David Pigman of SpearMC consulting presented Advanced PeopleSoft Security Audit.
Most of the presentation consisted of walking through slides of the PeopleTools security table structures, along with some discussions of things to watch out for. Some examples included key field names that are different between tables (which means Query won’t autojoin), decoding the ACTIONS field (which is a bitfield) into meaningful data, and understanding that PeopleTools like Data Mover, Application Designer, etc actually get secured by menu names (eg DATA_MOVER) that don’t actually exist as menu definitions, but are hard-coded in the PeopleTools internal code.
The presentation was good (although I don’t think that I would call it advanced audit). A little more demo vs slides would be nice as well. A number of the queries that David did show (either in ppt or in an environment) are available with the presentation to be downloaded later.
They also have a product offering with additional queries that a security auditor might find useful. Towards the end of the presentation David showed a few of these in a live environment.
Labels: 2010, OpenWorld, Oracle
Hit this error message earlier and noticed that no search engines had the answer so I wanted to share.
When running App Engine from a command prompt or from within App Designer, you get a dialog popping up with
Your security options are set improperly. Please contact your security administrator.
The same error does not popup when you login to App Designer or Query or other 2 tier tool though.
The answer is that somehow you ended up with the
PS_SERVER_CFG variable set in your current environment and
psae.exe is getting confused as to whether it should be running under the process scheduler or not. Tools like Application Designer don’t get confused because they never run under the process scheduler.
Labels: 2010, PeopleTools, Support