E-IB: How to Prevent Sending the Current User ID with Outbound Service Operations (Doc ID 654918.1)

Last updated on NOVEMBER 02, 2016

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.48 and later
Information in this document applies to any platform.

This document was previously published as Customer Connection Solution 201042699

*** Latest revision: 24-Dec-2015 ***


Goal

How to exclude or bypass applying user-level security (including the User ID of the sender and checking its presence and permissions on receiving side) for outbound service operations?

PeopleTools 8.48+ contains security restrictions in place for Integration Broker Service Operations at the user level.
For example, HR sends messages to FSCM and to CRM, each Node definition (PSFT_HR, PSFT_EP, PSFT_CR) has the same Default User ID and it has the same permissions in all three environments.
If in HR environment the User ID that triggers message sending exists both in HR and the target environment (either CRM or FSCM) the message gets published and subscribed without any issues.
However if the HR as publisher the sending User ID exists only in HR, or if it exists on target, but does not have sufficient permissions, the message publishing will fail with a correspondent error.
In contexts such as employee self-service every employee with an HR User ID would potentially need a matching User ID in both CRM and FSCM, which would be not practical to maintain.

How to set up the Integration Broker configuration so that the Default User ID of the node is used for message security authorizations rather than the user publishing the Service Operation?

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms