec sp_trace_setfilter @TraceID, 10, 0, 7, NSQLAgent% exec sp_trace_setfilter @TraceID, 10, 0, 7, NMS SQLEM% exec sp_trace_setfilter @TraceID, 10, 0, 7, Nsqlsvr_collector.pl% exec sp_trace_setfilter @TraceID, 10, 0, 7, Nsqlsvr_backup_collector.pl% exec sp_trace_setfilter @TraceID, 10, 0, 7, Nps_app_version_pop.pl% exec sp_trace_setfilter @TraceID, 10, 0, 7, NSQLDMO% exec sp_trace_setfilter @TraceID, 10, 1, 6, NSQL Query Analyzer% exec sp_trace_setfilter @TraceID, 1, 1, 6, NSelect% exec sp_trace_setfilter @TraceID, 1, 1, 6, NInsert% exec sp_trace_setfilter @TraceID, 1, 1, 6, NUpdate% exec sp_trace_setfilter @TraceID, 1, 1, 6, NCreate% exec sp_trace_setfilter @TraceID, 1, 1, 6, NDrop% exec sp_trace_setfilter @TraceID, 1, 1, 6, NDelete% set @intfilter = 100 exec sp_trace_setfilter @TraceID, 22, 0, 4, @intfilter exec sp_trace_setfilter @TraceID, 35, 1, 6, NHR83FS Set the trace status to start exec sp_trace_setstatus @TraceID, 1 display trace id for future references select TraceID=@TraceID goto finish error: select ErrorCode=@rc finish: GO exec sp_procoption Ndba_startup_audit, Nstartup, Ntrue GO Categories: PS Admin, PS DBA Tags: sql server database audit
Navigate to PeopleTools > Security > Permissions and Roles > Permission Lists. Select the primary permission list that is tied to the user profile that you are testing with. You will also have to grant permissions to the USER ID that is configured for your Process Scheduler database signon settings, if that user is different than the one that you are currently logged in as. Once the permission list is up, go to the PeopleTools tab. Click on the Realtime Event Notification Permissions link in the middle of the page. On the next page, make sure that the access code for Reporting Window is set to full access. Next, go to the Web Libraries tab. Make sure that there is an entry for WEBLIB_RPT. If it is not there, then please add the library in. Once that is added, click on the edit link and make sure that the access permissions are set to full access. Make sure to save the changes before exiting. Next, navigate to PeopleTools > Portal > Node Definitions and click search to bring up all of your nodes. Sort so that your default local node is listed at the top. Click on the name link for the default local node and make sure that the Authentication Option is set to password and that a password has been entered. Finally, navigate to PeopleTools > Security > Security Objects > Single Signon. Make sure that your default local node is listed there. Case #2 If using an authentication domain, make sure that the REN server configuration is specifying the domain: -Navigate to PeopleTools -> REN Server Configuration -> REN Server Cluster -Select your REN Server Cluster -Verify Authentication Domain has been specified -Verify that the domain is specified in the REN Server Browser URL Case # 3 This case applies to PeopleTools 8.44 only. If the initial PIA deployment did not specify an Authentication Domain, but the environment now has one, it is necessary to add the Authentication Domain to the active Web Profile. Navigate to PeopleTools > Web Profile. Search for and select the active Web Profile. (If you do not know what Web Profile is currently active, check your configuration.properties file. It will tell you what Web Profile is currently active). Once you have the Web Profile up, the first tab should be labeled General. Make sure the field for Authentication Domain field on the General tab has your companys Authentication Domain (ex. mycompany.com). Make sure to save your changes and bounce the web server for the change to take effect, then go back and try running your Ping Test. Case # 4: One customer reported that in their REN Server Configuration > REN Server Definition page, the Application Server Domain name was case sensitive. After they changed the Application Server Domain name to match how it was defined through PSADMIN (in this case, to include lowercase characters), they were able to access the REN server. Case # 5: If you are still having issues after trying the suggestions above, then try clearing cache in case some Ren configuration changes were made, but cache was not cleared afterwards. To clear cache, bring down the PIA web server and the application server and clear the cache. Also, clear the cache and cookies from your browser and close all browser sessions. Restart the PIA web server and application server. Then run ping test again.
Add the following roles to user o ReportDistAdmin or ReportSuperUser(See the Note below). o Any role containing permission List CPPT1040 (gives access to Report manager) or similar one. To all the processes/reports that user needs to have access, add the userid to distribution list of that processe/report. o Go to the process/report run control page o Slect run control Id o Click run o Click distribution link for the process/report. o Select either a user and enter his User Id. o You have to submit the process/report, once for the distribution data you have entered to save. Submit the process/report for testing. Now if the user logs in and go to Administration tab in Report Manager, he could see the process/reports and link to see the output/report. User can see the output/report using process monitor also.
