PeopleSoft Corner

Main Menu

Home
PeopleSoft Corner Blog
PeopleSoft Corner Forum
Job Wanted / Help Wanted
Web Links
Contact Us
Search

Most Popular


Blog Roll


categories


Latest in Blog

Who's Online

We have 5 guests online

Syndicate

Weblog RSS Feed

Forum RSS Feed

CB Login

Recommended Products

I use and recommend the following products:

UltraEdit

UltraCompare

BeyondCompare

SQL Developer

del.icio.us addon for Firefox

 

Build Read Only Perm List Quickly Print
Written by Brent Martin   
Tuesday, 10 June 2008
If you've ever done PeopleSoft security, I'm sure you've had somebody ask you to "Set Bob up like Ann, but make sure Bob can't change anything."  Which is fine if you have the read-only permission lists to do it.  But building permission lists from scratch can be time consuming.  Here's a couple of SQL's to make your task easier.

First, you'll want to copy Ann's permission lists, and name them so you'll know they're read-only.  I generally append an "R" at the end, but whatever naming convention works for you.  Using the online Copy Permission List functionality is the easiest.

Then for each permission list, run the following SQL to make them read-only.  Replace &1 with the name of the permission list.  It'll make an effort to leave Inquire Only and Report pages read/write so you can create run controls.  


update psauthitem a
set authorizedactions = case when bitand(authorizedactions,1)>0 then authorizedactions -1 else authorizedactions end,
    displayonly = 1
where classid = '&1' and
barname not like 'REPORT%' and barname not like 'INQ%' and barname not like 'RPT%'
/
UPDATE PSLOCK SET VERSION = VERSION + 1 WHERE OBJECTTYPENAME = 'CLM'
/
UPDATE PSVERSION SET VERSION = VERSION + 1 WHERE OBJECTTYPENAME = 'SYS'
/
UPDATE PSVERSION SET VERSION = VERSION + 1 WHERE OBJECTTYPENAME = 'CLM'
/
UPDATE PSCLASSDEFN SET VERSION = (SELECT VERSION FROM PSVERSION WHERE OBJECTTYPENAME = 'CLM') where CLASSID = '&1'
/

The script isn't 100% accurate, so you'll probably want to run a query like the following so that you can see what access the user is left with and whether it's appropriate or not:

select distinct AUTH.CLASSID, A.MENUNAME, D.PNLGRPNAME, B.ITEMLABEL,
    rtrim((case when bitand(authorizedactions,1) > 0 then 'A,' END  ||
        case when bitand(authorizedactions,2) > 0 then 'U,' END  ||
        case when bitand(authorizedactions,4) > 0 then 'U+,' END  ||
        case when bitand(authorizedactions,8) > 0 then 'C,' END ||
        case when displayonly = 1 then 'V,' END),',') AuthAction
FROM PSAUTHITEM AUTH, PSMENUDEFN A, PSMENUITEM B, PSPNLGROUP C, PSPNLGRPDEFN D
WHERE A.MENUNAME = B.MENUNAME AND
      B.PNLGRPNAME = C.PNLGRPNAME AND
      D.PNLGRPNAME = C.PNLGRPNAME AND
      AUTH.MENUNAME = A.MENUNAME AND
      AUTH.BARNAME = B.BARNAME AND
      AUTH.BARITEMNAME = B.ITEMNAME AND
      AUTH.PNLITEMNAME = C.ITEMNAME AND
      AUTH.CLASSID = '&1'
ORDER BY A.MENUNAME, D.PNLGRPNAME
/

My apologizes for non-Oracle database users -- bitand is an Oracle-specific function and I don't know any good equivalents for SQL Server or other platforms.  If you do please share!

Comments (7)add feed
Logic for bit comparisons : Chris Heller : http://blog.greysparling.com/
The basic logic for bit comparisons in SQL is

FLOOR(FIELDNAME/1)-FLOOR(FIELDNAME/2)*2

where FIELDNAME is the field that has the value that you're trying to pull from (e.g.AUTHORIZEDACTIONS, USEEDIT, etc.) and FLOOR is the platform specific function for taking just the integer value from a number. FLOOR is the actual function for SQL Server, Oracle and DB2. I don't know offhand what it is for Sybase and Informix, but probably have something similar.

So, for Oracle or SQL Server you would use FLOOR(FIELDNAME).
June 10, 2008
Thanks, Chris! : Brent Martin
Thanks for the tip, Chris. So the "database independent" versions of these queries would be:

UPDATE PSAUTHITEM A
SET AUTHORIZEDACTIONS = CASE WHEN FLOOR(AUTHORIZEDACTIONS)-FLOOR(AUTHORIZEDACTIONS/2)*2 >0 THEN AUTHORIZEDACTIONS -1 ELSE AUTHORIZEDACTIONS END,
DISPLAYONLY = 1
WHERE CLASSID = '&1' AND
BARNAME NOT LIKE 'REPORT%' AND BARNAME NOT LIKE 'INQ%' AND BARNAME NOT LIKE 'RPT%'

