How Does PeopleSoft Signon Work
PeopleSoft Signon process may appear confusing sometimes with involvement of several ids (user id, connect id, owner id) during the authentication process but it’s quite logical and very well designed. PeopleSoft signon process is very critical for a PeopleSoft admin to understand. If you do not understand how PeopleSoft signon works – you will never be able to build a new PeopleSoft instance during PeopleSoft upgrade or otherwise.
So, read this post as much as you can until you know how PeopleSoft signon works.
Below is the brief explanation on how does PeopleSoft Signon Process works in 2-tier
Step 1. Validate Operator ID and Password and Connect to RDBMS
Your operator ID and password (or connect ID in PT 8.x and password, if using Connect ID) are passed to the RDBMS. Upon RDBMS validation, you are connected to the database as the operator or connect ID. The Connect ID is just like Operator ID but with connect ID, it is unnecessary to create individual operator profiles for each user at the database level. This is only done in PT 7.x and then connect id is used in PT 8.x.
Click Here To Learn PeopleTools >>
Step 2. Retrieve Owner ID for Database
This step does not apply to Microsoft SQL Server or Sybase.
The PeopleSoft system performs a SELECT to obtain OWNERID from the PS.PSDBOWNER table, where DBNAME is the database specified in the signon screen. The OWNERID value is used to prefix the table name in the next step (represented by ownerid).
Step 3. Retrieve Owner ID for PeopleSoft Tables
A qualified SELECT is performed against the PSLOCK table in PT 7.x and the PSSTATUS table in PT 8.x to access the owner ID for the PeopleSoft tables.
Step 4. Retrieve Operator Profile Information
The system performs a qualified SELECT on the PSOPRDEFN table, where OPRID equals the Operator ID you entered in the signon dialog, to obtain information from your security profile. Among other things, the system retrieves your access ID, access password, and operator password. We validate your operator password against the password you entered in the signon dialog. If they don’t match, signon fails. Your access ID and password are used in the next step. In PT 8.x this is the symbolic id that represents the Access id found on the PSACCESSPRFL table.
Step 5. Reconnect using Access ID
Upon validating your password, PeopleSoft disconnects from the database and reconnects to it using the access ID and access password. When reconnecting to the database, it validates the access password against the PSOPRDEFN table in 7.x and in 8.x against the PSACCESSPRFL table.
As one can see, unless otherwise authorized, the operator ID, in PT 7.x and the connect id in PT 8.x, only has the access to three PS tables with Select. The four tables are: PSDBOWNER, PSLOCK (PSSTATUS in 8.x), PSOPRDEFN and PSACCESSPRFL. The system then disconnects from the database and reconnect with the access ID and password. The access ID contains all the administrator-level database access; that is, it has all the RDBMS privileges necessary to access and manipulate data for an entire PeopleSoft application.
As an important note, the users do not know about the reconnection process. They do not know what the Access ID and Password is. All the reconnection activities are done behind the scene. This way, security is ensured since users will not get very far with their operator ID off-line.
In the earlier PT versions, there were concerns that a savvy programmer can hack into the system and retrieve the password from the memory. But now all the passwords are encrypted and PeopleSoft never encountered such security breach.
Click Here To Learn PeopleTools >>
