Node Best Practices

• Never ever use the “Authentication Option” of “none”.
  • This means that there is no password required to execute web services against that node.
• Make sure your anonymous node is secure
• Create a new NODE for each application you are integrating with.
  • A node is a representation of an external system or integration client. They are free to create so do not share them.
• Each Node should have a unique “Default User ID” configured on the node.
  • When using Node authentication (not PS_TOKEN), This ensures that the node is locked down to only service operations specifically granted to that end-point.
  • For inbound service operations that perform updates in PeopleSoft, any audit fields like LASTUPDOPRID will be marked with this unique user ID making troubleshooting and auditing more clear.
• The OPRID you create for the node should have a clear naming standard like {ORG_PREFIX}_{APP_NAME}_NODEUSER. For example, CHG_SSOSYSTEM_NODE_USER.
  • This OPRID should not have rights to login to the system. Do not grant any weblib security.
  • This OPRID should not have a password on PSOPRDEFN.
  • Make sure this OPRID only has very limited access to only the service operations that the integration partner should execute.
  • May need component interface and data security depending on the web services.
  • NEVER use a super-user OPRID on a node.
• When configuring Service Operation Routings be sure to never us “Any to Local” routings. Always explicitly define your nodes in the routings to tell the systems what integrations go where.
  • This can be self documenting of who uses the integration as well as more secure if someone improperly configures a node.

You can read more about nodes in the Node Chapter.