people soft security
TRANSCRIPT
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 1/29
Security
prepared by:Abhijit Mishra
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 2/29
Introduction
Why Security?
To protect data from unwanted users.
Traditionally, Security deals with:– Risks
– Threats
– Vulnerabilities
– Attacks
In the world of Internet, the Challenge is:
Security, the enabling technology for e-Commerce.
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 3/29
Computer Crimes
• Computer security breaches: 16% rise in past year. Source: CSI
• The FBI reports that US industries suffer annual losses totaling$63 billion as a result of theft of intellectual property stored oncomputers.
• $236 million loss to saboteurs, viruses, laptop theft, financial
fraud, telecommunications fraud and theft of proprietaryinformation. Source: CSI
• Password files are stolen regularly.
• Firewalls not helping; 80% of hackers are employees andex-employees.
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 4/29
Security and e-Commerce
Type of Attack Average LossUnauthorized Insider Access $2,809,000
Theft of Proprietary Information $1,677,000Telecom Fraud $539,000Financial Fraud $388,000Sabotage $86,000System Penetration by Outsider $86,000
E-Commerce is a key to:• developing new customer• finding new sources of revenue• improving customer service, satisfaction and retention• expanding into new markets
• reducing costs• pioneering innovative new business strategies
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 5/29
Security Policy
Sample elements of a security policy include:
• Approval process for granting access to a system• Requirements for Identification and Authentication• Method for keeping system configurations current insofar as
security patches and enhancements• Process to promulgate the security policies and updates• Process to confirm or enforce compliance to security policies
Authentication Authorization
AdministrationAudit
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 6/29
PeopleSoft Security:
PeopleSoft provides you with security features,includingComponents and PeopleTools, to ensure that your
sensitive application data, such as employee salaries,performance reviews, or home addresses, doesn't fallinto the wrong hands.
PeopleSoft’s Approach
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 7/29
Native Security Services in
PeopleSoft 7.5 andPrior Versions
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 8/29
Database Security
Each DBMS that PeopleSoft supports has its own securitysystem; works in conjunction with PeopleSoft Online Security.
DBMS Security generally controls which:
• Users can login to a database
• Users can access tables and views and can manipulate
data• Users can perform server system administration activities
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 9/29
PeopleSoft Online Security
The PeopleSoft security approach is tailored for the Internet.
It enables
• to easily create and maintain security definitions
• to reduce the maintenance of your security system
By using PeopleTools security tools, one can control access to:
• Batch Processes
• Object Definitions
• Application Data
• Other Components
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 10/29
PeopleSoft Security Types
• Sign-on and Time-out Security
• Page and Dialog Security
• Batch Environment Security
a) Process Securityb) Reporting Security
• Object Security
• Application Data Security
a) Query/Table Level Security
b) Row Level Security
c) Field Security
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 11/29
PeopleSoft Security Types contd.
• Sign-on and Time-out SecuritySign-on : Monday to Friday 9am to 5:45pm Time-out: 20mins. Idle time
• Page and Dialog SecurityMenus or specific actions (Enabled/Disabled)
• Batch Environment Securitya) Process Security
(1) Run Control ID(2) Process Groups
(3) Restricting off-line RDBMS access
b) Reporting SecurityReport Repository at Web ServerServer should be locked from outside accessCan distribute reports and view them based on Role
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 12/29
• Object SecurityField, Record and Page level Security
PeopleSoft Security Types contd.
• Application Data Securitya) Table Level Security
Works only for queries (SQL)
Query Access Groups in Tree ManagerDoesn’t control run-time page access table data
b) Row Level SecuritySQL views - security views
saving only rows of data Tailored to specific applications
c) Field Level SecuritySecuring fields or columnsby using PeopleCode
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 13/29
PeopleSoft Internet ArchitectureSecurity
• Falls under PeopleSoft Online Security
• Also known as Run-time Security
• Only authorized users can connect to web and application servers
• Only authorized application servers can connect to a given database
• Uses authentication tokens embedded in browser cookies
To secure the links between the numerous components within
the system, including browser, web servers, application
servers, database servers and so on, PeopleSoft incorporates
a combination of Secure Socked Layer (SSL) security and
Tuxedo/Jolt Encryption.
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 14/29
PeopleSoft Internet ArchitectureSecurity contd.
