Top of SEC Index Table of Contents Feedback

SECF0063 - Maintain Security Role Function Grants

Purpose

To assign System menu, Self Service Application and SSF menu, form, web page and job access to individual Security Roles.
When users are granted Security Roles they inherit the Function Grants for those roles, as defined in this form.

Subsystem Security
Normally Run By Administration Specialist

Anticipated Frequency

At the beginning of the Course Year, or as required.

Structure

Blocks

Security Role

Security Role Menu Grant

Buttons

Form Grants (Overlay)

Job Grants (Overlay)
SSF Application Grants (Overlay)
SSF Menu Grants (Overlay)
Web Page Grants (Overlay)
Web Resource Grants (Overlay)
Copy From ... (Overlay)
Advanced Functions (Overlay)

Note Type Restrictions (SECF0041)

Reconcile Object Grants (SECJ0070)
Appeal Type Restrictions (SECF0091)
Encumbrance Type Restrictions (SECF0093)
Communication Category Restrictions (SECF0073)
Proposal Type Restrictions (SECF0095)

 

A Database Administrator (DBA) creates user roles for use in Callista. A user role specifies the full range of functionality potentially available to users granted that role. The Security Administrator can define the access of a user role by individually specifying in this form the Menus, Forms, Web Pages, Jobs, Reports, Self Serve Applications and SSF Menus that the role can access.

Selecting the Reconcile Object Grants button initiates a process that checks that the role has the necessary Object Grants for all of its Form, Job and SSF Application Grants. Any Object Grants that are missing are added, while any that are no longer required are deleted. Object Grant reconciliation can also be performed as an 'after hours' batch job using SECJ0070.

Note:

If a form calls another form by either a button or an iconic button (for example, the Record Admission Enquiry form (ADMF1200) calls the Find Course Form (ADMF1220)), or a form calls a report either automatically or by a button (for example, the Basic Course Details form (CRSF1210) calls the Rollover Exception Report (CRSR0630) automatically, the Academic History report (ENRR08M0) is called via a button in INQF1200 (the Student Course Attempt Inquiry screen)), then a role being granted the 'calling' form should also be granted the 'called' function. Failure to grant the called function to the role will result in errors occurring when the calling form is used by users granted the role.

The Grant Menu Structure process grants the user role a menu structure containing all of the sub-menus, forms, jobs and reports under the selected menu. Menu structures are maintained in SECF0061.

Further details are contained in the Callista Technical Documentation.

Security Role Block

This block displays information identifying the Security Role to which menu and form access is granted via this form. This block can be queried to locate the Security Role to which menus, forms and or jobs are to be granted.

The granting of a menu and sub-menus alone will not give access to the items (forms and jobs) in those menus. Security Roles must also be granted access to the relevant forms/jobs. Even then, access may be limited if the Security Roles do not have the necessary data level access.

Each time form, job or SSF application grants for a Security Role are updated, as the final operation, either the Reconcile Object Grants button should be selected or job SECJ0070 should be run to perform the reconciliation. This ensures that the role has the correct object grants allocated to it. The process automatically adds any missing Object Grants and deletes any that are no longer required. Reconciliation of Object Grants provides further information on the subject.

Security Role Menu Grant Block

This block is used to record and display System menus granted to the displayed Security Role(s). Menus may be granted individually, or whole menu structures, including sub menus, forms and jobs may be granted in a single operation using the Grant Menu Structure function.

