«

»

May 08

Print this Post

Portal Security Syncronization

Jitu has put on pressure to write this blog even if all the below mentioned information is available in PeopleBooks and PORTAL_CSS program can be well explored in app designer. I tried to put comments as much as I can from PeopleBooks, just few words added from my end. So here we go…

PeopleSoft Internet Architecture (PIA) portal can be defined as the collection of folders and content refrences with the navigational structure. The portal registry is a tree structure where one need to register the content and further it can be organized. The portal registry consists of the following primary parts:

Folders
Content references
Nodes

The main table which consists of all the portal definitions is PSPRSMDEFN. Security mechanism is used for folders, content references, content reference links, tab definitions, pagelets, and user homepages. The hierarchical relationships and dependencies between objects in the portal registry determine what security settings each object must have. The portal won’t work correctly if these security relationships aren’t maintained. Some examples below.

A folder that is not public or hidden must have at least the level of access that its immediate child objects (folders, content references, and content reference links) have.

A content reference link must have exactly the same level of access as the object (content reference or content reference link) to which it links.

A content reference that represents a PeopleSoft component or iScript must have exactly the same level of access as the object that it represents.

Portal object security settings can become unsynchronized when you move portal objects from one database to another using the Project Copy feature in PeopleSoft Application Designer. When you merge projects this way, if the projects contain any portal objects with identical names, the security settings of the portal objects in the last project copied overwrite the security settings of portal objects copied earlier. Also, when a copied portal object doesn’t overwrite an existing object, it changes the structure of the resulting portal registry hierarchy.

Use the Portal Security Synchronization page to reinstate the correct security relationships between objects in the portal registry after you copy a project that contains portal objects. The portal objects are synchronized as follows:

— The security settings of each content reference are compared to the component or iScript that it represents, and updated to match.
— The security settings of each content reference link are compared to the content reference or content reference link to which it connects, and updated to match.
— The security settings of each content reference and content reference link are propagated to its parent folder, in addition to the parent folder’s existing settings.
— None of the parent folder’s existing security access is reduced.
— The security settings of each folder are propagated to its parent folder, in addition to the parent folder’s existing settings.

Delete Invalid Security Option

When you move portal objects from one database to another, roles and permission lists assigned to folders and content references on the source database may not exist on the target database and therefore become invalid. Select the Delete Invalid Security check box on the Portal Security Sychronization page to remove non-existing roles and permission lists from folders and content references.

Main section >> calls INIT section >> and then CREFPERM

INIT

STEP01 — Do Select — In this, SQL is to select the OPRID and RUN_CNTL_ID from PS_AERUNCONTROL table (run control table for AE).

STEP02 — Do Select — In this, SQL is to select the PORTAL_NAME (EMPLOYEE, SUPPLIER etc…) and PORTAL_FLDRP_FLAG (This flag is to select if you wish to delete invalid security, you may skip this too and it will set to ‘N’) from PS_PORTAL_CSS_RUN.

CREFPERM

STEP01 — PeopleCode — Main step to do the processing for syncronization, invalid security etc…

Below are the tasks in brief what exactly PORTAL_CSS is all about (hopefully I need not to copy-paste the complete PORTAL_CSS app engine).

1. Check for invalid permission lists.

This step figures out the Permission which is/are invalid and further it get deleted by the program for object in concerned portal.

2. Check for invalid roles.

This step figures out the Role which is/are invalid and further it get deleted by the program for object in concerned portal.

3. Check Parent folder permissions and roles.

Check for missing permission list on cref or differences in permission counts.

4. Compare permissions and permission count against PSAUTHITEM
5. Check for missing permission list on cref’s parent folder.
6. Check for PeopleSoft iScript (Invalid or missing node definitions etc…)
7. Worklist URL
8. Some other type of CRef (UEXT, UGEN)
9. CRef Link Synchronization

Compare the link to it’s parent folder. Also, it compare the permissions of the cref link against the object it’s linked to

10. Folder Synchronization

Here, it will only select the nonpublic folders.

Navigation of PORTAL_CSS program: Main Menu > PeopleTools > Portal > Portal Security Sync

Reference: PeopleBooks

Permanent link to this article: http://alokbhardwaj.com/oracle-peoplesoft/2009/05/08/portal-security-syncronization/

5 comments

Skip to comment form

  1. Anonymous

    post something that is useful. How about how to determine why a folder is not showing up in content and reference and why menu is not showing up.

  2. bommareddy

    Here I m with a peculiar case of not able to run PORTAL_CSS AE from online. Everytime I click on Peopletools link, I m kicked out. I tried my best to run it from Command line but all in vain.Even tried to run in DEBUG mode but not of much help. Any ideas?

  3. Alok.Bhardwaj

    Couple of points to keep in mind before running Portal CSS process…

    1. It is recommended to clear both appserver/webserver caches before running the PORTAL_CSS

    2. Run control should be unique and new for this AE. The issue is that you cannot use a run control with the same name that could run another AE process. So it must be unique for the Portal Security Synch process.

    3. The Portal Security Synch process ONLY needs to be run after an upgrade or when migrating security from one database to another. This process does NOT need to be run all the time or be setup as a process to run weekly or monthly. If your database security does not change very often then running this process all the time, is not recommended.

    4. When running the Portal Security Synchronization there should be no other users in the system. Database tables may be locked during this process. This process will take from a few minutes to a few hours, depending upon the volume of the portal data. The User ID, that invokes this process, must have the security role Portal Administrator, or PeopleSoft Administrator otherwise the process will fail.

    5. Please check the appserver log file for the message which system is generating.

  4. ohswirl

    Hi,
    In case if we have followed the 4 steps already and the folder is not showing up in content reference, What should I do next if I cannot understand the appserver log file

  5. Anonymous

    Folder some timnes doesnt show up after migration. ther simple way to show it is ,
    1. if the folder shows up in STRUCTURE AND CONTENT, then click on “Test Contecnt refernce”, then from that moment it shows up to all.
    2. if the folder is not showing up in Structure and content also, then Edit and save the neighbour folder , then your new folder appears in Structure and content. then follow the point no 1.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>