Security

  1. Resources


  1. Users

In order to use PeopleSoft, employees need to be set up as users with the appropriate roles. This is done by the PeopleSoft Support Team. When your organization originally went live with PeopleSoft, you submitted to PeopleSoft Support a spreadsheet of all users (separate lists for Finance and HCM). On your spreadsheet you included the employee's name, ID, email address, and roles to assign. These users were loaded into Production and validated by PeopleSoft Support. On the day of Go Live, they were able to log in and work.

How Users Are Created (Nightly Process)

Since Go Live, you have hired new employees.. After you enter job data in HCM, each night two scheduled jobs run to create user accounts and assign two basic roles: M_EMPLOYEE and M_EE_XXX. The next day the employee can log into PeopleSoft Employee Self-Service (ESS). If the employee will use Finance or HCM, an authorized staff member needs to submit a Service Portal ticket with the requested role assignments. PeopleSoft Support will make the requested changes.

You will need to notify PeopleSoft Support (Service Now Ticket) when a user needs to be inactivated. Please see Section 5 "When to Submit a ServiceNow Ticket" for more information.

3. Roles

Role Descriptions

Roles allow a user to access certain screens, reports, and queries. Refer to these files for descriptions of each role:

Basic Roles

Everyone gets 2 basic roles:

    • M_EMPLOYEE: Gives to access to view paycheck, and

    • M_EE_XXX: The permissions in this role are district-specific. XXX = District #.

    • For example, 099 has it configured so employees use ESS for Absence Requests, Personal Information, Benefits Information Viewing, and Travel & Expenses; 022 has Personal Information and Absence Requests.

Common Finance Roles

PeopleSoft Finance users need to be assigned Finance roles. Here are some common Finance roles. "INQUIRY" means Read Only.

    • M_SEC_CF_NOCASH: Provides ChartField security to enter transactions (if you don’t have this role you can navigate to a page to which you have access but you can’t save an entered ChartField)

    • M_KK_INQUIRY: To view budget screens and reports

    • M_PO_REQUESTER: To create requisitions

    • M_PO_INQUIRY: To view POs

    • M_GL_CREATE_JOURNALS: To create GL journal entries

    • M_QUERY VIEW: To run queries based on your role assignment

Common HCM Roles

PeopleSoft Human Capital Management (HCM) users need to be assigned HCM roles. Here are some common HCM roles. "RDO" means Read Only; in HCM each role has an RDO version.

    • M_HR_SPECIALIST: To enter personal data and job data (and more)

    • M_HR_SPECIALIST_RDO: To view personal data and job data (and more)

    • M_HR_PERSONAL_DATA: To enter personal data but not job data

    • M_PAYROLL_ADMINISTRATOR: All access that Payroll Specialist has, but includes access to the Payroll Query Tree, DBT, and Combo Code Table.

    • M_TL_TIMEKEEPER: Data entry for Timekeepers.

    • M_QUERY VIEW: To run queries based on your role assignment

4. Queries to Audit Security

Here are queries you can use to check employees' roles and workflow setup.

M_USER_ROLES (HCM, FIN)

In both PeopleSoft HCM and Finance you can run the query called M_USER_ROLES. Look in the “Role Name” column to see the roles that each employee has. If the employee is set up in both HCM and Finance, you will need to run the query in both environments to view those roles. You must have the M_HR_SPECIALIST role to run this query in HCM and the M_KK_INQUIRY role to run it in Finance.

M_WF_ALL_ROUTING (FIN)

In PeopleSoft Finance you can run the query called M_WF_ALL_ROUTING to see the approvers and routing. You must have any M_WF_ role (an approval role) to run this query in Finance. NOTE: To review HCM workflow, run the HCM query called M_USER_ROLES and filter by Approver roles. For Personnel Action Form routing, look for M_WF_ roles.

M_SEC_ROLE_NAVIGATION

In both PeopleSoft HCM and Finance you can run the query called M_SEC_ROLE_NAVIGATION. It will include a role's components and navigations.

    • Role Name %: Look up the role name. Search for the ones that begin with “M_” only.

    • Component %: Enter a % in Component to return all values. A component is a collection of related pages or tabs (Advanced users – go to Ctrl + Shift + J on a page to see the Component name.)

5. When to Submit a Service Now Ticket

New Employee - Addition of Roles

If a new employee needs to be assigned Finance or HCM roles, submit a Service Now ticket with the requested role assignments. An authorized staff member from your organization must submit this ticket to document that this change is approved.

Employment Status Change - Addition or Removal of Roles

When an employee's employment status changes (leaves the district, new position, etc.) an authorized staff member from your organization needs to submit a Service Now ticket to request the addition or removal of roles. It is very important that roles are removed when they should no longer be assigned.

NOTE: If the employee handles approvals, please note that the routing needs to be reassigned to another employee prior to the removal of roles.

Examples

Example 1 - Position Change: Employee works at District A and has 10 HCM roles assigned to him. He changes positions within District A and needs 2 HCM roles removed. District A needs to submit a SErvice Now ticket indicating which roles need to be removed.

Example 2 - Employee Leaves District: Employee works at District A and has 10 HCM roles assigned to him. He will no longer work for District A. District A needs to submit a Service Now ticket to indicate that the employee has left and the PeopleSoft access needs to be removed. NOTE: If the employee handles approvals, indicate in the ticket the name and ID of the user who will assume the approvals; this needs to be done prior to the removal of roles. PeopleSoft Support team will:

    1. Log into HCM and Finance and removes all roles

    2. Leave the Primary Permission list as is

    3. Leave M_EMPLOYEE role so the employee can still view paychecks in ESS. If you want the employee to have no access at all, please indicate that you would like the PeopleSoft Support Team to lock the account (cannot view paychecks).

Example 3 - Employee Leaves District and Moves to Another PeopleSoft District: Employee leaves District A and is now employed by District B. District A submitted a Service Now ticket to remove permissions from the user. District B needs to submit a ticket to grant permissions to the user and specify which roles and approval routing (in case they need to be an approver) are needed.

6. Password Resets

Password resets can be handled by the user (employee) or by authorized district staff.

Self-Service Password Reset

All users are capable of resetting their own PeopleSoft passwords. First, the user must set up a security question and verify the user email address. This is done from the ESS home page > NavBar > My Profile screen.

If a password is forgotten, the user can click Forgot your password? from the Portal login or Employee Self-Service login screen. Upon entering the User ID and answering the security question, a new temporary password will be emailed to the user's email address.

Please refer to the Employee Self-Service (ESS) Guide for full directions.

Authorized District Staff (M_SECURITY_LEVEL1)

Each organization has a set of staff capable of resetting PeopleSoft passwords. In order to reset a user’s password, these staff must be authorized by the organization's Primary Contact to perform this task and be assigned a PeopleSoft role called M_SECURITY_LEVEL1. Level 1 Security represents password resets only, and not other security functions. Password resets are done through PeopleSoft Portal only (not HCM or Finance).

To assign the M_SECURITY_LEVEL1 to a staff member, please obtain permission from your organization's Primary PeopleSoft Contact and include that in the Service Now ticket. It is recommended that your organization periodically review who has this role.

If you are responsible for resetting passwords for your district or charter school, a job aid is available upon request (not posted online). It describes how to use the Distributed User Profile screen in PeopleSoft Portal to manually change a user's password. It also explains how to walk an employee through the “Forgot My Password” setup. For more information, please submit a Service Now Ticket or contact PeopleSoft Support at 858-298-2203.