  • Form Grants Button
    This block is used to record and display the forms to which access has been granted for the displayed Security Role.
  • Job Grants Button
    This block is used to record and display the jobs to which access has been granted for the displayed Security Role.
  • Self Serve Application Grants Button
    This block is used to record and display the Self Serve Application to which access has been granted for the displayed Security Role when the user has access to Callista Connect.
  • SSF Menu Grants Button
    This block is used to record and display the SSF Menus to which access has been granted for the displayed Security Role when the user has access to Callista Connect.
  • Web Page Grants Button
    This block is used to record and display the web pages to which access has been granted for the displayed Security Role.
  • Web Resource Grants Button
    This block is used to record and display the web pages to which access has been granted for the displayed Security Role.
  • Copy (Menu, Form and Job Grants) From (One Security Role to Another) Button
    This function permits the copying of the menu, form and Job Grants of one Security Role to another Security Role. The recipient role will then have access to those menus, forms and jobs copied from the other Security Role and any additional menus, forms and jobs explicitly recorded in this form.
  • Note Type Restrictions Button
    This button navigates to SECF0041 where Note Type Restrictions can be applied to this role.
  • Appeal Type Restrictions Button
    This button navigates to the Maintain Security Appeal Type Restriction (SECF0091) form where Appeal Type restrictions can be applied to this role.
  • Encumbrance Type Restrictions Button
    This button navigates to the     Maintain Security Role Encumbrance Type Restrictions form (SECF0093) from where the Encumbrance Type restrictions can be applied to the displayed security role.
  • Communication Category Restrictions Button
    This button navigates to the     Maintain Security Role Communication Category Restrictions form (SECF0073) from where the Communication Category restrictions can be applied to the displayed security role.

General

This form allows menus, forms, web pages and jobs, including the required database object privileges, to be assigned to a Role when users have access to Callista Connect. When users are granted the Role, they inherit access to the menus, forms, web pages and jobs defined for the Role.

This form allows SSF Menus and Self Serve Applications grants to be defined for a Role.

When the Role is granted to a user, the user inherits access to the SSF Menus and Self Serve Applications. These enhancements are only applicable when Callista Connect is installed. These functions enable staff members to access Callista Connect applications. The enhancements required to support staff access to Callista Connect applications direct impact a number of different areas, including, the Callista Connect Parser, the Callista Connect Administration Tool, the Callista Connect Manager, the Callista SMS, and internal processes.

For further information on Staff Connect, see Staff Connect Introduction.

This form is accessed from the main menu.

 

The Security Role block contains:

  • Security Role
  • Creation Date
  • Description

    Buttons

    • Form Grants
      • Form Grants
      • Form (LOV)
      • Title
      • Grant Query Only check box
      • Back button
    • Job Grants
      • Job Name (LOV)
      • Short Title
      • Override Priority check box
      • Back button
    • Self Serve Application Grants
      • Self Serve Application (LOV)
      • Description
      • Back button
    • SSF Menu Grants
      • SSF Menu Code (LOV)
      • Description
      • Default SSF Menu check box
      • Search Menu check box
      • Back button
    • Web Page Grants
      • Web Page
      • Description
      • Grant query Only check box
      • Back button
    • Web Resource Grants
      • Web Resource
      • Description
      • Grant query Only check box
      • Back button
    • Copy From ...
      • Person ID
      • Oracle Username
      • Copy button
      • Cancel button
    • Reconcile Object Grants (SECJ0070)
    • Advanced Functions
      • Advanced Function (LOV)
      • Description
      • Back button
    • Note Type Restrictions (SECF0041)
    • Appeal Type Restrictions (SECF0091)
    • Encumbrance Type Restrictions (SECF0093)
    • Communication Category Restrictions (SECF0073)
    • Proposal Type Restrictions (SECF0095)

The Security Role Menu Grant block contains:

  • Menu code
  • Title
  • Default Menu check box

    Button

    • Grant Menu Structure

Rules/Notes:

Form Grants
This block is used to record and display forms granted to a person in addition to those granted as a result of the person's Security Role(s). Use the Back button to exit this block.

Job Grants
This block is used to record and display jobs granted to a person in addition to those granted as a result of the person's Security Role(s). Use the Back button to exit this block. Self Serve Application Grants
This block is used to record and display Self Serve Applications granted to a person in addition to those granted as a result of the person's Security Role(s). Use the Back button to exit this block. SSF Menu Grants
This block is used to record and display the Self Serve Facility (SSF) menus granted to a person in addition to those granted as a result of the person's Security Role(s). Use the Back button to exit this block.

Web Page Grants
This block is used to record and display web pages granted to a person in addition to those granted as a result of the person's Security Role(s). Use the Back button to exit this block.

Web Resource Grants
This block is used to record and display web resources granted to a person in addition to those granted as a result of the person's Security Role(s). Use the Back button to exit this block.

