|
Topics: |
In addition to the standard administrative options described in this chapter, advanced options and techniques are available to assist in automating security access updates and troubleshooting integration problems. This topic discusses these options and provides additional details on PeopleSoft security integration.
|
How to: |
|
Reference: |
Security resynchronization is one of the functions of the PeopleSoft Administrator. When administering PeopleSoft connections through the Web console, you simply select the Re-Synch link under the Security group, and all of the PeopleSoft data security rules are re-synchronized.
The batch resynchronization utility enables administrators to schedule, through an operating system command, the execution of this functionality without having to manually open the Administrator tool. By scheduling this process nightly (or otherwise; based on business requirements), administrators are not required to perform this function manually, and they can be assured that the data security rules are current as of the last scheduled run.
The utility is comprised of two files. These files are a procedure (pssecsnk.fex) used in executing the resynchronization routine and a t3i script (pssecsnk.t3i), which is the command line input file. By starting the server with the t3i script as an input, the server performs the required security resynchronization without user intervention.
A server can be accessed locally without the use of client software. This functionality can be started using the following mode:
An administrative user with access to the server can use the server in stand-alone mode to perform any of these functions. If PeopleSoft data must be accessed in any of these processes, you must execute the PeopleSoft authentication routine.
The following procedure is for a Windows environment.
c:\ibi\srv77\wfs\bin\edastart -f c:\ibi\srv77\wfs\catalog\pssecsnk.t3i
where:
Is the directory location of the edastart command.
For details about securing the script, see Password Security.
Note: The pssecsnk.t3i script will create a number of work files in the temporary directory. Optionally, these can be deleted using the following four commands, which are placed in the .bat file after the call to the t3i script:
The t3i script is an ASCII text file that must be edited for your particular environment. It contains four execute command lines that:
The syntax is:
%connect %begin APP PREPENDPATH SNAPINST EX _EDAHOME/CATALOG/PS/PSMASLOD EX _EDAHOME/CATALOG/PS/PSLOGOFF RETVAL=N, PSBATCH=Y EX PSLOGIN USERID=PS, PASSWD=PS, PSBATCH=X EX _EDAHOME/CATALOG/PS/PSSECBAT EX _EDAHOME/CATALOG/PS/PSLOGOFF RETVAL=N %end %disconnect %stop_server
You must modify the user ID and password in accordance with one that is appropriate for your environment. The user ID must be granted access in PeopleSoft.
Since the file is in readable text, the administrator must prevent read/write access for anyone not authorized to access the t3i. The best way to prevent unauthorized access is to use operating system security. Windows and UNIX provide ways to prevent unauthorized access to individual files and entire directories. Contact your operating system administrator for assistance in performing this security step.
After the script has been executed, the Administrator can review the execution results. A batch process output file (pssecsnk.t3o) is automatically created in the execution directory.
The following is an example of a successful execution. Look at the bottom of the following file:
< Filename: pssecsnk.t3o > … Various REBUILD message lines … Successful Security Re-synch for Connection: E854064 DBNUM: 1 (E854064) has been re-synchronized, DBA security is: ON
The PeopleSoft adapter administration screens allow for the creation of base synonyms for individual PeopleSoft records. Each created synonym will use an MFD_PROFILE keyword to execute a procedure to dynamically create a security file and a DBA section that references the security file. PeopleSoft synonyms should not be changed or edited in any way. The adapter administration process is expecting the synonyms to be in their original state as generated by the adapter. Also refreshing them using the administration screens will remove the changes.
A cluster synonym can be created that references the base synonym . Changes or additions can be made to this cluster. The cluster can also JOIN PeopleSoft synonyms together. If clusters are used, the following rules must be applied:
|
How to: |
These troubleshooting tips help if you are getting FOCUS error messages, such as a FOC1302, or if you are seeing SQL errors when you run reports.
The most likely source of difficulty in connecting to your PeopleSoft data source is the data source connectivity. If you are experiencing difficulty connecting to the data source:
Verify the ID and check to see if the password has changed.
If the password has changed, then it must also be changed in the PeopleSoft configuration.
If you are not getting any rows back, check to see if the PeopleSoft access ID has read authority on the PeopleSoft records you are accessing.
PeopleSoft enforces all the security mechanisms used by the PeopleSoft Query tool. This includes Query Tree security and row-level security. If you are getting unexpected results, it is possible that your PeopleSoft security has not been configured properly.
To verify that security is being properly enforced:
The Administrator can run a report of installed records to verify. If row-level security is the issue, the server-side ACX file should be reviewed and compared to the record definition in PeopleSoft, including the Security Search record.
Does it appear to match the business logic behind the original request? If not, check the syntax behind the original FOCUS code. Perhaps you are using a WRITE instead of a PRINT, or perhaps a WHERE clause has been coded incorrectly.
If you are getting the expected results, then there may be a problem with the program logic after the data is returned to FOCUS from the RDBMS. Examine COMPUTE/DEFINE statements for logic errors or, if you are using ON TABLE HOLD, there may be a problem in your code.
If you are getting the same unexpected results, then examine the underlying data. Perhaps some cross-referenced fields are missing, or perhaps row-level security is eliminating essential rows.
| WebFOCUS | |
|
Feedback |