PSAUTHITEM is one of PeopleSoft’s core security tables.  It’s primary purpose is to track which pages and authorized actions that each permission list is assigned, but it tracks web library (iScript) permissions as well.

In this article I’ll talk a little about the fields in PSAUTHITEM, how you can join to other PeopleTools tables to get more information (like Component), and how to decode the elusive AUTHORIZEDACTIONS field.

Here are the columns in PSAUTHITEM:

CLASSID
MENUNAME
BARNAME
BARITEMNAME
PNLITEMNAME
DISPLAYONLY
AUTHORIZEDACTIONS

ClassID is the permission list ID.  Menuname, barname, baritemname and PNLITEMNAME are all keys on the PSMENUITEM table.  You may remember back before version 8.4 where menus actually were used to navigate to a page.  Well, even though we navigate to pages via the Portal Registry now, that old Menu structure is still used for page security.

If you want to create a query that shows everything you need to set up on-line security including the component name, this query will show it to you.  Component is the PNLGRPNAME field.

select a.MENUNAME, b.PNLGRPNAME, a.PNLITEMNAME,  a.BARNAME, a.BARITEMNAME, a.AUTHORIZEDACTIONS

from PSAUTHITEM a, PSMENUITEM b
where a.menuname = b.menuname and
      a.barname = b.barname and
     a.baritemname = b.itemname and
     a.classid = 'ALLPAGES'

Okay, so you run the query.  If you’re expecting AuthorizedActions to be some easy to use text field that spells out what the valid authorized actions are, you’re going to be disappointed because it’s just a numeric code.  Think of AuthorizedActions as  a 4-bit field with each bit representing an action.  Here’s what the bit positions mean:

 Correction  Update/DisplayAll  Update/Display  Add

     1              1                 1          1    =   

    2^3    +       2^2        +      2^1      + 2^0   =

     8     +        4         +       2       +  1    = 15

So to grant a permission list full access to a page, this value will be equal to 15.

Okay, it’s important to know that there are exceptions.  If you run a query, you can find all sorts of scenarios where authorizedactions is greater than 15.  I used to know why, but I’ve long since forgotten.   If anybody can remind me I’d appreciate it!

 Anyway, to make AUTHORIZEDACTIONS return something a little more friendly, you’ll have to use bitwise operators to make it happen.  Here’s a query written in Oracle 10G that splits AUTHORIZEDACTIONS into a series of Yes/No fields for Add, Update/Display, UpdateDisplay All, and Correction:

select classid, menuname, barname, baritemname, pnlitemname, displayonly,
case when bitand(authorizedactions,1) > 0 then 'Y' else 'N' END ADDACTION,
case when bitand(authorizedactions,2) > 0 then 'Y' else 'N' END UPDATEACTION,
case when bitand(authorizedactions,4) > 0 then 'Y' else 'N' END UPDATEALLACTION,
case when bitand(authorizedactions,8) > 0 then 'Y' else 'N' END CORRECTIONACTION,
case when authorizedactions > 15 then 'Y' else 'N' END SPECIAL
from psauthitem
where classid = 'ALLPAGES'
 

Comments (1)

PSAUTHITEM : ranjan Hi Martin, i found some information in Peoplesoft Website and i am sharing the same here.These are most of the codes and the corresponding permissions: Authorized Actions: 1: Add 2: Update Display 3: Add/Update/Display 4: Update/Display All 5: Add/Update/Display All 6: Update/Display/Update/Display All 7: Add/Update/Display/Update/Display All 8: Correction 9: Add/Correction 10: Update/Display / Correction 11: Add/Update/Display/Correction 12: Update/Display All/Correction 13: Add/Update/Display All/Correction 14: Update/Display/Update/Display All/Correction 15: Add/Update/Display/Update/Display All/Correction 128: Data Entry Each possible authorized action has a corresponding decimal value. For all the authorized actions for a given menu item for a given operator, these numbers are added together and stored in the authorizedactions column. For example, if the value for authorizedactions column is 143, the operator is authorized for all the actions. (1 2 4 8 12 . As another example, if the value is 7, the operator is authorized for the actions Add, Update/Display, Update/Display All (1 2 4). An example of a number that seems to be too big to be translated is the following: The number we will use in our example is 3604 This translates to 111000010100 in binary. We take the lower 8 bits, which will be 00010100 then we use that to convert and find out what authorized actions the user has: 0 0 0 1 0 1 0 0 | | | | | | | -- Add | | | | | | ---- Update / Display | | | | | ------ U/D All | | | | -------- Correction | | | ---------- | | ------------ > Unused | -------------- / ---------------- Data Entry Also i have modifed the query a bit for SQL server as bitAnd does not work for SQL. select classid, menuname, barname, baritemname, pnlitemname, displayonly, case when bitand(authorizedactions,1) > 0 then 'Y' else 'N' END ADDACTION, case when bitand(authorizedactions,2) > 0 then 'Y' else 'N' END UPDATEACTION, case when bitand(authorizedactions,4) > 0 then 'Y' else 'N' END UPDATEALLACTION, case when bitand(authorizedactions, > 0 then 'Y' else 'N' END CORRECTIONACTION, case when authorizedactions > 15 then 'Y' else 'N' END SPECIAL from psauthitem where classid = 'ALLPAGES' SELECT CLASSID, MENUNAME, BARNAME, BARITEMNAME, PNLITEMNAME,CASE WHEN (DISPLAYONLY & 1) > 0 THEN 'Y' ELSE 'N' END DISPLAYONLY, CASE WHEN (cast(AUTHORIZEDACTIONS as int) & 1) > 0 THEN 'Y' ELSE 'N' END ADDACTION, case when (cast(AUTHORIZEDACTIONS as int) & 2) > 0 then 'Y' else 'N' END UPDATEACTION, case when (cast(AUTHORIZEDACTIONS as int) & 4) > 0 then 'Y' else 'N' END UPDATEALLACTION, case when (cast(AUTHORIZEDACTIONS as int) & > 0 then 'Y' else 'N' END CORRECTIONACTION, CASE WHEN cast(AUTHORIZEDACTIONS as int) > 15 THEN 'Y' ELSE 'N' END SPECIAL FROM PSAUTHITEM NOLOCK WHERE CLASSID = November 19, 2007

Write comment

Name

Email

Website

Title

Comment

Write the displayed characters

Add Comment