Copy From ...
This function permits the copying of the menu, form and Job Grants of one person to another person. The recipient will then have access to functionality specified by their own Security Role grants, those menus, forms and jobs copied from the other person and any additional menus, forms and jobs explicitly recorded in this form.

Advanced Functions
System-defined Advanced Functions can be added or removed for a Security Role in this form.
For example, if a NAME-UPD Advanced Function is granted to a Security Role, users with that role will not be able to update a Person's name in any SMS form. The only exception to this restriction will be cases where the creator of a Person record attempts to change the Person Name on the same day that the record was created.

Some System Advanced Functions are VET specific and some are HE specific. Cross sector installations of Callista will have all Advanced Functions available for selection in this form.

Note that granting the VENUE_OVRD Advanced Function to a user role, will allow a user with that role to allocate further students to Activity Offerings in Venues, when the designated maximum number of students for that venue has been reached. This Advanced Function should only be granted to roles whose users that will appreciate the Occupational Health and Safety implications of such an action. Allocation of students to Activity Offerings can be performed in ENRF4200. A user whose role has been granted the VENUE_OVRD Advanced Function is able to select the Exceed Real Limit check box in this form.
The maximum number of students in an Activity Offering is designated in CRSF2800.

Granting the CLASH-OVRD Advanced Function to a Security Role will allow a user with that Security Role to deselect the No Clashes Allowed checkbox in ENRJ4700 and allow them to select the Clashes Override checkbox in ENRF4200 and ENRF4250.

For a summary of Advanced Functions available in Callista - go to the Advanced Functions page.

The Grant Menu Structure button opposite copies data ready for SECJ0070. Once copied the following message is shown: "Grants successfully copied. Please requery detail to see the changes. Database Object Grants should be reconciled via the Reconcile Object Grants button.".

The Note Type Restrictions button is only available to users who have security access to SECF0041.

The Appeal Type Restrictions button is only available to users who have security access to the Maintain Security Appeal Type Restriction (SECF0091) form.

The Encumbrance Type Restrictions button is only available to users who have security access to the Maintain Security Role Encumbrance Type Restrictions form (SECF0093). SECF0093 is used to control the type and level of access a role has in managing encumbrance processes. For more information, see SECF0093.

The Proposal Type Restrictions button is only available to users who have security access to the Maintain Proposal Type Restrictions form (SECF0095). SECF0095 is used to control the type of proposal that a user with a particular security role can create.
To grant access to a menu, for the displayed Security Role, using the Maintain Security Role Function Grants form:
  • Locate the Security Role for which access is to be granted by querying in the Security Role block.
  • Navigate to the Security Role Menu Grant block.
  • Enter Insert mode.
  • Select the menu to be granted from the list of values (or key a valid value) in the Menu Code field of a blank record.
  • If this menu is to be the default menu for the Security Role, select the Default Menu check box.
  • Save.

Rules/Notes:

All required menus including sub-menus must be granted via this form.

Only one menu can be flagged as the default menu.

To grant access to a menu and all its menu substructure including sub menus, forms and jobs, for the displayed Security Role, using the Maintain Security Role Function Grants form:

  • Locate the Security Role for which access is to be granted by querying in the Security Role block.
  • Navigate to the Security Role Menu Grant block.
  • Select the menu whose structure is to be granted, from the displayed Menu Grants, or
  • Grant the menu whose structure is to be granted using the method detailed above.
  • Select the menu whose structure is to be granted, then select the Grant Menu Structure function button.
  • All sub menus, forms and jobs of the selected menu will be granted.
  • Select the Reconcile Objects button or run SECJ0070.

Rules/Notes:

On executing the Grant Menu Structure function, the granted menu structure is automatically saved.

To display the granted sub-menus it is necessary to re-query the Security Role Menu Grant block. To display the granted forms and jobs, it is necessary to navigate to the Form Grant and Job Grant blocks and re-query.

To grant a Security Role access to a form, using the Maintain Security Role Function Grants form:

  • Ensure the correct Security Role record is displayed in the Security Role block.
  • Select the Form Grants button to display the Security Role Form Grant block.
  • Enter Insert mode.
  • Select the form to be granted from the list of values (or key a valid value) in the Form field of a blank record.
  • If access is to be granted to the form for inquiry use only, select the Grant Query Only check box.
  • Repeat steps 4 and 5 to grant more forms to the Security Role.
  • Save.
  • Select the Back button.
  • Select the Reconcile Objects button or run SECJ0070.