Note: The difference between the administrator (ReportDistAdmin) and super user (ReportSuperUser) roles is that the administrator role can access and update any report in the Report Manager. The super user role can update only reports that they are authorized to view. Report Manager related other blog entries are given below:
This error is because User defined environment variables TEMP and TMP is set to a long string like C:\DOCUME~1\hrdev\Local Settings\Temp. The space in that string, makes one parameter split into two parameters. Obviously the paramter2 and parameter3 put separately makes the file location unreadable and hence email fails. To resolve this problem the User defined Environment variables TEMP and TMP should be set to a simple string like C:\temp, with no space in it. Since the User defined environment variables are user ID specific, Make sure that the user who boots the application server and process scheudler server should login and reset the TEMP and TMP user variable. After Changing the variable, the same user need to restart the process scheduler server. ************************************************************ Email Distribution Parameters:
The Email subject, Message Text, and Email Address List data entered on the email distribution page is stored in the PSPRCSRQSTTEXT table. The key for this table is process instance. SELECT * FROM PSPRCSRQSTTEXT WHERE PRCSINSTANCE = 123456
bea.jolt.ApplicationException: TPESVCFAIL
When you try to log online and you get the following error message: CHECK APPSERVER LOGS. THE SITE BOOTED WITH INTERNAL DEFAULT SETTINGS, BECAUSE OF: bea.jolt.ApplicationException: TPESVCFAIL application level service failure (PeopleSoft Solution ID 200766418 PT 8.44) This could be because of the Peoplsoft Default web profile user ID PTWEBSERVER got locked. Run the below SQL to resolve the above issue. UPDATE PSOPRDEFN SET ACCTLOCK=0 WHERE OPRID=PTWEBSERVER The PTWEBSERVER account provides the portal servlet with minimal security access, sufficient only to launch the portal environment, but without access to any pages or other PIA objects. This account uses the PTPT1500 permission list. Also before update the above sql, make sure that this user, role, and permission list are currently in your database by using the following SQLs. select * from PSCLASSDEFN where CLASSID = PTPT1500 select * from PSAUTHSIGNON where CLASSID = PTPT1500 select * from PSROLEDEFN where ROLENAME = PeopleTools Web Server select * from PSROLECLASS where ROLENAME = PeopleTools Web Server select * from PSOPRDEFN where OPRID = PTWEBSERVER select * from PSROLEUSER where ROLEUSER = PTWEBSERVER
To resolve any problem related to sending emails using SMTP server in PeopleSoft, we can enable SMTP trace option at appserver or process scheudler server level. This will produce the smtp log file giving us more details about why the send email is failing. Some common places where we could get the send email related issues are while Sendmail peoplecode function is failing when used in an application engine (process scheduler server related) or end users getting an online error message : Unable to Send Email, Invalid email ID etc while saving the page (Appserver related). The error message may not be sufficient to know exactly where is the problem. To get more details about why send email is failing, you need to add/update the following in your appserver configuration (psappserv.cfg) or batch server Configuration (psprcs.cfg) under SMTP Settings. SMTPTrace=1 ;1 means enabled, 0 Disabled. This setting is dynamic and does not require reboot of the Server, which is very good for troubleshooting in production environments. Once turned on, it will generate Trace file SMTP.LOG in LOGS Folder under $PS_HOME\appserv\domain_name\logs\SMTP.LOG for Appserver and $PS_HOME\appserv\prcs\domain_name\logs\SMTP.LOG for Batchserver. This SMTP.LOG will show in detail where exactly the send email is failing and help us to fix the problem. Once the problem is fixed, disable the SMTP trace option.
Tools Release 8.45.18 Application Release Financials/SCM 8.80.01.000 Service Pack 1 Page VNDR_ID1_SUM Component VNDR_ID Menu MAINTAIN_VENDORS If you want to add the following more details to the above screen, User ID SYSADMIN Database Name FIN88T Database Type MICROSFT Application Server //123.34.5.67:9400 Open the configuration.properties file on your webserver and set connectionInformation=true as shown below. # If set to true, the database name and other potentially sensitive connection information # will appear in the HTML generated for use in a help display. # Default: false connectionInformation=true Save the configuration.properties file and reboot your webserver. Now the ctrl+J command will show the userid, database name, database type and application server name. From People Tools 8.48 onwards, we can do this online. Go to PeopleTools > Web profile > Web Profile > Web Profile Configuration Choose apporpriate Profile Name like PROD for production. On Web Profile Configuration, click on Debugging tab, and then check radio button for Show Connection & Sys Info. Save the Page.
