#247 – Cloud Manager Kit


This week on the podcast, Dan talks about a contextual Nav Bar idea and then he and Kyle discuss the idea of using the Cloud Manager libraries for general automation.

Show Notes

Environment Template Security in Cloud Manager

Now that Cloud Manager is here, we have self-service ability to create PeopleSoft environments in OCI. Cue Uncle Ben… “With great power comes great responsibility.” Having a self-service portal that allows for the creation of these environments is fantastic, but how do we put some controls around this awesome power? This is where Environment Template security comes in to play.

To create an Environment in Cloud Manager, you first need an Environment Template. This template is created using some General Details, a Topology, and finally Security. It is this security detail that will help us control who can use these templates to create environments in the future. When you are creating a template, you will see the following section 3 – Define Security in the wizard. Let’s break down what our options are.

Assign Template to Zone(s)

Templates can be assigned to a single or multiple Zones. As of Image 11, there are currently three zones to choose from:

  • Development
  • Test
  • Production

A Zone is just “a logical grouping of environments,” according to Oracle’s Cloud Manager FAQ. At this time, it doesn’t serve any other purpose outside of helping you organize your environments. I could see a level of security being added to Zones in the future. If not by Oracle, maybe a custom bolt-on?

Assign Template to Role(s)

Templates can also be assigned to PeopleSoft security Roles. Any user that has a Role specified in this section will have the ability to create an Environment based on this template. Cloud Manager delivers three roles intended to be used with templates:

  • Cloud Administrator (PACL_CAD)
  • Cloud PeopleSoft Administrator (PACL_PAD)
  • Self-Service User (PACL_SSC)

As you would expect with PeopleSoft security, you are free to create and use your custom roles here. I think the delivered roles make it clear how Oracle sees the breakdown of potential users. Users who admin OCI resources, users who admin PeopleSoft, and users of PeopleSoft who might want ad-hoc environments(thinking developers or maybe even business staff looking for demos). I could see the OCI and PS admin roles combined often. Also, the self-service user might be split out into a technical and functional role or disabled altogether. Each organization will have to review this for themselves and come up with a good policy. Just keep in mind, you can add multiple roles to each template.

Creating Environments

Once the security and other details are added to a template, it will be available to use when creating an Environment.

Only the templates the user has access to will be in the Template Name dropdown. The Zone dropdown will also be populated with available zones from the selected template. If a single zone were added, this would be auto-selected and read-only.

Overall, I feel that Environment Template security offers a lot of control. It gives us enough control to provide a level of self-service environment deployments if desired. I do look forward to seeing actual functionality added to Zones. It might be easier to manage this security if we could somehow control access by zone versus strictly individual template security.

#245 – Bring Your PET to Work


This week on the podcast, Jim Marion joins us to talk about PTF and the changes to Selenium, Kibana related content, and (re)introduces Pluggable Encryption Technology.

If you want to learn more about PeopleTools, Fluid, Integrations and so much more, Jim offers the best PeopleSoft training out there.

Show Notes

psadmin.conf: System Performance Data Collection

In this session from psadmin.conf 2018, Frank Dolezal shares how he collects logs and system analytics to address a number of system issues. He explains how they can track average performance trends in the system, identify errors an anomalies, catch new issues before they are reported, and more.

We released the videos from psadmin.conf as a free course so you can find the sessions in one place. Head over to the psadmin.io courses page and sign up. If you already signed up for the course, you can log in and the new video will be available.

#225 – PeopleSoft Security Insights w/ Greg Wendt


This week on the podcast, Greg Wendt from Appsian joins us to talk about IDP-based authentication, Zero Trust security with PeopleSoft, and some of the creative ways you can use Appsian.

Show Notes

  • Introducing Greg Wendt @ 1:30
  • IDP-based Authentication @ 3:30
  • Kiosk Security and BYOD @ 9:00
  • Zero Trust and PeopleSoft @ 11:30
  • Security Implications with Cloud Migrations @ 18:00
  • How do privacy laws affect PS Admins? @ 21:30
  • Creative uses with Appsian @ 34:00

#222 – Cloud Manager 10 Review


This week on the podcast, Graham Smith joins Dan to talk about passwords and Cloud Manager 10. We discuss the new installation process, the use of Terraform and the File Storage System, and improvements to building environments.

> Watch our video on installing Cloud Manager using the OCI Resource Manager <

Show Notes

  • Password Complexity @ 1:30
  • Cloud Manager 10 Review
    • Cloud Manager Audiences @ 9:30
    • Installation via Resource Manager @ 16:00
    • Terraform as a first class citizen @ 20:00
    • OCI File Storage System @ 26:00
    • Self-Updating @ 27:30
    • Cloning Environments @ 31:30
    • Managing Nodes @ 35:30
    • Windows Support @ 39:00
    • Importing Environments @ 42:45
    • CM Wishlist @ 44:30

Signing nVision Macros

Signing nVision Macros

If you have to support nVision reports, you’ve probably had to deal with getting nVision configured on developer workstations. To develop nVision reports, you need to run Excel macros inside Excel. But, many organizations are concerned about allowing users to run any macro. Macros are often an attack vector for hackers, so running Excel macros are something that IT security often discourages.

How do we balance the need to run nVision and IT security discouraging macros? We can sign the nVision macros with a certificate from your organization so that the macros are trusted. To sign the macros, we will use tools that come with Microsoft Office.

Generate a Certificate

First, we need to generate a certificate. If you have Office 2016, you will find the selfcert.exe program here: C:\Program Files\Microsoft Office\root\Office16\

PS C:\> cd 'C:\Program Files\Microsoft Office\root\Office16' 
PS C:\Program Files\Microsoft Office\root\Office16> .\SELFCERT.EXE

Give your certificate a name, nVision, and click OK. Your certificate is stored in the Windows Certificate Manager.

Sign the Excel Macro

Next, launch nVision and sign in. If nVision hangs, you can start Excel, set the macro settings to “All Macros enabled” for now (File> Options > Trust Center > Trust Center Settings > Macro Settings), then relaunch nVision.

Once nVision has started, enable the Developer tab under File > Options > Customize Ribbon. Select the Developer option and move it to the toolbar. Next, click on Developer tab and select the Visual Basic button. In the VB Editor, click on Tools > Digital Signature and select the nVision certificate. Save your changes.

Test the Signed Macros

Before we test, make sure your Excel macro settings are correct. Under File> Options > Trust Center > Trust Center Settings > Macro Settings, select the option “Disable all macros except digitally signed macros”. Close Excel and nVision.

Last, launch nVision and watch your digitally signed macros run in Excel.

#211 – Query Types


This week on the podcast, Jim Marion joins us to talk about different options for masking data in PeopleSoft and locking components down for business processing. Then we discuss the different types of queries in PeopleSoft and how Jim would improve the query tools.

Show Notes

  • Data Masking @ 4:15
  • Component Lockout @ 13:00
  • Query Manager @ 18:00
  • Query Improvements @ 33:00