Saturday, July 4, 2009

Search Page security in Peoplesoft Time and Labor

I had detailed how Time and Labor security works in a previous post and today I want to touch upon how customers can configure the security on the Manager Self Service and Administrators for Time and Labor. Currently, there are three distinct ways of configuring search page security in Peoplesoft (including Time and Labor):
1. Use the highly robust and modified Core Row Level security, where any level of flexible security definition can be created with the introduction of Security Access Types in Peoplesoft HRMS 8.9.

2. Use the Direct Reports functionality which most of the MSS pages of Absence Management and e-Performance make use of. This feature will provide a standard page containing the direct reports of a user.

3. Use Time and Labor security to show to users employees in the Static and Dynamic groups that they have access to.

(You can also enforce search security through Search Init peoplecode, but this approach is highly discouraged.)

Most organisations will be designing their search security by making use of the new Row Level security design and in this context, a debatable question is whether we need to use Time and Labor security itself? Also, a number of people ask whether we can use Row Level security for the Time and Labor search pages, or whether it can make use of only Time and Labor security.

The answer is provided by the below decision chart (click on the picture to see a larger view):

All the Search pages in Time and Labor is flexible enough to utilize both Time and Labor security and core Row Level security. This decision depends on how the rowsecclass attached to a user is configured. If the rowsecclass is attached to any Time and Labor group (this can be found from the table PS_TL_GRP_SECURITY), then the user will be able to see only employees belonging to the groups the user's rowsecclass has access to. On the other hand, if there are no Time and Labor groups attached to the rowsecclass of the user, then core row level security available for the user will be used to fetch the employees.

What should be the optimum Time and Labor search security strategy?
If your organisation is using other Peoplesoft HRMS modules then it is best to utilise a common security design for all the modules. So I will always suggest using row level security for Time and Labor pages and not to configure any extra Time and Labor groups for the purpose of row level security.
Time and Labor groups can be created for the purpose of batch processing of employees. It is very useful to create Time and Labor groups and use the group as an input parameter for the Time Administration or Batch Approval or Batch Schedule Assignment processes. Note that a Time and Labor group can be defined without linking it to any row security class and used solely for the purpose of grouping employees together.


Steve said...

Hi - a question to your comment, "Note that a Time and Labor group can be defined without linking it to any row security class and used solely for the purpose of grouping employees together." While this is true a user cannot select this group as a Time Admin parameter if it is not assigned to their permission list, correct? And once it is assigned to their permission list it becomes the row level security driver for that user.

Ramu said...


How can we use direct reports as a security in time and labor.

HRoi Consulting said...

Hi Ramu,
Thank you for dropping by.
Direct Reports UI is not used by Time and Labor. Time and Labor uses either T&L Group security or core HR row level security. I have detailed how you could make use of these to drive security in T&L. You can write to me at if you need to discuss more on this.