Taming the PeopleSoft Security beast with Perl

There are times in my life where impossible seems to be the word of the day. As I illustrated in my previous blog before, the current Enterprise Resource Planning (ERP) Project that I am working now offers numerous examples. One example that is undergoing right now is the PeopleSoft Security, release 8.48, where the fundamentals are basics, easy to master. Yet, typical life-cycle of PS Security, without the right tools, could well be ongoing nightmares.

The PS Security is fundamentally built from the ground up, from the permission lists, to roles, and user profiles. Permission list as the term implies controls what pages to access, whether queries or other advanced features such as running the batch process are allowed. At the training class, PS Security release 8.48, that I took with Oracle University, the materials seemed to make sense. While I learnt a lot from the class, the class failed to convey the complexity of typical security tasks within the real-life PS implementations.

For the Campus Solutions 9.0, PS Security controls access to thousands of pages. In my project, PS Security begins with the functional teams hashing out details what permission lists with access to which pages. For Student life cycle, Admission & Campus Community go first. The go live date for prospect is actually less than 2 weeks away. Before prospects can be entered into the system and the Admission staffs can work on the applications and other materials, security has to be established. And that starts with the Security Matrix.

The above figure is one example of the Admission Security Matrix that is defined within MS Excel, where the PS menu, component, and pages are “crossed” with each of the permission lists, ie. UV_AD_SYSTEM_ADMIN, UV_CC_SYSTEM_ADMIN, UV_AD_LOCAL_ADMIN, etc.

As the PS Security Architect, I am readily aware of the challenges that lie ahead from security perspective. First, I need a way to find out how many permission lists I have to manage. And perhaps more importantly, how many PS Page security assignments are defined per the PS Security matrix.

This information is critical in establishing or estimating the scope of the PS Security initiatives. In my case, it is even more critical since unfortunately the bulk of the work fall into my areas of responsibilities, and the looming budget cut offers vanishing hope that any full-time help would be available soon or ever.

So, first off, to find out how many page security assignments I have to do is to count the number of Xs. One way to do this in MS Excel illustrated by the figure below:

For Admission, the security scope now consists of assigning 2337 PeopleSoft pages. Given the 2-3 weeks time frame that cut through the Christmas and New Year celebrations, I just know that the brute force of manual way of typing, looking for specific pages, and clicking for options would simply not do.

My challenge is how to find ways to automate the majority of the work. My goal is to extract the information from the security matrix in MS Excel into the PS Page Security assignment as illustrated by the CC_BIO_DEMO_DATA page assignment below:

Now, how do I correlate each X entry in Excel with the PS Menu, and eventually PS Page, with each of custom Permission List?! As you can see in the previous figure, managing the list of Permission List will be one of the principal things in PS Security. For the Admission & Campus Community team, the number grew from 15 to 20 to 30+, the latest count.

Having not so much expertise with the Excel VBA & Object Model, I have to convert the Security matrix from MS Excel to a rather familiar representation, the CVS, Comma Separated Value.

I name the file as plists.csv for example, and using Vi or any other editor, you should see that , the Permission Lists are defined as a sequence ie. UV_AD_SYSTEM_ADMIN, UV_CC_SYSTEM_ADMIN, UV_AD_LOCAL_ADMIN, UV_CC_LOCAL_ADMIN, and so on and so forth.

Once this is done, now my challenge is how to extract those permission lists. There are many ways to do this. You can use Java, C/C++ if you are more comfortable with those technologies. I have worked with Java since its early days in 1999, and have enjoyed working with it tremendously. However this task, I choose to rely on an old friend, Perl, for its strengths in text processing.

Here are the steps to extract those permission lists:

Step 1: assign those permission lists to a Perl variable

Step 2: use Regular Expression to extract each permission list

If you are not familiar with Regular Expression, you may want to consult tons of resources available on the Web. What you have to pay attention is the condition of the while statement

$plistStr =~ /(UV_.*?),/g

Regular Expression deals with finding specific patterns in any string, in this case in $plistStr. Also note that the permission list always starts with UV_ and followed by sequence of characters, and a comma (,). In Regular expression this translate into

UV_.*?,

The ? qualifier tells the Regular expression to stop at the very first instance of occurrence of (,) because regular expression is greedy by default. You can omit the ? qualifier, and check to see that you will get different result.

Now once you the pattern is establish, I would have to rely the memory operator, (), and to exclude the comma (,) to extract the Permission List.

(UV_.*?),

 

 

The permission list pattern if found will be stored in the $1 variable.  Thus explains the following code:

print “PList: “.$1.”\n”;

 

Once captured, the permission list is then stored in an array

push @PSListExcel, $1;

 

And last, but not least, is to add the g option (ie. /RegEx/g) so that every custom permission list will be found.

Here are the results:

Stay tuned for the next installments of how Perl truly can help you tame the burdens of the PeopleSoft Security tasks.  

Advertisement