PeopleSoft Security Logging

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This question came up during the recent application security audit – how does PeopleSoft track user sign in attempts and locations.

Aside from the obvious PSOPRDEFN table there is PSACCESSLOG – this table has OPRID, LOGIPADDRESS, LOGINDTTM, LOGOUTDTTM columns that give you information about user sign on activity. LOGIPADDRESS will contain the RemoteAddr property  of  %Request object, which is also useful in case you validate user ip address at the sign on. The only problem this could pose is in case your users are behind a single or multiple gateways that perform NAT. Then the value of this field would contain those NATed ip addresses and not the actual user ip addresses.

I really want to know what you think