PeopleSoft XML Publisher - Query Security

StackOverflow https://stackoverflow.com/questions/8854746

Question

We have an XML Publisher template that uses a query (built in query manager) as a data source. The query uses a custom view containing confidential data. The report is to be used by managers to view information on their direct reports - this is accomplished by setting parameters on the page. Since we have to make the record available to Query, any manager that also has permission to write queries can also see the record, and thus data on employees other than the ones that report to them. The Query also has to be public, so it too will be available to anyone that has access to run queries. We'd like to be able to:

  1. Make the query available only via the page (I think I've got this one - the page will pass an additional parameter which will be compared to in the WHERE clause of the query)

  2. Hide the custom record from anyone but the query/report

We cannot use typical row-level security as a general manager should only be able to see the people that report up to them.

Thanks

Was it helpful?

Solution

To enable security over the data that is being shown when a user tries to query a particular record (using query manager), you will can use a query security record in which you could verify the user that is trying to access the data. Generally, a dynamic view is used here wherein you could check the OPRID trying to access the data, and accordingly serve the data. Querymanager picks up the query security record automatically in the sql.

OTHER TIPS

I haven't used XML Publisher much, but I've had to do something similar to this (minus the confidentiality requirement).

Are all of the people that work under a manager set up under the same Department ID? The PSOPRDEFN table stores OPRIDs/User IDs that map to EmplIDs, and you can link that to the JOB table to get the DeptID for the EmplID.

So set a criteria on the query to be something that limits it to the current user's Department ID. I've found syntax on how to do that in Oracle 10g, but it doesn't seem to be working for 11g when I try it. http://www.techonthenet.com/oracle/functions/user.php http://www.techonthenet.com/oracle/functions/sys_context.php

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top