II 5. Securing Component Interfaces

A.     Introduction to Component Interfaces

There are several reasons why the data in PeopleSoft has to be updated through program codeor external interfaces. It is important to make sure all the business logic that gets triggered when a component’s data is updated from online changes, also gets triggered when the changes are made through interface uploads, PeopleCode program or external programs.

PeopleSoft Component Interfaces (CI) are PeopleSoft APIs that can be used to access and modify PeopleSoft component data programmatically. The Component Interface exposes a single PeopleSoft component’s data, business logic, triggers and functionality to another application or programs that can use APIs. Component Interfaces are created in Application Designer and are associated with only one component, although there can be multiple CIs that refer to the same component. The actions that the user can perform on the component using a particular CI are referred to as Methods, for example Get (Read data), Create (enter new data) etc., vary depending upon the business logic of the parent component.

Recent PeopleTools version have included a ExceltoCI functionality that enables the functional business users to upload/edit multiple rows of data through MicroSoft® Excel spreadsheets with special PeopleSoft CI add-ons enabled.

PeopleSoft verifies the access granted to the user attempting to use Component Interfaces to access or update data at the run time. In the case of an external interface, this verification is done against the user id configured in the interface setup. The user should have access to at least one permission list that has authorization to the CI being called.

** Several components in PeopleSoft utilize Component Interfaces to pass data to and from other components within the system. In order to avoid security errors, security administrators commonly make a mistake of granting access to all CIs to the common role granted to all users. It is important to note that by having access to the Component Interfaces, users gain access to read or update data on the components that they might not have access through the front end application pages. Hence it is important to design the security for component interfaces the same way you would do for regular application pages.

B.     Assign Component Interfaces to Permission List (PSAUTHBUSCOMP):

  1. Navigate to Permission Lists page and open the permission list you want to assign the access to.
  2. Once in the Permission list, go to the Component Interfaces tab.
  3. In the Component Interfaces grid, enter the name of the Component Interface and hit tab.
  4. Click on the ‘Edit’ hyperlink that becomes available.
  5. On the Component Interface permissions page, select ‘Full Access’ from the drop down for the methods (actions) that you want the user to be able to perform while using this CI. Select ‘No Access’ for the methods (actions) that user should not be able to perform on the component through this CI.
  6. Click OK, and save the permission list.

16

Figure III‑15 Permission List – Component Interfaces

 

17

Figure III‑16  Permission List – Component Interfaces – CI Permissions

** You can click on ‘Full Access (All)’ button on the component Interface permissions page to grant access to all methods for the component interface or ‘No Access (All)’ to remove access to all methods for the component interface (same as deleting the entire CI from the permission list access).