Security Delivered Queries for CHRS

Updated on Sep 05, 2025

Campuses can create their own private queries; however, they should first review the delivered queries to see if an existing one meets their needs before creating a new one.

Job Aid: Find Security Queries

Please note that not all delivered queries may be documented or identical, as modifications and ongoing development may result in differences.

CSU_SEC_15 - User Profile associated EMPLID

Can be used to obtain User IDs and Employee IDs.

Job Aid: Query UserID and EmplID

CSU_SEC_16 - Find Users who see component

This query finds users who can see a prompted component. It also displays which role they have that allows them to see the component... as well as the authorized actions and whether its view only or update access.

CSU_SEC_ACCESS_DAY - Access activity by day by user

This query prompts for begin and end date as well as CWID. Shows a listing of logon/logoff activity by date for a given user for the prompted date range.

CSU_SEC_ALL_USER_LIST - All User Listing

List of all users with an active job record.

CSU_SEC_AUDIT_RL_PERM - RL perm not on oprdefn roleusr

This will identify if a row level permission list is not currently assigned.

CSU_SEC_BLANK_ROLE_DESCRS - Roles without long Descrs

Roles with no long descriptions. Deselect those roles that have no users. Deselect those roles that have users that have their accounts locked.

CSU_SEC_CHR_AM_APPROVER - CHR_AM_Approver

Role Query for CHR_AM_Approver

CSU_SEC_CHR_AM_NLT_APPROVER - CHR_AM_NLT_Approver

Role Query for CHR_AM_NLT_Approver

CSU_SEC_CHR_AM_NO_LEAVE_TAKEN - CHR_AM_No_Leave_Taken

Role Query for CHR_AM_No_Leave_Taken

CSU_SEC_CHR_TL_APPROVER - CHR_TL_Approver

Role Query for CHR_TL_Approver

CSU_SEC_CHR_TL_TIMESHEET_EMPLO - CHR_TL_Timesheet_Employee

Dynamic role CHR_TL_Timesheet_Employee

CSU_SEC_TL_GROUP_SECURITY - Find missing TL Group creation

Find missing TL Group creation Security

CSU_SEC_TL_GRPS_NOT_USED - TL groups that are not used

T&L groups that are not used TL permission list security

CSU_SEC_CMS_ACCESS_BUT_NO_JOB - Users with CMS access - No Job

Users that have a CMS access without any Job record at all. Students and those with basic connectivity roles are excluded. These are most likely Foundation, ASC, AppleOne, or HelpMates people.

CSU_SEC_COMP_USER_PL_PAGE - Comp-User-PL-Page List

Prompts for Component Name. Lists the details of the Component... such as Menu Name, Component, Permission List, and Page Name. Also shows the Role and PL that gives the user rights to see the Component.

CSU_SEC_FIND_CSUREC_NOQRYSEC - Find CSU Rec QryTree no QrySec

CSU records on query trees that do not have query security

CSU_SEC_FIND_PL_QUERY_TREE - Find users who see a record

Prompts for Record Name... reports which users have the rights to see information on that record by listing the Role - PL - Query Tree that allows them to see the data.

CSU_SEC_FIND_PPL - Find who has a PPL on Profile

Prompts for Primary Permission List. Determines which user has a given PPL attached to their User Profile.

CSU_SEC_DEPT_ACCESS_LIST - DeptID Access List for RSPL

Reports on DeptID access for both DeptID drop down access as well as Timekeeper Access for a Row Security Permission List.

CSU_SEC_FIND_COMPONENT - Find Component

Find out which Roles / PLs have access to a prompted component.

CSU_SEC_CORRECTION_MODE_ACCESS - CSU Roles/PLs with Correction

CSU Roles and PLs with Correction Mode.

CSU_SEC_FIND_PROCESS_GROUP - Find who sees a Process Group

Prompts for Process Group... displays which user/role/pl has access to that process group.

