Resources‎ > ‎

Security


Users

In order to use PeopleSoft, employees need to be set up as users with the appropriate roles. This is done by the CRC. When your organization originally went live with PeopleSoft, you submitted to the CRC a spreadsheet of all users (separate lists for Finance and HCM). On your spreadsheet you included the employee's name, ID, email address, and roles to assign. These users were loaded into Production, validated by the CRC, and able to log in and work on the day of Go Live.

How Users Are Created (Nightly Process)

Now that you are live on PeopleSoft HCM, here is how users are created. After you enter job data in HCM, two scheduled jobs run at night to create user accounts and assign basic roles. These jobs are called M_HR_CRT_ID and DYNROLE_PUBL. The next day the employee can log into ESS. Please note that if the employee will use Finance or HCM, you need to submit a HEAT ticket with the requested role assignments.

How Users Are Created

How to Inactivate a User (Contact the CRC)

You will need to notify the CRC when a user needs to be inactivated. When an employee leaves your organization, submit a HEAT ticket to indicate that the employee has left and the PeopleSoft access needs to be removed. The CRC will: (1) Log into HCM and Finance and removes all roles, (2) leave the Primary Permission list as is, and (3) leave M_EMPLOYEE role so the employee can still view paychecks in ESS. If you want the employee to have no access at all, please indicate that you would like the CRC to lock the account (cannot view paychecks).

Roles

Basic Roles

Everyone gets 2 basic roles:
  • M_EMPLOYEE: Gives to access to view paycheck, and
  • M_EE_XXX: The permissions in this role are district-specific. XXX = District #.
    For example, 099 has it configured so employees use ESS for Absence Requests, Personal Information, Benefits Information Viewing, and Travel & Expenses; 022 has Personal Information and Absence Requests.
Basic Roles

Common Finance Roles

INQUIRY Roles = Read only
  • M_SEC_CF_NOCASH: Provides ChartField security to enter transactions (if you don’t have this role you can navigate to a page to which you have access but you can’t save an entered ChartField)
  • M_KK_INQUIRY: To view budget screens and reports
  • M_PO_REQUESTER: To create requisitions
  • M_PO_INQUIRY: To view POs
  • M_GL_CREATE_JOURNALS: To create GL journal entries
  • M_QUERY VIEW: To run queries based on your role assignment

Common HCM Roles

RDO Roles = Read only (Each role has an RDO version)
  • M_HR_SPECIALIST: To enter personal data and job data (and more)
  • M_HR_SPECIALIST_RDO: To view personal data and job data (and more)
  • M_HR_PERSONAL_DATA: To enter personal data but not job data
  • M_PAYROLL_ADMINISTRATOR: All access that Payroll Specialist has, but includes access to the Payroll Query Tree, DBT, and Combo Code Table.
  • M_TL_TIMEKEEPER: Data entry for Timekeepers.
  • M_QUERY VIEW: To run queries based on your role assignment

Requesting Role Changes (HEAT Ticket)

If a new employee needs to be assigned Finance or HCM roles (or an existing employee needs his/her roles modified), submit a HEAT ticket with the requested role assignments. An authorized staff member from your organization must submit this ticket to document that this change is approved.

Role Descriptions (Excel)

Here are the role descriptions: Finance Roles v5.0.xlsx, HCM Roles v5.0.xlsx. To download these files to Excel, please scroll to the bottom of this page and use the red arrow (download) for the desired file.

Queries to Check Employees' Roles and Workflow

M_USER_ROLES
In both PeopleSoft HCM and Finance you can run the query called M_USER_ROLES. Look in the “Role Name” column to see the roles that each employee has. If the employee is set up in both HCM and Finance, you will need to run the query in both environments to view those roles. You must have the M_HR_SPECIALIST role to run this query in HCM and the M_KK_INQUIRY role to run it in Finance.

M_WF_ALL_ROUTING
In PeopleSoft Finance you can run the query called M_WF_ALL_ROUTING to see the approvers and routing. You must have any M_WF_ role (an approval role) to run this query in Finance. NOTE: To review HCM workflow, run the HCM query called M_USER_ROLES and filter by Approver roles. For Personnel Action Form routing, look for M_WF_ roles.

M_SEC_ROLE_NAVIGATION
In both PeopleSoft HCM and Finance you can run the query called M_SEC_ROLE_NAVIGATION. It will include a role's components and navigations.
M_SEC_ROLE_NAVIGATION
  • Role Name %: Look up the role name. Search for the ones that begin with “M_” only.
  • Component %: Enter a % in Component to return all values. A component is a collection of related pages or tabs (Advanced users – go to Ctrl + Shift + J on a page to see the Component name.)

Password Resets (Distributed User Profile Screen)

Each organization has a set of staff capable of resetting PeopleSoft passwords. In order to reset a user’s password, these staff must be authorized to perform this task and be assigned a PeopleSoft role called M_SECURITY_LEVEL1. Level 1 Security represents password resets only, and not other security functions. Password resets are done through PeopleSoft Portal only (not HCM or Finance).

If you are responsible for resetting passwords for your district or charter school, a job aid is available upon request (not posted online). It describes how to use the Distributed User Profile screen in PeopleSoft Portal to reset a password and flag the account to require that a new password is created upon login. It also explains how to walk an employee through the “Forgot My Password” setup. For more information, please the CRC at 800-289-1500.
Ĉ
Peyri Herrera,
Aug 17, 2016, 2:15 PM
Ĉ
Peyri Herrera,
Aug 17, 2016, 2:16 PM
ć
Peyri Herrera,
Aug 17, 2016, 4:28 PM