Things To Keep In Mind Before Assigning PeopleSoft Administrator Role
PeopleSoft Administrator Role is special system role that can be assigned to user profiles. Unlike other PeopleSoft roles, you can’t see the permission list (PSADMIN) associated to this role. Even if you search for this role in PeopleTools > Security > Permissions & Roles > Roles, you won’t find it. Try to open up the associated permission list and it won’t show up. Click on the ‘View Definition’ on Roles tab of User Profile will give this error “PeopleSoft Administrator is a reserved Role and may not be opened”.
Reason you can’t see any info related to this role is that it’s hardcoded in the PeopleSoft code.
What Access does PeopleSoft Administrator Role has?
PeopleSoft Administrator Role has full access to all menus, pages, component interfaces, web libraries, tools access, application designer and Data mover. Below query can be run to get list of objects it’s access to.
SELECT DISTINCT MENUNAME FROM PSAUTHITEM
You can’t delete or modify the permissions associated with this role.
Who should be assigned the PeopleSoft Administrator Role?
If there is one user that you don’t want to be locked out of PeopleSoft Menus then assign PeopleSoft Admin Role to that user. This role is also required to run Portal Security Sync. Access to application Data is still managed by Row Level Security.
To find out the users who have been assigned this role, you can run the below queries.
SELECT * FROM PSROLEUSER WHERE ROLENAME=’PeopleSoft Administrator’
SELECT OPRID, OPRCLASS FROM PSOPRCLS WHERE OPRCLASS = ‘PSADMIN’
To assign PeopleSoft Administrator Role to a user, run the below query
INSERT INTO PSROLEUSER (ROLEUSER, ROLENAME, DYNAMIC_SW) VALUES (‘OPRID’, ‘PeopleSoft Administrator’, ‘N’);
*OPRID is the user id to whom you want to grant PeopleSoft Administrator Role.
After running this SQL, you may need to bounce application server and web server.
How to make reserved roles?
I don’t think you could create a reserved role like ‘PeopleSoft Administrator’.