and

SELECT DISTINCT AUTH.CLASSID, A.MENUNAME, D.PNLGRPNAME, B.ITEMLABEL,
RTRIM((CASE WHEN FLOOR(AUTHORIZEDACTIONS)-FLOOR(AUTHORIZEDACTIONS / 2)*2 > 0 THEN 'A,' END ||
CASE WHEN FLOOR(AUTHORIZEDACTIONS / 2)-FLOOR(AUTHORIZEDACTIONS / 4)*2 > 0 THEN 'U,' END ||
CASE WHEN FLOOR(AUTHORIZEDACTIONS / 4)-FLOOR(AUTHORIZEDACTIONS / smilies/cool.gif*2 > 0 THEN 'U ,' END ||
CASE WHEN FLOOR(AUTHORIZEDACTIONS / smilies/cool.gif-FLOOR(AUTHORIZEDACTIONS / 16)*2 > 0 THEN 'C,' END ||
CASE WHEN DISPLAYONLY = 1 THEN 'V,' END),',') AUTHACTION
FROM PSAUTHITEM AUTH, PSMENUDEFN A, PSMENUITEM B, PSPNLGROUP C, PSPNLGRPDEFN D
WHERE A.MENUNAME = B.MENUNAME AND
B.PNLGRPNAME = C.PNLGRPNAME AND
D.PNLGRPNAME = C.PNLGRPNAME AND
AUTH.MENUNAME = A.MENUNAME AND
AUTH.BARNAME = B.BARNAME AND
AUTH.BARITEMNAME = B.ITEMNAME AND
AUTH.PNLITEMNAME = C.ITEMNAME AND
AUTH.CLASSID = '&1'
ORDER BY A.MENUNAME, D.PNLGRPNAME


Sorry about the smiley faces -- it's my cheap comment system. They should be 8's.
June 10, 2008
T-SQL re-write : Mike Putnam : http://theputnams.net/mike
T-SQL doesn't handle CASE statements the same way as PL/SQL either. The below works on Microsoft SQL Server 2000, but doesn't give you a nice "value-packed" field (ex: A,U ,V) rather a row for each AUTHACTION.


SELECT DISTINCT AUTH.CLASSID, A.MENUNAME, D.PNLGRPNAME, B.ITEMLABEL,
CASE
WHEN FLOOR(AUTHORIZEDACTIONS)-FLOOR(AUTHORIZEDACTIONS / 2 )*2 > 0 THEN 'A'
WHEN FLOOR(AUTHORIZEDACTIONS / 2 )-FLOOR(AUTHORIZEDACTIONS / 4 )*2 > 0 THEN 'U'
WHEN FLOOR(AUTHORIZEDACTIONS / 4 )-FLOOR(AUTHORIZEDACTIONS / 8 )*2 > 0 THEN 'U '
WHEN FLOOR(AUTHORIZEDACTIONS / 8 )-FLOOR(AUTHORIZEDACTIONS / 16 )*2 > 0 THEN 'C'
WHEN DISPLAYONLY = 1 THEN 'V'
END
as AUTHACTION
FROM PSAUTHITEM AUTH, PSMENUDEFN A, PSMENUITEM B, PSPNLGROUP C, PSPNLGRPDEFN D
WHERE A.MENUNAME = B.MENUNAME AND
B.PNLGRPNAME = C.PNLGRPNAME AND
D.PNLGRPNAME = C.PNLGRPNAME AND
AUTH.MENUNAME = A.MENUNAME AND
AUTH.BARNAME = B.BARNAME AND
AUTH.BARITEMNAME = B.ITEMNAME AND
AUTH.PNLITEMNAME = C.ITEMNAME AND
AUTH.CLASSID = 'PTPT1000' --T-SQL doesn't prompt like &1 in PL/SQL
ORDER BY A.MENUNAME, D.PNLGRPNAME

June 11, 2008
Select Statement : Jason
Before updating, I want to do a select statement to see what I am updating. This is what I have:

SELECT CLASSID, BARITEMNAME, PNLITEMNAME, DISPLAYONLY, AUTHORIZEDACTIONS,
CASE
WHEN FLOOR(AUTHORIZEDACTIONS)-FLOOR(AUTHORIZEDACTIONS/2)*2 >0 THEN AUTHORIZEDACTIONS -1
ELSE AUTHORIZEDACTIONS END
DISPLAYONLY = 1
FROM PSAUTHITEM
WHERE CLASSID = 'PTPT1000' AND
BARNAME NOT LIKE 'REPORT%' AND BARNAME NOT LIKE 'INQ%' AND BARNAME NOT LIKE 'RPT%'

I can't run it. Is there something wrong with the statement?
July 24, 2008
RE: Select Statement : Brent Martin
Dude.

Here's how I'd do it:

SELECT CLASSID, BARITEMNAME, PNLITEMNAME, DISPLAYONLY, AUTHORIZEDACTIONS,
CASE WHEN FLOOR(AUTHORIZEDACTIONS)-FLOOR(AUTHORIZEDACTIONS/2)*2 >0 THEN AUTHORIZEDACTIONS -1
ELSE AUTHORIZEDACTIONS END,
DISPLAYONLY,
1 DISPLAYONLY_NEW
FROM PSAUTHITEM
WHERE CLASSID = 'PTPT1000' AND
BARNAME NOT LIKE 'REPORT%' AND BARNAME NOT LIKE 'INQ%' AND BARNAME NOT LIKE 'RPT%'

July 25, 2008
... : Jason
Thanks Brent.

For some reason, I can not run reports after I do the update. Anyone know the cause of this?
July 29, 2008
RE: Reports : Brent Martin
The most common reason would be that you set your run control pages to read-only, which would gray out the Run button. The SQL tries to skip that by excluding pages on the REPORT% and INQ% menu bar names, but that doesn't work 100% of the time. You may have to tweak the SQL some more, or manually flip the DisplayOnly flag back.
July 30, 2008
Write comment
quote
bold
italicize
underline
strike
url
image
quote
quote
Smiley
Smiley
Smiley
Smiley
Smiley
Smiley
Smiley
Smiley
Smiley
Smiley
Smiley
Smiley


Write the displayed characters


busy
 
Next >
[ Back ]