A common security requirement is to hide a portal folder in the left hand navigation menu from users. For example, the PeopleTools folder.
This article goes through the approaches available and how to do it correctly.
Hiding a Folder from Portal Navigation
One approach is to go into Portal Structure and Content:
- PeopleTools > Portal > Structure and Content
Edit the relevant folder, and check the Hide from portal navigation tick box. The problem with doing this is that hides the folder from EVERYONE. Fortunately there is an override - it will not be hidden from anyone with the PeopleSoft Administrator role. This is quite handy - if you were to hide the PeopleTools folder this way you could be in a bit of strife otherwise!
 |
I would only suggest using this approach if you are sure that no one in the organisation will ever need to see that folder and the items underneath it. If there is even one user that this does not apply for (other than a PeopleSoft administrator) then you will need to use permission list security.
Hiding a Folder using Security
Another approach is take away permission lists from the folder security tab in portal structure and content. This seems to work fine until someone comes along and runs portal security sync.
The correct way to show or hide folders is by editing menu and component security in a permission list then running portal security sync to adjust folder security accordingly. Doing it this ways ensures that the one and only reason why a user can see something is because they have access to a permission list (through a particular role) that allows them to.
Note that you should not be modifying delivered permission lists. Always clone existing permission lists and modify cloned versions. This ensures that next time you patch your security will not be overwritten!
One common issue with this approach is caching. The portal navigation menu is cached and security changes aren't always reflected immediately. You'll typically find that the folder hangs around in the left hand navigation menu even though you've taken away security (and clicking on a content reference gives the you are not authorized message).
You can tell if you have a caching problem by querying the PSPRSMPERM table to see if your permission list still has access to the relevant folder (e.g. PT_PEOPLETOOLS for the PeopleTools folder). If it doesn't then its a caching issue.
To get around this, use the purge web server memory cache servlet command by issuing the following URL for your environment:
http://[server]/psp/[site]/?cmd=purge&pwd=[password]
So at the signon screen, replace ?cmd=login at the end of the URL with ?cmd=purge&pwd=dayoff. Note that dayoff is the default PeopleSoft web profile password.
If the default password doesn't work, check the password for your web profile by going to:
PeopleTools > Web Profile > Web Profile History
Press search and look at the last loaded entry for your server name (e.g. DEV, TEST). This is the web profile in use.
Then go to:
PeopleTools > Web Profile > Web Profile
Open the web profile you found and have a look at the Custom Properties tab (last) at the auditPWD property. Note if you don't have a property, add one in with:
| Property Name | Validation Type | Property Value |
|---|---|---|
| auditPWD | String | dayoff |
No comments:
Post a Comment