reconcile object grants

SECJ0070 - Reconcile Object Grants

Purpose	This job is used to ensure that the database objects required by a security role, to enable users with the role to successfully access data, are available to it
SubSystem	Security
Normally Run By	Administration specialist
Anticipated Frequency	As required
Structure	Block	Reconcile Object Grants
	Tab	Parameters

The job is run directly from menus. It is usually run for roles that have recently had their form or job grants changed (in SECF0063). It can be run regularly to reconcile all roles and all user grants, ensuring that all object grants are up to date.

Job Parameters

The job can be run to reconcile either any single security role or all security roles and user grants.

Related information:

Maintain Security Role Function Grants (SECF0063)
Maintain Person Function Grants (SECF0062)
Understanding Security - Reconciliation of Object Grants

The Reconcile Object Grants block contains:

Parameters

Security Role (LOV)

Person (LOV)

Rules/Notes:

Validations include:

A Security Role or Person parameter must be specified

Rules/Notes:

Object grants can be reconciled for individual roles in SECF0063 and for individual users in SECF0062.

Field Details

Label	Field Source	Field Type	Format Length	Comments
Security Role:	SSR.security_role	Text (with LOV)	Varchar2(30)	In addition to Security Roles, DEFERRED and % values will be hard coded in LOV
	SSR.description	Text	Varchar2(60)	For the value ‘DEFERRED’ set to ‘ALL SECURITY ROLES WHERE RECONCILE DEFERRED’ For the value ‘%’ set to ‘ALL SECURITY ROLES’
Person:	PE.person_id	Text (with LOV)	Varchar2(10)	In addition to Person users, DEFERRED and % values will be hard coded in LOV
	PDV.context_block_name	Text	Varchar2(85)	For the value DEFERREDset to ‘ALL PERSON USERS WHERE RECONCILE DEFERRED’ For the value ‘%’ set to ‘ALL PERSON USERS’

The parameters are processed as follows:

Parameter		Processing
Security Role	DEFERRED	Invoke the process to reconcile object grants for all Security Roles that have had the reconcile object grants process deferred via SECF0063. These Security Roles will be listed on the System Reconcile Roles table (S_RECONCILE_ROLES where SECURITY_ROLE is not null). Ensure the entries are removed from this table after the reconciliation is complete Note: This processing is currently performed by the ‘%’ option
	%	Invoke the process to reconcile object grants for all active Security Roles defined in the Callista SMS (SYS_SECURITY_ROLE where LOGICAL_DELETE_DT is null). If any of the Security Roles are listed on the System Reconcile Roles table (S_RECONCILE_ROLES), ensure the entries are removed after the reconciliation is complete Note: This processing is new for the job
	Security Role	Invoke the process to reconcile object grants for the specified Security Role (p_security_role and p_creation_dt). If the Security Role is listed on the System Reconcile Roles table (S_RECONCILE_ROLES), ensure the entry is removed after the reconciliation is complete
	Null	No processing required for Security Roles
Person	DEFERRED	Invoke the process to reconcile object grants for all Person users that have had the reconcile object grants process deferred via SECF0062. These Person users will be listed on the System Reconcile Roles table (S_RECONCILE_ROLES where PERSON_ID is not null). Ensure the entries are removed from this table after the reconciliation is complete Note: This processing is currently performed by the ‘%’ option
	%	Invoke the process to reconcile object grants for all Person users defined in the Callista SMS that have an Oracle username and have been granted a menu (via a Security Role or directly) (ORACLE_USERNAME IS NOT NULL and record exists on PERSON_MENU_GRANT matching on PERSON_ID and DEFAULT_MENU_IND = Y. If no record exists on PERSON_MENU_GRANT, then look for existence of records on PERSON_ROLE_GRANT and ROLE_MENU_GRANT. Firstly, find the person on PERSON_ROLE_GRANT where LOGICAL_DELETE_DT IS NULL and then join to ROLE_MENU_GRANT matching on SECURITY_ROLE/CREATION_DT and DEFAULT_MENU_IND = Y). If any of the Person users are listed on the System Reconcile Roles table (S_RECONCILE_ROLES), ensure the entries are removed after the reconciliation is complete Note: This processing is new for the job
	Person ID	Invoke the process to reconcile object grants for the specified Person (p_person_id). If the Person is listed on the System Reconcile Roles table (S_RECONCILE_ROLES), ensure the entry is removed after the reconciliation is complete
	Null	No processing required for Person users

Last Modified on 13 September, 2006