Top of SEC | Index | Table of Contents | Feedback | ![]() |
SECF0063 - Maintain Security Role Function Grants
Purpose |
To assign System menu, Self Service Application and SSF menu form and job access to individual Security Roles. When users are granted Security Roles they inherit the Function Grants for those roles, as defined in this form. |
|
Subsystem | Security | |
Normally Run By | Administration Specialist | |
Anticipated Frequency |
At the beginning of the Course Year, or as required |
|
Structure |
Blocks |
Security Role |
Security Role Menu Grant | ||
Buttons |
Form Grants (Overlay) |
|
Job Grants (Overlay) | ||
Self Serve Application Grants (Overlay) | ||
SSF Menu Grants (Overlay) | ||
Copy From ... (Overlay) | ||
Reconcile Object Grants (SECJ0070) | ||
Advanced Functions (Overlay) |
||
Note Type Restrictions (SECF0041) |
A Database Administrator (DBA) creates user roles for use in Callista. A user role specifies the full range of functionality potentially available to users granted that role. The Security Administrator can define the access of a user role by individually specifying in this form the menus, forms, jobs, reports, Self Serve Applications and SSF Menus that the role can access. Selecting the Reconcile Object Grants button initiates a process which checks that the role has the necessary Object Grants for all of its Function Grants. Any Object Grants which are missing are added while any which are no longer required are deleted. Object Grant reconciliation can also be performed as an after hours batch job using SECJ0070. Note:
then a role being granted the 'calling' form should also be granted the 'called' function. Failure to grant the called function to the role will result in errors occurring when the calling form is used by users granted the role. The Grant Menu Structure process grants the user role a menu structure containing all of the sub-menus, forms, jobs and reports under the selected menu. Menu structures are maintained in SECF0061. Further details are contained in the Callista Technical Documentation. Security Role Block This block displays information identifying the Security Role to which menu and form access is granted via this form. This block can be queried to locate the Security Role to which menus, forms and or jobs are to be granted. The granting of a menu and sub-menus alone will not give access to the items (forms and jobs) in those menus. Security Roles must also be granted access to the relevant forms/jobs. Even then, access may be limited if the Security Roles do not have the necessary data level access. Each time a Security Role is updated, as the final operation, either the Reconcile Object Grants button should be selected or job SECJ0070 should be run to perform the reconciliation. This ensures that the role has the correct Object Grants for the functions granted to it. The process automatically adds any missing Object Grants and deletes any that are no longer required. Reconciliation of Object Grants provides further information on the subject. Security Role Menu Grant Block This block is used to record and display System menus granted to the displayed Security Role(s). Menus may be granted individually, or whole menu structures, including sub menus, forms and jobs may be granted in a single operation using the Grant Menu Structure function. Form Grants Button This block is used to record and display the forms to which access has been granted for the displayed Security Role. Job Grants Button This block is used to record and display the jobs to which access has been granted for the displayed Security Role. Self Serve Application Grants Button This block is used to record and display the Self Serve Application to which access has been granted for the displayed Security Role when the user has access to Callista Connect. SSF Menu Grants Button This block is used to record and display the SSF Menus to which access has been granted for the displayed Security Role when the user has access to Callista Connect. Copy (Menu, Form and Job Grants) From (One Security Role to Another) Button This function permits the copying of the menu, form and Job Grants of one Security Role to another Security Role. The recipient role will then have access to those menus, forms and jobs copied from the other Security Role and any additional menus, forms and jobs explicitly recorded in this form. Note Type Restrictions Button This button navigates to SECF0041 where Note Type Restrictions can be applied to this role. General This Form allows Menus, Forms and Jobs, including the required database object privileges, to be assigned to a Role when users have access to Callista Connect. When users are granted the Role, they inherit access to the Menus, Forms and Jobs defined for the Role. This Form will be enhanced as follows:
Enhance the Reconcile Object Grants process to cater for Self Serve Applications. For further information on Staff Connect, see Staff Connect Introduction. System Advance Functions Sector restrictions function for System Advanced Functions. This is to cater for the fact that some System Advanced Functions are only available for specific sectors. The security policy ensures that when the Form is being run at an institution that is cross-sector, all of the valid System Advanced Functions are displayed in the LOV. When the form is being run at an institution that is HE sector, only the valid System Advanced Functions for HE are displayed in the LOV. When the form is being run at an institution that is VET sector, only the valid System Advanced Functions for VET are displayed in the LOV. This form is accessed from the main menu. |
The Security Role block contains:
The Security Role Menu Grant block contains:
|
Rules/Notes: Form Grants Job Grants Copy From ... Advanced Functions The Grant Menu Structure button opposite copies data ready for SECJ0070. Once copied the following message is shown: "Grants successfully copied. Please requery detail to see the changes. Database Object Grants should be reconciled via the Reconcile Object Grants button" The Note Type Restrictions button will only be available to users who have security access to SECF0041.
|
To grant access to a menu, for the displayed Security Role, using the Maintain Security Role Function Grants form:
|
Rules/Notes: All required menus including sub-menus must be granted via this form. Only one menu can be flagged as the default menu. |
To grant access to a menu and all its menu substructure including sub menus, forms and jobs, for the displayed Security Role, using the Maintain Security Role Function Grants form:
|
Rules/Notes: On executing the Grant Menu Structure function, the granted menu structure is automatically saved. To display the granted sub-menus it is necessary to re-query the Security Role Menu Grant block. To display the granted forms and jobs, it is necessary to navigate to the Form Grant and Job Grant blocks and re-query. |
To grant a Security Role access to a form, using the Maintain Security Role Function Grants form:
|
Rules/Notes: Only forms with their Query Only Mode Valid indicator set (in SECF0060) can be granted as 'query only' in this form. |
To remove a Security Role's access to a form, using the Maintain Security Role Function Grants form:
|
Rules/Notes: |
To grant a Security Role access to a job, using the Maintain Security Role Function Grants form:
|
Rules/Notes: |
To remove a Security Role's access to a job, using the Maintain Security Role Function Grants form:
|
Rules/Notes: |
To grant a Security Role access to a Self Serve Application, using the Maintain Security Role Function Grants form:
|
Rules/Notes: A function for Callista Connect users. When creating a Role Self Serve Application Grant, the Self Serve Application must be mapped to a System Self Serve Application that is not closed. |
To remove a Security Role's access to a Self Serve Application, using the Maintain Security Role Function Grants form:
|
Rules/Notes: See Rules/Notes on 'Advanced Functions' button above for conditions to deny a person access to update a person's name in any SMS form. |
To grant a Security Role access to a SSF Menu, using the Maintain Security Role Function Grants form:
|
Rules/Notes: A function for Callista Connect users. When creating a Role SSF Menu Grant, the Web Element must have a System Web Element Type of Menu. The Web Element must not be closed when creating a Role SSF Menu Grant. One and only one Role SSF Menu Grant must be set as the Default SSF Menu for the Role. |
To remove a Security Role's access to a SSF Menu, using the Maintain Security Role Function Grants form:
|
Rules/Notes: |
To copy menu, form and Job Grants from one Security Role to another, using the Maintain Security Role Function Grants form:
|
Rules/Notes: On executing the Copy function, the records copied to the recipient are automatically saved. To display the copied Menu Grants it is necessary to re-query the Security Role Menu Grant block. Navigating to the Security Role Form or Job Grant blocks will automatically re-query these blocks. |
Last Modified on 13 September, 2006