The PeopleSoft systemuses various authorization IDs and passwords to control user access.You use PeopleTools Security to assign two of these IDs: the userID and the symbolic ID.
This section discusses:
User IDs.
Connect ID.
Access IDs.
Symbolic IDs.
Administrator access.
A PeopleSoft user IDis the ID you enter at the PeopleSoft sign in page. You assign eachPeopleSoft user a user ID and password. The combination of these twoitems grants users online access to the PeopleSoft application. Thesystem can also use a user ID stored within an LDAP directory server.
The user ID is the keythat the application uses to identify the user profile definition.
The connect ID performsthe initial connection to the database.
Note: PeopleSoft no longercreates users at the database level.
A connect ID is a validuser ID that, when used during sign in, takes the place of PeopleSoftuser IDs. Using a connectID means you do not have to createa new database user for every PeopleSoft user that you add to thesystem.
Note: A connect ID is requiredfor a direct connection (two-tier connection) to the database. Applicationservers and two-tier Microsoft Windows clients require a connect ID.You specify the connect ID for an application server in the Signonsection of the PSADMIN utility. For Microsoft Windows clients, youspecify the connect ID on the Startup tab of PeopleSoft ConfigurationManager. You can create a connect ID by running the ConnectSQL andGrantSQL scripts.
Note: When performing a databasecompare or copy, both databases must have the same connect ID.
Warning! Without a connect IDspecified, the system assumes the workstation is accessing PeopleSoftthrough an application server. The option to override the databasetype is disabled.
When you create anyuser ID, you must assign it an access profile, which specifies anaccess ID and password.
The PeopleSoft accessID is the RDBMS ID with which PeopleSoft applications are ultimatelyconnected to your database after the PeopleSoft system connects usingthe connect ID and validates the user ID and password. An access IDtypically has all the RDBMS privileges necessary to access and manipulatedata for an entire PeopleSoft application. The access ID should haveSelect, Update, and Delete access.
Users do not know theircorresponding access IDs. They just sign in with their user IDs andpasswords. Behind the scenes, the system signs them into the databaseusing the access ID.
If users try to accessthe database directly with a query tool using their user or connectIDs, they have limited access. User and connect IDs only have accessto the few PeopleSoft tables used during sign in, and that accessis Select-level only. Furthermore, PeopleSoft encrypts the sensitivedata that resides in those tables.
Note: Access profiles areused when an application server connects to the database, when a MicrosoftWindows workstation connects directly to the database, and when abatch job connects directly to the database. Access profiles are notused when end users access applications through PeopleSoft Pure InternetArchitecture. During a PeopleSoft Pure Internet Architecture transaction,the application server maintains a persistent connection to the database,and the end users leverage the access ID that the application serverdomain used to sign in to the database.
Note: PeopleSoft suggeststhat you only use one access ID for your system. Some RDBMS do notpermit more than one database table owner. If you create more thanone access ID, it may require further steps to ensure that this IDhas the correct rights to all PeopleSoft system tables.
PeopleSoft encryptsthe access ID when it is stored in the PeopleTools security tables.Consequently, an encrypted value cannot be readily referenced or accessed.So when the access ID, which is stored in PSACCESSPROFILE, must beretrieved or referenced, the query selects the appropriate accessID by using the symbolic ID as a search key.
The symbolic ID actsas an intermediary entity between the user ID and the access ID. Allthe user IDs are associated with a symbolic ID, which in turn is associatedwith an access ID. If you change the access ID, you need to updateonly the reference of the access ID to the symbolic ID in the PSACCESSPROFILEtable. You do not need to update every user profile in the PSOPRDEFNtable.
As an administrator,you must customize your own user definition. PeopleSoft delivers atleast one full-access user ID with each delivered database. Your firsttask should be to sign in with this ID and personalize it for yourneeds or to create a new, full-access ID.
Note: PeopleSoft-deliveredIDs are documented in your installation manual.
When you install PeopleSoft,you are prompted for an RDBMS system administrator ID and password.This information is used to automatically create a default accessprofile. If you will be using more than one access profile, set upthe others before creating any new PeopleSoft security definitions.Most sites only use one access profile.
The number of database-levelIDs you create is up to your site requirements. However, in most cases,having fewer database-level IDs reduces maintenance issues.
For example, if youimplement pure LDAP authentication, at a minimum you need two database-levelIDs—your access ID and your connect ID. With this scenario, in PeopleSoftyou need to maintain only a symbolic ID to reference the access IDand maintain a user ID that the application server uses during signin. With this minimal approach, each user who needs a two-tier connection,to run an upgrade, for example, could use the same user ID that theapplication server uses.