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 15/29
PeopleSoft Security Definitions
Security Definition:
It refers to Security attributes created by using MaintainSecurity.Also known as Access Profiles but at the database level.
The main PeopleSoft security object types are:
• User Profiles
• Roles
• Permission Lists
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 16/29
PeopleSoft Security Definitions contd.
User Profile: Set of data describing a particular user of PeopleSoft systeData includes Language Code, SETIDs etc.Different from application data tables e.g. PERSON_DATA
User Profile Types:Security related: PasswordsDescriptive: Email AddressPreference: Multilingual
When User Profiles are relevant:When user interacts with the system by• logging in• viewing his/her worklist entry• receiving an email
etc.
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 17/29
PeopleSoft Security Definitions contd.
Roles:Intermediate objects that link User Profile with permissionlists.
Examples:
Employee, Manager, Customer, Vendor, Student etc.
Roles can be assign in two ways: • Manually
• Dynamicallyby using PeopleCode, LDAP and Query Tools
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 18/29
PeopleSoft Security Definitions contd.
Permission Lists:List or group of authorizations that are assigned to a Role.
They store:Sign-on times, Page access, PeopleTools access etc.
Some Permission Lists, such as Process Profile or
row-level security, you apply directly to a User Profile.
Data permissions, or row-level security, appear either
through a Primary Permissions List or a Row Security
Permissions list.
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 19/29
Profile 1 Role 2
Role 1PL1
PeopleSoft Security Definitions contd.
Role 3
PL2
PL3
PL1
PL4
PL3
Display
Modify
Delete
User Profile Roles Permission Lists Permissions
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 20/29
PeopleSoft Authorization IDs
User ID:ID required to enter the PeopleSoft application.Also used to distinctly identify the User Profile.
Connect ID:ID required to connect to the PeopleSoft database.ID required for direct/2-tier connection.
Access ID:Has administrator level database access(SELECT, UPDATE, DELETE)
ID used when connecting PeopleSoft database through
Application Server.
Symbolic ID:ID used to retrieve Access ID which is stored inPSACCESSPRFL.
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 21/29
PeopleSoft Authorization IDs
Application Server DatabasePeopleSoft Application
DatabaseConfiguration Manager
User ID Connect ID
Symbolic ID Access IDUser ID
2-Tier
3-Tier
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 22/29
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 23/29
PeopleSoft Users
PeopleSoftInternet
Architecture
PeopleSoftApplication
Customers
Vendors
Suppliers
Employees
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 24/29
Directory Server Integration
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 25/29
Lightweight Directory AccessProtocol
LDAP benefits:
• Single, centralized user profile for PeopleSoft and non-PeopleSoftapplications.
• Can control access to PeopleSoft applications.
• Less redundant data, less cost and fewer errors.
• Customers can utilize PeopleSoft business events and data to drivLDAP user profile and group creation and maintenance.
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 26/29
Lightweight Directory AccessProtocol contd.
Directories that PeopleSoft specifically supports:
• Novell NDS (Novell Directory Services) eDirectory
• iPlanet Directory Server (Netscape)
• Microsoft Active Directory
All interfaces between PeopleTools and the Directory are written inLDAP; customers can essentially use any LDAP version 3 compliantserver.
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 27/29
LDAP Integration
User Log-in
Sign-on PeopleCode
BI API invokes
Pulls User Profiles
User Profiles
New User = New Profile
Existing User = Sync.LDAP -> PS App Server
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 28/29
PeopleSoft Applicationtriggers a
business event
PeopleSoft Directory Interfacefor HRMS
The PeopleSoft Directory Interface for HRMS provides:
• an LDAP data mapping tool
• application messaging process
• an additional LDAP BI
to synchronize PeopelSoft and LDAP information
Application Msg.Containing directory data
gets published
Application Msg.Subscription process getsasynchronously invoked
LDAP version 3Business Interlink
gets invoked
Directory Data(User Profiles)gets updated
How this works:
8/7/2019 People Soft Security
http://slidepdf.com/reader/full/people-soft-security 29/29
SSL and Digital Certificates
PeopleSoft uses HTTP over SSL (HTTPS) to secure the
transmission of the content delivered to/from a user’s browser
as well as for integration between PeopleSoft and other systems.
The SSL implementation for HTTPS is provided through the use of
for Java that is enabled within PeopleTools. Hence no additional
licensing required by PeopleSoft users.
etc. CAs