Windows OS commands
Few common windows operating system related commands To know windows IP configuration go to command propmt and type ipconfig /all this shows detailed information about the IP configuration of the the server you have logged in. To know the connection status to another IP address, use ping ipaddress command To trace all the IP address that is between your current server to the destination IP address use tracert ipaddress command To know the hostname use hostname command, it will show the host name. To know all the prots on the server use the following command C:\> netstat -an The Netstat command can list currently used ports, which might be helpful if you suspect an application is
clashing with another one on an active port. The -an switch is used to show all connections and listening ports in numeric form.
April 2, 2007
I think Ive stumbled across a better way of remotely administering servers than using remote control software and PSADMIN. Theres a tool called the Tuxedo Administration Console (or sometimes WebGUI) which does the job also. It looks like this:
Once youve done a little bit of config (no more than 15 minutes, and its just config, theres nothing additional to install) you just point the web browser on your client PC to a URL and it loads up the above screen. You drop down the Domain menu to choose which App Server or Process Scheduler to administer, then use it to start and stop the domain, or you can do individual processes if you prefer. (For example, on my current client site we have a developer who frequently hangs the domain by using all of the PSAPPSERV processes during debugging. Using this tool, we could change the Max App Servers setting and then boot a couple of extra App Servers, all in a few clicks and without rebooting the domain.) These are the steps I took to get the Admin Console running (substitute your own machine names and ports where appropriate):
1. for each app server and process scheduler you wish to administer, edit the *.ubx file under either the app serv
or proc sched directories. Go to the PS_ENVFILE section and add: PS_SERVDIR={$PS_SERVDIR} PS_SERVER_CFG={$PS_SERVDIR}{FS}{CFGFILE} locate the webgui.ini file under <tuxedo install directory>\udataobj\webgui\ and in the second section add a line for each domain you wish to administer (i.e. a line for each app server or process scheduler). There are instructions in file, but the line will look something like this. DOMAIN=HR9DMO;D:\pshome\appserv\HR9DMO\PSTUXCFG
2.
4. 5.
Hope that helps. If you have any issues, I found the tuxedo website more useful than Peoplebooks or customer connection, however your mileage may vary. Also, the tuxedo helpfile is here: <bea_home>\Tuxedo8.1\help\guiguide\index.htm This post was edited on 7th Nov 07 to include corrections on the port number, as suggested by David Kurtz in his comment below.
Comments
1. Rajesh Kohli - June 24, 2007
Hi, Great Post!! I understand most of it but the 3rd step where it says Start the Tuxedo Web Server and Listner, I am a little confused with that one. Please explain. Reply
tuxwsvr -l //myhost:4003 -i d:\ps\bea\Tuxedo8.1\udataobj\tuxwsvr.ini wlisten -i d:\ps\bea\Tuxedo8.1\udataobj\webgui\webgui.ini WEBGUI_CAT:16583: ERROR: Could not establish listening endpoint //myhost:4003 I would recommend that you use port 80 on Windows, and another port higher that 2048 on Unix (because otherwise you would need to run the web server with root privilege). In Tuxedo 8.1, if you edit configuration parameters with the administrative applet you will directly update the compiled domain configuration file PSTUXCFG. When you reconfigure the domain with psadmin you will lose those changes. If you want to retain those changes you have to remember to make them to the configuration file yourself. Alternatively you can decompile PSTUXCFG with the Tuxedo tmunloadcf utility to a text file to see what has been changed. It is useful to have a decompiled version before any changes are made via the applet, so you can see what has changed. Reply
From Browser : http://psweb1:89/webguitop.html When I click the button that reads Click Here to Run the BEA Tuxedo I get the window titled Cannot find server Microsoft Internet Explorer and the URL changes to http://host/CGI-BIN/tuxadm?TUXDIR=TUXDIRVALUE Reply
Internet Explorer cannot display the webpage. The url of the page that errors out is: http://host/CGI-BIN/tuxadm?TUXDIR=TUXDIRVALUE i am using the following commands to start the web server and listener: tuxwsvr -l //WDQAKCWX1A9.cmpa.org:9090 -i C:\bea\Tuxedo8.1\udataobj\tuxwsvr.ini wlisten -i C:\bea\Tuxedo8.1\udataobj\webgui\webgui.ini i am enclosing the supporting config files: # tuxwsvr initialization file. # Created Mar 20, 2006 9:18:29 AM by BEA software installation program. # CGI /cgi-bin c:\bea\Tuxedo8.1\udataobj\webgui\cgi-bin HTML /java c:\bea\Tuxedo8.1\udataobj\webgui\java HTML /doc c:\bea\Tuxedo8.1\help HTML / c:\bea\Tuxedo8.1\udataobj\webgui # Web GUI initialization file. # Created Mar 20, 2006 9:18:29 AM by BEA software installation program. # TUXDIR=c:\bea\Tuxedo8.1 INIFILE=c:\bea\Tuxedo8.1\udataobj\webgui\webgui.ini NADDR=//WDQAKCWX1A9.cmpa.org:7070 DEVICE=/dev/tcp CODEBASE=/java DOCBASE=C:\bea\Tuxedo8.1\udataobj\jolt\doc TEMPLATE=C:\bea\Tuxedo8.1\udataobj\webgui\webgui.html SNAPDIR=c:\bea\Tuxedo8.1\udataobj\webgui\java\snapshot SNAPBASE=/java/snapshot # # In order to configure one or more domains as part of the Web GUI pull-down # menu, add lines to this file of the form DOMAIN=domainname;tuxconfig DOMAIN=CRMDM90;D:\PSOFT\crmdm90\appserv\prcs\CRMDM90\PSTUXCFG *PS_ENVFILE {WINDOWS} PS_SERVDIR={$PS_SERVDIR} PS_SERVER_CFG={$PS_SERVDIR}{FS}{CFGFILE} PATH={$PS_HOME}\bin\server\winx86;{$Process Scheduler\DBBIN};{$Tuxedo Settings\Add to PATH}; {$PS_HOME}\verity\{VERITY_OS}\{VERITY_PLATFORM}\bin INFORMIXSERVER={$Startup\ServerName} {WINDOWS}
Or use tpsysadm/password or tpsysoper/password BTW, I get this error during activation of pub/sub handler group: -10:CMDTUX_CAT:1711: ERROR: Could not boot any servers Any idea? I was able to activate the same using PSADMIN utility and was able to deactivate using PSADMIN as well as WEBGUI. Any insight would be of immense help. Reply
PeopleSoft Security
Sunday, 18 April 2010 04:03 | Written by Administrator |
PeopleSoft Security Security Tree A security structure that graphically represents the hierarchy of your organization. Tree Level Represents a logical division in your business hierarchy (ex: department, branch or region). Tree Node Represents an organizational entity on the tree. Tree Manager A PeopleSoft tool that provides a visual means to build a hierarchy of security for all organizational entities. Query Trees Graphical representation of Tables to which you wish to control query access. Access Groups Nodes in Query Trees where you would group Operators and assign them access to all tables under the node. User Profiles: A User Profile describes a particular user of the PeopleSoft system. User Profiles define individual PeopleSoft users. You define User Profiles and then link them to one or more Roles. Typically, a User Profile must be linked to at least one Role in order to be a valid profile. User Profiles maintain the Roles that are assigned to the user.
Roles are assigned to User Profiles. Roles are intermediate objects that link User Profiles to Permission Lists. Multiple Roles can be assigned to a User Profile, and you can assign multiple Permission Lists to a Role. Some examples of Roles might be Employee, Manager, Customer, and so on. Permission Lists are lists, or groups, of authorizations that you assign to Roles. Permission Lists store Sign-on times, Page access, PeopleTools access, and so on.
A Permission List may contain one or more types of permissions. The more types of permissions in Permission List the more modular and scalable your implementation. A User Profile inherits most of its permissions through the roles that have been assigned to the User Profile. Data permissions or row-level security appears either through a Primary Permission lists or a Row Security Permissions list.
Row-level security controls access to the subset of data rows within tables the user is authorized to read or update. The decision to implement row-level security will be based on the need to provide that level of data security. To establish row level security, you must first decide the necessary data security level required, which key fields to secure, and whether security will be defined through User IDs or Permission Lists. With row-level support, PeopleSoft security can restrict individual users or Permission Lists from specific rows of data that are controlled by key fields. For example: Business unit Set ID Ledger (and ledger group) Book Project Therefore, users would only be able to view those rows for which they have security access for a specified Business Unit or Project, for example. Once row level security is turned on in for a particular PeopleSoft module, it applies to all applications within that module, not specific applications. Additionally, a method for implementing row-level security can be by User ID. Key fields can be associated to User IDs as well as Projects. Projects will also perform row-level security by User ID through the Use List. This sets up Projects to implement row level security in a team-based method.
PeopleSoft security mainly depends on Rowlevel security. Security works best if it is based on organizational structure. Types of security supplied by PeopleSoft: Departmental security No security International security Tree Manager: 3 steps in setting up department security: Create the security tree Update department security tree Grant and restrict access to the entities