XML Publisher Development Guide California State University CMS Baseline Last Revised: 01/20/12 FINAL
XML Publisher Development Guide
XML Publisher Development GuideFINAL
XML Publisher Development GuideCalifornia State UniversityCMS Baseline
Last Revised:01/20/12FINALREVISION CONTROL Document Title:XML Publisher Development GuideAuthor:CMS CentralFile Reference:XML Publisher Development Guide_20120120.docxDateByActionPages
11/10/11S Mehta, L DeCatoRelease of New DocumentAll
11/15/11Review TeamReview and InputAll
01/20/12PMO QAStandards ReviewAll
01/20/12Application ManagerApproved for ReleaseAll
Table of ContentsPagePageSecurity Considerations for XML Publisher Reports41.0XML Publisher Page Access42.0Creating Reports53.0Running Reports74.0Viewing Report Output84.1Security for Bursting105.0CFS Application Security Change Control11Migrating XML Publisher Reports111.0Creating XML Publisher Project11Appendix A: Campus Codes and Abbreviations14
XML Publisher Development GuideFINAL
Last Revised: 01/20/12
Security Considerations for XML Publisher ReportsThere are three aspects of security pertaining to XML Publisher reports as below:Creating reportsRunning reportsViewing report output
XML Publisher Page AccessThere are two types of XML Publisher access that will be required in order to perform XML Publisher tasks.Developer Access Ability to develop/maintain XML ReportsSince PeopleSoft has hardcoded PeopleCode for the using XML development, it is mandatory that a developer requires the role: XMLP Report Developer. A remedy ticket will need to be created for this request assigned to CFS Security Group. XML Developer access will be limited to 2 expert XML Developers per campus.User Access Ability to run/view XML ReportsAn XML Publisher user will need the following pages in order to run/view XML Reports.Query Report Viewer PageQuery Report SchedulerXMLP Report SearchThe pages above will be added to the following CFS roles. CFSCSU_PT_Query_ManagerCFSCSU_PT_Query_ViewerCreating Reports1. To create XML Publisher report definitions, you will need to have access to the XML publisher menu items.Once you are granted menu access to XMLP pages you need to belong to the appropriate report categories to access and edit specific reports.Navigation > Reporting Tools > XML publisher ->Report Definition ->Definition tabFor this report the report category is ALLUSER.
It is proposed that the report category ALLUSER be defined as below:Navigation > Reporting Tools > XML publisher ->Setup Report Category
If the Read only check box is checked as shown for the roles CFSCSU_PT_Query_Manager and CFSCSU_PT_Query_Viewer in the screen shot above, report definitions that are tied to this category can be viewed but will not be editable by the specified roles members.Members that belong to the role XMLP Report Developer will be able to view/edit all reports that are tied to this report category allowing for campuses to share their design.Note that we have to use the delivered Role XMLP Report Developer and the underlying permission list PTPT2600 as this is hard coded in the system.In addition, if a campus did not want to share their design they can always do so by creating their own report category as shown below.In this example a new report category called POMUSER is created so that only users belonging to a Pomona specific role (for example CFSPO_PT_SchedularNotify_01) have access to any report tied to this report category.
This allows campuses to have complete flexibility for sharing XML publisher reports without compromising on security.Query security determines which records you can access and use to create Queries when you use PeopleSoft Query Manager.This query security in turn controls which query you have access to when creating Query based XMLP reports.Query row level security is extended to query based XMLP reports as well.This means that queries with Business Units/Setid must have the appropriate security view _CLSVW as prompt tables. Failure to do so will mean that campuses can see each other campuses data. Note that this is not true for Level 1 tables as these have a query security record populated in the record properties.Running Reports1. When running query based XMLP reports the list of available reports is based on access groups you inherit through your permission lists. More importantly you can see and run XMLP reports that are based in record definitions you have access to.When running non query based XMLP reports standard PeopleSoft process security applies.
Viewing Report Output1. When viewing the output of an XMLP report that was run through the Query Report Scheduler or the Process Scheduler security is controlled by the settings defined on the Report Definition Security page as shown below.
In this example only the users who have the security role CFSCSU_PT_Process_Manager can view the output of the report.The Allow Viewer ID assignment at report runtime checkbox determines if the report requestor can add users or roles to the report distribution list during run time.If Allow Viewer Id assignment at report runtime checkbox is checked, requestor can add a new user/role as shown.
If Allow Viewer Id assignment at report runtime checkbox is NOT checked, requestor cannot add a new user/role as shown.
Security for Bursting When setting up a report to use Bursting option the developer can specify how the report output files should be secured. That is, who can access the reports when they are posted to the Report Manager.Access to each report is automatically based on the Burst By field. For example if the report is burst by EMPLID only those users with access to that specific EMPLID are available to view the output file.CFS Application Security Change ControlAll changes to CFS security will be migrated to CFS production via the standard COMR migration process. This process is documented in the CFS Release Management document. The following are the recommended steps to migrate security objects in to production.Develop and test your security in the campus development and testing instances.Package the XML objects, projects.Complete a COMR Migration Request Form. Open a Help Desk ticket using a CTI of CMS>CFS>Security Modification RequestAttach the security project/scripts and COMR migration form(s) to the Help Desk ticket.The request will be reviewed by the CFS Central Security Review team and if approved implemented by Technical Services based on the standard COMR process. If there is an urgent need to have a change implemented the CMS Central management and security team can approve changes for immediate implementation. All urgent changes must then be reviewed by the CFS Central Security team and if not approved remediation will take place.Migrating XML Publisher ReportsIt is recommended that the XML Publisher reports be created in a development environment and migrated to FCFSPRD using the existing migration procedures that we have in place,Any tweaking, if necessary, can be done in FCFSPRD by campus developers who have edit access to the report.1. Creating XML Publisher ProjectThe screenshots below describe what objects are required to be included in the project.
1. For Query based XML Publisher Reports, first insert the query in the projectNote: If the record is new it is necessary to have query access for that record.
Insert XMLP Data Src Defn.Insert the XMLP Report Defn.Highlight the XMLP File Defn and the XMLP Template Defn so that these are also included in the project.
The final project should be similar to the one below
Save the project.Click on Tools Copy Project To File and Save the file.Appendix A: Campus Codes and AbbreviationsThe following is a list of naming standards that are used to identify campus abbreviations in CFS. Please Note: 3-digit abbreviations cannot be used for business units or security. The preferred standard is two-digit, even for development, but three digits may be used when a conflict exists with delivered Oracle functionality for example, the use of PO for Purchasing and Pomona. Campus NameCodeAbbreviation (2-char) Used for Business Unit and Security DefinitionsAbbreviation (3-char) Allowed ONLY for development objects.
CollegeNET PSSA-R25 InterfaceR25
East Bay (now Hayward)05EB
Hayward (formerly East Bay)HWHAY(3rd Party Objects: HAD, HCY, HSR, HFA, HTC, HSF, and HAA[footnoteRef:2]) [2: Additional campus prefixes for East Bay (formerly Hayward) are only approved for 3rd party objects (e.g., sqr, Crystal, nVision)]
IDC (Cashnet: Vendor Abbreviation)IDC
Last Revised: 01/20/12Page 10 of 14