CSU_SEC_FIND_RECORD - Find Record Name Knowing Page

Find the name of the all the Record(s) on a prompted page.

CSU_SEC_FIND_ROLE - Find Role & PL Knowing a Page

This query finds any Role and/or Permission Lists within a prompted page. Lists Menu, Panel Item, Display Only, and Available Actions.

CSU_SEC_FIND_ROLE_TRC_ADMIN - Find Role & PL Knowing a Page

This query finds any Role and/or Permission Lists within a prompted page. Lists Menu, Panel Item, Display Only, and Available Actions.

CSU_SEC_FIND_ROLE_TRC_MGR - Find Role & PL Knowing a Page

This query finds any Role and/or Permission Lists within a prompted page. Lists Menu, Panel Item, Display Only, and Available Actions.

CSU_SEC_FIND_RSPL - Find who has a RSPL on Profile

Prompts for Primary Permission List. Determines which user has a given RSPL attached to their User Profile.

CSU_SEC_FIND_TREE - Finding Trees with a Record

Find all the Query Trees and Access Groups that contain a prompted Record. Good tool for determining why a user can't see a certain query.

CSU_SEC_FIND_TREE_IN_PLIST - Find Qry Trees in PLs

Prompts for Query Tree Name and lists all the Permission Lists that have access to that Query Tree.

CSU_SEC_FIND_TREE_RECORDS_LST - List of records for a Tree

List out the records on a Tree

CSU_SEC_FIND_USER_COMP - Find Users who see component

CSU_SEC_FIND_USER_PAGE - Find Users who can see a page

This query finds users who can see a prompted page. Also lists the Role that allows them access to the page along with whether the access is view only and what the allowable actions are.

CSU_SEC_FIND_USER_QUERY_TREE - Find Records Access by User

Prompts for OPRID... reports which records a user have the rights to see information.

CSU_SEC_LEVEL1_ACCESS - Users with Level1 Data Access

Users who have access to level 1 data. Users have unlocked profiles. Names are not blank in PSOPRDEFN. Based on hard coded page names.

CSU_SEC_LEVEL2_ACCESS - Users with Level2 Data Access

Users who have access to level 2 data. Users have unlocked profiles. Names are not blank in PSOPRDEFN. Based on hard coded page names.

CSU_SEC_LIST_PL_TREE_GRP_RECRD - List Tree Access Grp Record

List the Tree, Access Group, and Records available for a prompted Permission List.

CSU_SEC_LIST_USERS4_RECORDS - Users which query a record

Users that have query access to a prompted record. It lists the Role, Permission List, Query Tree, and Access Group that allows them to see the record.

CSU_SEC_LIST_USER_RECORDS - List records a user can see

List all the records that are available for a prompted user. It displays the Role Name, Permission List, Query Tree, and Query Access Group that allows the user access to records.

CSU_SEC_PERMLIST_PAGE - PLs Menu-Comp-Page List

Lists a prompted Permission Lists Menu, Component, Page, and Actions.It accesses data from the following tables... PSCLASSDEFN, PSAUTHITEM, ACL_PAGES_VW2, and PSMENUDEFN.There is an expression to change the 1 and 0 found in the field DISPLAYONLY to Yes and No.There is also an expression to change the Action Number to Actions... so instead of 1 you get Add, instead of 2 you get Update/Display... along with all the intermediate permutations.

CSU_SEC_ROLE_ASSIGNED_LOCK_USR - Roles of Locked Users

This query lists all the roles that belong to users who have their accounts locked.

CSU_SEC_DEPTID_FROM_PERM_LIST - show deptids

This query show deptids connected to a permission list.

End of Article

0 Comments

Add your comment

Previous Article (job aid) Security Frequently Asked Questions (FAQ)

Next Article (job aid) Security Plan and Requirements

CHRS Knowledge Base

Security Delivered Queries for CHRS

0 Comments

Add your comment

Security

Recently Updated Articles