Rules/Notes:

Only forms with their Query Only Mode Valid indicator set (in SECF0060) can be granted as 'query only' in this form.

To remove a Security Role's access to a form, using the Maintain Security Role Function Grants form:

  • Ensure the correct Security Role record is displayed in the Security Role block.
  • Select the Form Grants button to display the Security Role Form Grant block.
  • Select the form for which access is to be deleted.
  • Delete record.
  • Save.
  • Select the Back button.
  • Select the Reconcile Objects button or run SECJ0070.

Rules/Notes:

To grant a Security Role access to a job, using the Maintain Security Role Function Grants form:

  • Ensure the correct Security Role record is displayed in the Security Role block.
  • Select the Job Grants button to display the Security Role Job Grant block.
  • Enter Insert mode.
  • Select the job to be granted from the list of values (or key a valid value) in the Job Name field of a blank record.
  • If a person with this Security Role has the authority to override the System priority of this job, select the Override Priority check box.
  • Repeat step 4 and 5 to grant more jobs to the Security Role.
  • Save.
  • Select the Back button.
  • Select the Reconcile Objects button or run SECJ0070.

Rules/Notes:

To remove a Security Role's access to a job, using the Maintain Security Role Function Grants form:

  • Ensure the correct Security Role record is displayed in the Security Role block.
  • Select the Job Grants button to display the Security Role Job Grant block.
  • Select the job for which access is to be deleted.
  • Delete record.
  • Save.
  • Select the Back button.
  • Select the Reconcile Objects button or run SECJ0070.

Rules/Notes:

To grant a Security Role access to a Self Serve Application, using the Maintain Security Role Function Grants form:

  • Ensure the correct Security Role record is displayed in the Security Role block.
  • Select the Self Serve Application Grants button to display the Security Role Self Serve Application Grant block.
  • Enter Insert mode.
  • Select the Self Serve Application to be granted from the list of values (or key a valid value) in the Self Serve Application Name field of a blank record.
  • If a person with this Security Role has the authority to override the System priority of this Self Serve Application, select the Override Priority check box.
  • Repeat step 4 and 5 to grant more Self Serve Applications to the Security Role.
  • Save.
  • Select the Back button.
  • Select the Reconcile Objects button or run SECJ0070.

Rules/Notes:

A function for Callista Connect users.

When creating a Role Self Serve Application Grant, the Self Serve Application must be mapped to a System Self Serve Application that is not closed.

To remove a Security Role's access to a Self Serve Application, using the Maintain Security Role Function Grants form:

  • Ensure the correct Security Role record is displayed in the Security Role block.
  • Select the Self Serve Application Grants button to display the Security Role Self Serve Application Grant block.
  • Select the Self Serve Application for which access is to be deleted.
  • Delete record.
  • Save.
  • Select the Back button.
  • Select the Reconcile Objects button or run SECJ0070.

Rules/Notes:

See Rules/Notes on 'Advanced Functions' button above for conditions to deny a person access to update a person's name in any SMS form.

To grant a Security Role access to a SSF Menu, using the Maintain Security Role Function Grants form:

  • Ensure the correct Security Role record is displayed in the Security Role block.
  • Select the SSF Menu Grants button to display the Security Role SSF Menu Grant block.
  • Enter Insert mode.
  • Select the SSF Menu to be granted from the list of values (or key a valid value) in the SSF Menu Name field of a blank record.
  • If this menu is to be the default SSF Menu for this Security Role, select the Default SSF Menu check box.
  • Repeat step 4 to grant more SSF Menus to the Security Role.
  • Save.
  • Select the Back button.
  • Select the Reconcile Objects button or run SECJ0070.

