Top of SEC | Index | Table of Contents | Feedback | ![]() |
SECF0063 - Maintain Security Role Function Grants
Purpose |
To assign System menu, Self Service Application and SSF menu, form, web page and job access to individual Security Roles. |
|
Subsystem | Security | |
Normally Run By | Administration Specialist | |
Anticipated Frequency |
At the beginning of the Course Year, or as required. |
|
Structure |
Blocks |
Security Role |
Security Role Menu Grant | ||
Buttons |
Form Grants (Overlay) |
|
Job Grants (Overlay) | ||
SSF Application Grants (Overlay) | ||
SSF Menu Grants (Overlay) | ||
Web Page Grants (Overlay) | ||
Web Resource Grants (Overlay) | ||
Copy From ... (Overlay) | ||
Advanced Functions (Overlay) | ||
Note Type Restrictions (SECF0041) |
||
Reconcile Object Grants (SECJ0070) | ||
Appeal Type Restrictions (SECF0091) | ||
Encumbrance Type Restrictions (SECF0093) | ||
Communication Category Restrictions (SECF0073) | ||
Proposal Type Restrictions (SECF0095) |
A Database Administrator (DBA) creates user roles for use in Callista. A user role specifies the full range of functionality potentially available to users granted that role. The Security Administrator can define the access of a user role by individually specifying in this form the Menus, Forms, Web Pages, Jobs, Reports, Self Serve Applications and SSF Menus that the role can access. Selecting the Reconcile Object Grants button initiates a process that checks that the role has the necessary Object Grants for all of its Form, Job and SSF Application Grants. Any Object Grants that are missing are added, while any that are no longer required are deleted. Object Grant reconciliation can also be performed as an 'after hours' batch job using SECJ0070. Note: If a form calls another form by either a button or an iconic button (for example, the Record Admission Enquiry form (ADMF1200) calls the Find Course Form (ADMF1220)), or a form calls a report either automatically or by a button (for example, the Basic Course Details form (CRSF1210) calls the Rollover Exception Report (CRSR0630) automatically, the Academic History report (ENRR08M0) is called via a button in INQF1200 (the Student Course Attempt Inquiry screen)), then a role being granted the 'calling' form should also be granted the 'called' function. Failure to grant the called function to the role will result in errors occurring when the calling form is used by users granted the role. The Grant Menu Structure process grants the user role a menu structure containing all of the sub-menus, forms, jobs and reports under the selected menu. Menu structures are maintained in SECF0061. Further details are contained in the Callista Technical Documentation. Security Role Block This block displays information identifying the Security Role to which menu and form access is granted via this form. This block can be queried to locate the Security Role to which menus, forms and or jobs are to be granted. The granting of a menu and sub-menus alone will not give access to the items (forms and jobs) in those menus. Security Roles must also be granted access to the relevant forms/jobs. Even then, access may be limited if the Security Roles do not have the necessary data level access. Each time form, job or SSF application grants for a Security Role are updated, as the final operation, either the Reconcile Object Grants button should be selected or job SECJ0070 should be run to perform the reconciliation. This ensures that the role has the correct object grants allocated to it. The process automatically adds any missing Object Grants and deletes any that are no longer required. Reconciliation of Object Grants provides further information on the subject. Security Role Menu Grant Block This block is used to record and display System menus granted to the displayed Security Role(s). Menus may be granted individually, or whole menu structures, including sub menus, forms and jobs may be granted in a single operation using the Grant Menu Structure function.
General This form allows menus, forms, web pages and jobs, including the required database object privileges, to be assigned to a Role when users have access to Callista Connect. When users are granted the Role, they inherit access to the menus, forms, web pages and jobs defined for the Role. This form allows SSF Menus and Self Serve Applications grants to be defined for a Role. For further information on Staff Connect, see Staff Connect Introduction. This form is accessed from the main menu. |
The Security Role block contains:
The Security Role Menu Grant block contains:
|
Rules/Notes: Form Grants This block is used to record and display jobs granted to a person in addition to those granted as a result of the person's Security Role(s). Use the Back button to exit this block. Self Serve Application Grants This block is used to record and display Self Serve Applications granted to a person in addition to those granted as a result of the person's Security Role(s). Use the Back button to exit this block. SSF Menu Grants This block is used to record and display the Self Serve Facility (SSF) menus granted to a person in addition to those granted as a result of the person's Security Role(s). Use the Back button to exit this block. Web Page Grants Web Resource Grants Copy From ... Advanced
