You implement row-level security by having Query search for data using a query security record definition. The query security record definition adds a security check to the search.
Query security record definitions serve the same purpose as search record definitions do for panels. Just as a panel’s search record definition determines what data the user can display in the panel, the query security record definition determines what data the user can display with Query.
JA N U A R Y 2 0 0 1 PE O P L ETO O L S 8 . 1 2 PE O P L ESO F T QU E R Y PE O P L EBO O K
PE O P L ESO F T PR O P R I E T A R Y A N D CO N F I D E N T I A L SE T T I N G U P QU E R Y SE C U R I T Y 2 - 7 To get Query to retrieve data by joining a security record definition to the base table, you specify the appropriate Query Security Record when you create the base table’s record definition. To apply row level security
15. Select Go, PeopleTools, Application Designer to open the Application Designer, and open the record on which you want to apply row-level security.
16. With the record definition open in the Application Designer, click the Properties button , and select the Use tab from the Record Properties dialog box.
Record Properties dialog box – Use tab
Note. You use this dialog box to set a number of different aspects of the record definition. For details, see Using Application Designer. The only item we’re concerned with here is the
Query Security Record list box.
17. Select the security record definition (usually a view) in the Query Security Record list box. Each PeopleSoft product line comes with a set of views for implementing its standard row- level security options. See the product documentation for details.
2 - 8 SE T T I N G U P QU E R Y SE C U R I T Y PE O P L ESO F T PR O P R I E T A R Y A N D CO N F I D E N T I A L
Note. The Parent Record list box is also relevant to Query. It identifies a record definition that is the current definition’s parent, meaning that it holds related data and that its keys are a subset of the current record definition’s keys. If you designate a parent record, Query automatically knows what fields to use when you join these two tables for a query.
For more information, see Advanced Query Options.
In most cases, the Query Security Record definition you’ll want to select is the same one you use as the search record definition for the panel that manages this table. If you’re enforcing one of the standard row-level security options from a PeopleSoft application, select the PeopleSoft-supplied security view for that option. See the application documentation for a list of the available views. If you’ve designed your own security scheme, select a record
definition that appropriately restricts the rows a query will return.
18. Once you’ve set the query security record definition, click OK to close the Record Properties dialog box, then save the record definition.
If you’ve already used SQL Create to build a table from this record definition, you don’t need to rebuild it.
Note. PeopleSoft’s row-level security views restrict users from seeing certain rows of data. If you specify a query security record for a given base record definition, PeopleSoft Query adds a qualifier to the WHERE clause of each query, instructing the system to retrieve only rows in organizational entities you’ve been granted access to. If you perform a “historical” query—for example, a query asking for the employees in your department as of last year— you may not get the results you expect. Because the system is enforcing row-level security, PeopleSoft Query will only return those employees who were in the department last year and are currently in a department you have access to.
PE O P L ESO F T PR O P R I E T A R Y A N D CO N F I D E N T I A L CR E A T I N G A N D RU N N I N G SI M P L E QU E R I E S 3 - 1