10/14/10

Portal Security Synch process - Part 2 - Overview of PORTAL_CSS Process

Synchronizing Portal Object Security:
Often when we migrate permission lists and portal registries from one database to another we run the Portal Security Sync process. After major changes to the security definition we chose to run Portal Security Sync process. However we often overlook upon what this Portal Security Sync process does. What does this process do? This post describes all about the Portal Security Sync process.

Where/How to run the Portal Security Sync process?
The process can be run from the navigation: PeopleTools > Portal > Portal Security Sync

What process does it invoke?
It invokes PORTAL_CSS Application Engine program.

What are the parameters required to run Portal Security Sync process?
There are two parameters:
  1. A mandatory 'Portal Name' - Specify a portal name which comes with a prompt button. For example: select EMPLOYEE portal. This process can be used only on local portals and not on portals on remote databases. In addition, from any local portal, it can be run against another local portal. 
  2. An optional 'Delete Invalid Security Option' check box - Select the Delete Invalid Security check box to remove non-existing roles and permission lists from folders and content references. When portal objects are moved from one database to another, roles and permission lists assigned to folders and content references on the source database may not exist on the target database and they become invalid. Selecting this option will delete such invalid security options. When a non-existing role or permission list is found on the portal registry structure, it is removed from that portal registry structure.
    Note. When the Delete Invalid Security option is selected, the PORTAL_CSS process runs more slowly as it checks every role and permission list on every portal registry structure. 

What is meant by security relationship between objects in portal registry?
The hierarchical relationships and dependencies between objects in the portal registry determine what security settings each object must have. The portal won't work correctly if these security relationships aren't maintained. Some examples of these relationships:
  • A folder that is not public or hidden must have at least the level of access that its immediate child objects (folders, content references, and content reference links) have.
  • A content reference link must have exactly the same level of access as the object (content reference or content reference link) to which it links.
  • A content reference that represents a PeopleSoft component or iScript must have exactly the same level of access as the object that it represents.
Why run the Portal Security Sync?
Portal object security settings can get unsynchronized when portal objects are moved from one database to another using the Project Copy feature in PeopleSoft Application Designer. When you merge projects this way, if the projects contain any portal objects with identical names, the security settings of the portal objects in the last project copied overwrite the security settings of portal objects copied earlier. Also, when a copied portal object doesn't overwrite an existing object, it changes the structure of the resulting portal registry hierarchy.

What does the Portal Security Sync (PORTAL_CSS) process do?
Running the Portal Security Sync (PORTAL_CSS, AE Program) reinstates the correct security relationships between objects in the portal registry after you copy a project that contains portal objects.

The portal objects are synchronized as follows for the specified local portal name:
  1. The security settings of each content reference are compared to the component or iScript that it represents, and updated to match.
  2. The security settings of each content reference link are compared to the content reference or content reference link to which it connects, and updated to match.
  3. The security settings of each content reference and content reference link are propagated to its parent folder, in addition to the parent folder's existing settings.
    None of the parent folder's existing security access is reduced.
    Note. The settings aren't propagated if the parent folder is public or hidden.
  4. The security settings of each folder are propagated to its parent folder, in addition to the parent folder's existing settings.
    None of the parent folder's existing security access is reduced.
    Note. The settings aren't propagated if the parent folder is public or hidden.
The following warning messages may appear when security synchronization cannot occur:
  • No permissions in PSAUTHITEM for object %1
  • Cref %1 points to Menu: %2, Component: %3 which doesn't exist.
    Note. When this message appears you need to delete the invalid cref.

No comments:

Post a Comment

Please refrain for marketing messages and unnecessary back links.

Workflow errors on New Hire and Add employment instance

User tries to hire a new person or tries to add a new organization relationship encounters a series of error messages related to workflow...

Trending in this Blog this month