Top of SEC | Index | Table of Contents | Feedback | ![]() |
SECF0062 - Maintain Person Function Grants
Purpose |
To assign System menu, Self Serve application, SSF menu, form and job access to individual users. Function grants to individual users should only be considered when it is not practical to provide the necessary grants via security roles |
|
Subsystem | Security | |
Normally Run By | Administration Specialist | |
Anticipated Frequency |
At the beginning of the Course Year, or as required |
|
Structure |
Blocks |
Person |
Person Menu Grant | ||
Buttons
|
Find Person (ADMF1211) |
|
Form Grants (Overlay) | ||
Job Grants (Overlay) | ||
Self Serve Application Grants (Overlay) | ||
SSF Menu Grants (Overlay) | ||
Copy From (Overlay) |
||
Reconcile Object Grants (SECJ0070) | ||
Advanced Functions (Overlay) |
A person is granted access to functions beyond those made available by the role(s) they have been granted, by recording those functions in this form and selecting the Reconcile Object Grants button. Selecting the Reconcile Object Grants button initiates a process which checks that the person has the necessary access to the database for all of its function grants. Any object grants that are missing are added, while any that are no longer required are deleted. Object grant reconciliation can also be performed as an after hours batch job using SECJ0070. This job reconciles the grants of all users, in a single run. Note:
then a person being granted the 'calling' form should also be granted the 'called' function. Failure to grant the called function to the user will result in errors. Person block This block displays information identifying the person to whom menu and form access is granted in this form. If the person's identification number or Oracle username are known, query directly in this block. If not, select the Find Person icon and use the Find Person form (ADMF1211) to locate the correct person record. A query in this block will only return person records that have been registered as Oracle users in the Maintain System Users form (SECF0021). Each time a person's function grants are updated, as the final operation, the Reconcile Object Grants button should be selected. This ensures that the person has the correct access to database objects for the functions granted to them. The process automatically adds any missing object grants and deletes any which are no longer required. The job SECJ0070 can be run (usually after hours) to reconcile the grants of all system users, ensuring that none are overlooked by the reconciliation process. Reconciliation of Object Grants provides further information on the subject. Person Menu Grant block This block is used to record and display System menus granted to a person in addition to those granted as a result of the person's security role(s). This Form also allows Menus, Forms and Jobs, including the required database object privileges, to be assigned to a Person, when using Callista Connect. This Form will be enhanced as follows:
These enhancements are only applicable when the Callista Connect product is installed. These functions enable staff members to access Callista Connect applications. The enhancements required to support staff access to Callista Connect applications have direct impact on a number of different areas, including, the Callista Connect Parser, the Callista Connect Administration Tool, the Callista Connect Manager, the Callista SMS, and internal processes. For further information on Staff Connect, see Staff Connect Introduction. System Advance Functions Sector restrictions function for System Advanced Functions. This is to cater for the fact that some System Advanced Functions are only available for specific sectors. The security policy ensures that when the Form is being run at an institution that is cross-sector, all of the valid System Advanced Functions are displayed in the LOV. When the form is being run at an institution that is HE sector, only the valid System Advanced Functions for HE are displayed in the LOV. When the form is being run at an institution that is VET sector, only the valid System Advanced Functions for VET are displayed in the LOV. This form is accessed from the main menu. |
The Person Block contains:
The Person Menu Grant block contains:
|
Rules/Notes: Form
Grants Job
Grants Self
Serve Application Grants SSF
Menu Grants Copy
From ... Advanced
Functions |
To grant a person access to a menu, using the Maintain Person Function Grants form:
|
Rules/Notes: All required menus including sub-menus should be granted via this form only where it is not practical to provide the necessary grants via security roles. Only one menu can be flagged as the default menu. A default menu set here will override any default menus inherited via security roles. Granting a person access to a particular menu does not necessarily ensure access to forms and jobs under the menu's structure. The forms and jobs must be specifically granted to either a role granted to the person or via a person form/job grant. Selecting any Administrator check box, grants the user the ability to:
|
The Form Grants button - overlay contains:
To grant a person access to a form, using the Maintain Person Function Grants form:
|
Rules/Notes:
A person will only have access to those forms specified here and by their security role grant(s). A person may be granted forms without necessarily being granted menus containing those forms. In such cases, the forms can be selected via the Go To and Alpha List facilities. Only forms with their Query Only Mode Valid indicator set (in SECF0060) can be granted as 'query only' in this form. |
To remove a person's access to a form, using the Maintain Person Function Grants form:
|
Rules/Notes: See Rules/Notes on 'Advanced Functions' button above for conditions to deny a person access to update a person's name in any SMS form. |
The Job Grants button - overlay contains:
To grant a person access to a job, using the Maintain Person Function Grants form:
|
Rules/Notes: A person will only have access to those jobs specified here and by their security role grant(s). A person may be granted jobs without necessarily being granted menus containing those jobs. In such cases, the jobs can be selected via the Go To and Alpha List facilities. |
To remove a person's access to a job, using the Maintain Person Function Grants form:
|
Rules/Notes: |
The Self Serve Application Grants button - overlay contains:
To grant a person access to a Self Serve Application, using the Maintain Person Function Grants form:
|
Rules/Notes: You cannot create a Person Self Serve Application Grant for a deceased person. When creating a Person Self Serve Application Grant, the Self Serve Application must be mapped to a System Self Serve Application that is not closed. |
To remove a person's access to a Self Serve Application, using the Maintain Person Function Grants form:
|
Rules/Notes: |
The SSF Menu Grants button - overlay contains:
To grant a person access to a SSF Menu Grants, using the Maintain Person Function Grants form:
|
Rules/Notes: You cannot create a Person SSF Menu Grant for a deceased person. The Web Element must have a System Web Element Type of Menu when creating a Person SSF Menu Grant. The Web Element must not be closed when creating a Person SSF Menu Grant. The Search Menu check box allows users to identify which SSF Menu will be utilized by the Enter Search Results Application if user has Staff connect functionality. User can only select one menu as the search menu Only one Menu can be set as the default. |
To remove a person's access to a SSF Menu, using the Maintain Person Function Grants form:
|
Rules/Notes: |
The Copy From button - overlay contains:
To copy menu, form and job grants from one person to another, using the Maintain Person Function Grants form:
|
Rules/Notes: The person ID or Oracle username of the person whose records are being copied must be known in order to perform this function. On executing the Copy function, the records copied to the recipient are automatically saved. To display the copied menu grants it is necessary to re-query the Person Menu Grant block. Navigating to the Person Form or Job Grant blocks will automatically re-query these blocks. |
Last Modified on 13 September, 2006