PeopleSoft PUBLIC User Security
PeopleSoft Public users are not required to authenticate (sign on). These are generic accounts created for specific purposes, for example informational pages and/or company directories. Public users are also not subject to timeouts (session inactivity). Because no authentication is required, no sensitive data should be accessible to these users. It also goes without saying, that if you don’t need Public accounts, don’t use them.
When performing a PeopleSoft security audit, Integrigy identifies Public users and analyzes their authorization privileges. To do this yourself, use the SQL below to list your public users and then query the application or database to look at their authorization privileges.
--List the public users SELECT O.OPRID, O.OPRDEFNDESC, O.ACCTLOCK, O.LASTPSWDCHANGE, O.FAILEDLOGINS,O.ENCRYPTED, O.EMPLID FROM SYSADM.PSWEBPROFILE P, SYSADM.PSOPRDEFN O WHERE P.BYPASSSIGNON = 'Y' AND P.DEFAULTUSERID = O.OPRID;
If you have questions, please contact us at info@integrigy.com
Michael A. Miller, CISSP-ISSMP, CCSP