Functions Some System Advanced Functions are VET specific and some are HE specific. Cross sector installations of Callista will have all Advanced Functions available for selection in this form. Note that granting the VENUE_OVRD Advanced Function to a user role, will allow a user with that role to allocate further students to Activity Offerings in Venues, when the designated maximum number of students for that venue has been reached. This Advanced Function should only be granted to roles whose users that will appreciate the Occupational Health and Safety implications of such an action. Allocation of students to Activity Offerings can be performed in ENRF4200. A user whose role has been granted the VENUE_OVRD Advanced Function is able to select the Exceed Real Limit check box in this form. Granting the CLASH-OVRD Advanced Function to a Security Role will allow a user with that Security Role to deselect the No Clashes Allowed checkbox in ENRJ4700 and allow them to select the Clashes Override checkbox in ENRF4200 and ENRF4250. For a summary of Advanced Functions available in Callista - go to the Advanced Functions page. The Grant Menu Structure button opposite copies data ready for SECJ0070. Once copied the following message is shown: "Grants successfully copied. Please requery detail to see the changes. Database Object Grants should be reconciled via the Reconcile Object Grants button.". The Note Type Restrictions button is only available to users who have security access to SECF0041. The Appeal Type Restrictions button is only available to users who have security access to the Maintain Security Appeal Type Restriction (SECF0091) form. The Encumbrance Type Restrictions button is only available to users who have security access to the Maintain Security Role Encumbrance Type Restrictions form (SECF0093). SECF0093 is used to control the type and level of access a role has in managing encumbrance processes. For more information, see SECF0093. The Proposal Type Restrictions button is only available to users who have security access to the Maintain Proposal Type Restrictions form (SECF0095). SECF0095 is used to control the type of proposal that a user with a particular security role can create. |
To grant access to a menu, for the displayed Security Role, using the Maintain Security Role Function Grants form:
|
Rules/Notes: All required menus including sub-menus must be granted via this form. Only one menu can be flagged as the default menu. |
To grant access to a menu and all its menu substructure including sub menus, forms and jobs, for the displayed Security Role, using the Maintain Security Role Function Grants form:
|
Rules/Notes: On executing the Grant Menu Structure function, the granted menu structure is automatically saved. To display the granted sub-menus it is necessary to re-query the Security Role Menu Grant block. To display the granted forms and jobs, it is necessary to navigate to the Form Grant and Job Grant blocks and re-query. |
To grant a Security Role access to a form, using the Maintain Security Role Function Grants form:
|
Rules/Notes: Only forms with their Query Only Mode Valid indicator set (in SECF0060) can be granted as 'query only' in this form. |
To remove a Security Role's access to a form, using the Maintain Security Role Function Grants form:
|
Rules/Notes: |
To grant a Security Role access to a job, using the Maintain Security Role Function Grants form:
|
Rules/Notes: |
To remove a Security Role's access to a job, using the Maintain Security Role Function Grants form:
|
Rules/Notes: |
To grant a Security Role access to a Self Serve Application, using the Maintain Security Role Function Grants form:
|
Rules/Notes: A function for Callista Connect users. When creating a Role Self Serve Application Grant, the Self Serve Application must be mapped to a System Self Serve Application that is not closed. |
To remove a Security Role's access to a Self Serve Application, using the Maintain Security Role Function Grants form:
|
Rules/Notes: See Rules/Notes on 'Advanced Functions' button above for conditions to deny a person access to update a person's name in any SMS form. |
To grant a Security Role access to a SSF Menu, using the Maintain Security Role Function Grants form:
|
Rules/Notes: A function for Callista Connect users. |
To remove a Security Role's access to a SSF Menu, using the Maintain Security Role Function Grants form:
|
Rules/Notes: |
To grant a Security Role access to a web page, using the Maintain Security Role Function Grants form:
|
Rules/Notes: Only web pages with their Query Only Mode Valid indicator set (in SECF0060) can be granted as 'query only' in this form. |
To remove a Security Role's access to a web page, using the Maintain Security Role Function Grants form:
|
Rules/Notes: |
The Web Resource Grants button - overlay contains:
To grant a person access to a web resources, using the Maintain Person Function Web forms form:
|
Rules/Notes: A person will only have access to those web resources specified here and by their Security Role grant(s). A person may be granted web resources without necessarily being granted menus containing those jobs. In such cases, the jobs can be selected via the Go To and Alpha List facilities. |
To remove a person's access to a web resource, using the Maintain Person Function Grants form:
|
Rules/Notes: |
To copy menu, form and Job Grants from one Security Role to another, using the Maintain Security Role Function Grants form:
|
Rules/Notes: On executing the Copy function, the records copied to the recipient are automatically saved. To display the copied Menu Grants it is necessary to re-query the Security Role Menu Grant block. Navigating to the Security Role Form or Job Grant blocks will automatically re-query these blocks. |
Last Modified on 30-May-2012 9:19 AM
History Information
Release Information | Project | Change to Document |
15.0 | 1762 - CAPS -User Interface |
Added details for Proposal Type button |
15.0 | 1747 - 11g Product Structuree |
Added details for Web Resource Grants |
13.0.0.2 | 1580 - Communication | Added a new Communication Categories Restrictions button and related notes. |
13.0.0.2 | 1578 - CAPS part 3 | Added link to Advanced Functions page |
13.0 | 1581 - Auto Encumbrances | Added a new Encumbrance Type Restrictions button and related note. |
11.1.0.3 | CAPS - Pt 1 | Added new CAPS Advanced Functions |
11.1 | 1448 - ESOS | Added Appeal Type Restrictions button |
11.0.0.2 | 1450 - Attend Enhancements | Modified Advanced Functions section in Security Role Block Rules/Notes |
11.0.0.0.0.0 | 1416 - Apprentice Management | Added references to Web pages |