Rules/Notes:

A function for Callista Connect users.
When creating a Role SSF Menu Grant, the Web Element must have a System Web Element Type of Menu.
The Web Element must not be closed when creating a Role SSF Menu Grant.
One and only one Role SSF Menu Grant must be set as the Default SSF Menu for the Role.
To remove a Security Role's access to a SSF Menu, using the Maintain Security Role Function Grants form:
  • Ensure the correct Security Role record is displayed in the Security Role block.
  • Select the SSF Menu Grants button to display the Security Role SSF Menu Grant block.
  • Select the SSF Menu for which access is to be deleted.
  • Delete record.
  • Save.
  • Select the Back button.
  • Select the Reconcile Objects button or run SECJ0070.
 Rules/Notes:

To grant a Security Role access to a web page, using the Maintain Security Role Function Grants form:

  • Ensure the correct Security Role record is displayed in the Security Role block.
  • Select the Web Page Grants button to display the Security Role Web Page Grant block.
  • Enter Insert mode.
  • Select the web page to be granted from the list of values (or key a valid value) in the Web Page field of a blank record.
  • If access is to be granted to the form for inquiry use only, select the Grant Query Only check box.
  • Repeat to grant more web pages to the Security Role.
  • Save.
  • Select the Back button.

Rules/Notes:

Only web pages with their Query Only Mode Valid indicator set (in SECF0060) can be granted as 'query only' in this form.

To remove a Security Role's access to a web page, using the Maintain Security Role Function Grants form:

  • Ensure the correct Security Role record is displayed in the Security Role block.
  • Select the Web Page Grants button to display the Security Role Web Page Grant block.
  • Select the web page for which access is to be deleted.
  • Delete record.
  • Save.
  • Select the Back button.

Rules/Notes:

The Web Resource Grants button - overlay contains:

  • Web Resource
  • Description
  • Grant Query Only check box
  • Back button

To grant a person access to a web resources, using the Maintain Person Function Web forms form:

  • Ensure the correct person record is displayed in the Person block
  • Select the Web Resource Grants button to display the Person Web Resource Grant block
  • Enter Insert mode
  • Select the web resource to be granted from the list of values (or key a valid value) in the Web Resource Name field of a blank record
  • Repeat to grant more web pages to the person
  • Save
  • Select the Back button

Rules/Notes:

A person will only have access to those web resources specified here and by their Security Role grant(s).

A person may be granted web resources without necessarily being granted menus containing those jobs. In such cases, the jobs can be selected via the Go To and Alpha List facilities.

To remove a person's access to a web resource, using the Maintain Person Function Grants form:

  • Ensure the correct person record is displayed in the Person block
  • Select the Web Resource Grants button to display the Person Web Resource Grant block
  • Select the web resource for which access is to be deleted
  • Delete record
  • Save
  • Select the Back button
 Rules/Notes:

To copy menu, form and Job Grants from one Security Role to another, using the Maintain Security Role Function Grants form:

  • Ensure the recipient Security Role record is displayed in the Security Role block.
  • Select the Copy From button to display the Copy From block.
  • Execute a query in the Security Role field to locate the Security Role whose grants are to be copied.
  • Select the Copy button. The menu, form and Job Grants of the Security Role queried in step 3 will be copied to the recipient Security Role and be automatically saved.
  • Select the Reconcile Objects button or run SECJ0070.

Rules/Notes:

On executing the Copy function, the records copied to the recipient are automatically saved.

To display the copied Menu Grants it is necessary to re-query the Security Role Menu Grant block. Navigating to the Security Role Form or Job Grant blocks will automatically re-query these blocks.

 

Last Modified on 30-May-2012 9:19 AM

History Information

Release Information Project Change to Document
15.0

1762 - CAPS -User Interface

 Added details for Proposal Type button
15.0

1747 - 11g Product Structuree

 Added details for Web Resource Grants
13.0.0.2 1580 - Communication Added a new Communication Categories Restrictions button and related notes.
13.0.0.2 1578 - CAPS part 3 Added link to Advanced Functions page
13.0 1581 - Auto Encumbrances Added a new Encumbrance Type Restrictions button and related note.
11.1.0.3 CAPS - Pt 1 Added new CAPS Advanced Functions
11.1 1448 - ESOS Added Appeal Type Restrictions button
11.0.0.2 1450 - Attend Enhancements Modified Advanced Functions section in Security Role Block Rules/Notes
11.0.0.0.0.0 1416 - Apprentice Management Added references to Web pages