David Pigman of SpearMC consulting presented Advanced PeopleSoft Security Audit.
Most of the presentation consisted of walking through slides of the PeopleTools security table structures, along with some discussions of things to watch out for. Some examples included key field names that are different between tables (which means Query won’t autojoin), decoding the ACTIONS field (which is a bitfield) into meaningful data, and understanding that PeopleTools like Data Mover, Application Designer, etc actually get secured by menu names (eg DATA_MOVER) that don’t actually exist as menu definitions, but are hard-coded in the PeopleTools internal code.
The presentation was good (although I don’t think that I would call it advanced audit). A little more demo vs slides would be nice as well. A number of the queries that David did show (either in ppt or in an environment) are available with the presentation to be downloaded later.
They also have a product offering with additional queries that a security auditor might find useful. Towards the end of the presentation David showed a few of these in a live environment.
Labels: 2010, OpenWorld, Oracle