Manage Ability

Abilities are the foundation of the Access Rules. An Ability contains all of the elements needed to complete that Ability. For example, if you have an Ability called Voucher Entry you would expect all of the Security Access requirements to complete Voucher Entry be contained in that Ability. Abilities can contain Roles, Permissions Lists, Components (and their Pages) and User Preferences. You cannot mix Abilities, they must contain one of the previously mentioned types, for example a Role based Ability will only have Roles in it.

Step-by-step guide

Navigate to Smart Solutions → Segregation of Duties → Setup → Manage Ability

1. The Search console requires that you have a model selected in order to search, remember that Abilities are tied to Models.
2. To create a new Ability simply go to the Add a New Value Page from the console.
3. Enter the Model that you will tie this Ability to, the Ability Classification is fixed as SOD, but you can choose the Ability type to be Component, Role, Permission List or User Preference. Make a selection and then click Add.
4. You will now be able to add an Ability name and add this Ability to a Function. For more information on Functions please go here: /wiki/spaces/SK/pages/7080771513
5. The fields below this require you to add the elements of PeopleSoft that you wish to report on (Component, Role, Permission List or User Preferences). The first field allows you to enter the element and use the prompt to perform a search if you do not know the exact name of the element you are looking for.
6. If you are using Components then you have the ability to enter the market. For the majority of applications the market will be defaulted to Global, where there is no market the value will be blank.
7. The match flag establishes whether for the following authorities (Add, Update/Display, Update/Display All, Correction) you want to have a match against ALL or a SINGLE setting. An example of ALL, would be that the User not only needs to access the Component, but has the authority to Add and Update/Display (provided those are checked). With the SINGLE setting, the User only needs to have the authorities that match one or more of the boxes you have checked. The problem with ALL, is that the User might be able to Add, but not Update/Display, in this instance the User would not show up as a match, because their Security does not match what is in the Ability.
8. After the Match drop down, you can now choose the authorities you wish to check - Add, Update/Display, Update/DisplayALL, Correction. The software will check the User's access within PeopleSoft against what you check here. So if you only want to look for Users who can Add a record, that is all the software will look for if you check that box.
9. When entering Components you will now see to the right the Page Details link, by clicking this you can see the Pages associated with the Component and has two check boxes-  Authorized and Read Only. Authorized is defaulted to checked as you will need this complete the access analysis (Users need access to the Pages to make changes to the Components). Read Only allows you to check if the Users have Read Only access.

Related articles