Top of SEC | Index | Table of Contents | Feedback |
SECF0011 - Maintain Security Roles
Purpose |
To record the set of available user security roles which define broad access to the System. |
|
SubSystem |
Security |
|
Normally Run By | Administration specialist | |
Anticipated Frequency | As required | |
Structure | Block | System Security Role |
System Security Role Explanation A security role is the primary means of controlling the access which users have to the System. Security roles are analogous to staffing functions in that a security role can be set up to provide the System access which a person carrying out a particular function requires to be able to perform that function. The same person would be excluded from access to areas of the System not defined by the security role assigned to them. A person may have more than one role assigned to them, recognising that the person may have cross functional responsibilities or that a particular role may be relevant to staff performing different business functions. Security roles can define the type of access to data, i.e. Select, Insert, Update or Delete access, by virtue of their object grants. All security roles are created by a DBA/Application Support Administrator. The security roles to be made available to users are then recorded using this form. The functions (menus, forms, jobs) available to a security role are recorded in SECF0063. The object grants required for use of each granted function are automatically associated with the role either when the Reconcile Object Grants button is selected in SECF0063 or when the job SECJ0070 is run for that role. A number of security roles are included as part of an Oracle (release 8 and greater) installation and appear in LOVs in this form. They are not directly relevant to Callista and should not be selected from the LOV. These are Database Administrator roles and should not be granted to users. Your Database Administrator should be consulted before creating a record for a particular role. As a guide, in Oracle 8.0.5 the following roles will be displayed but don't pertain to Callista. No security role record should be created for these:
In addition, the following roles which are required for Callista operation should not have a security role record created for them:
Certain roles which are used dynamically by Callista will appear in the Security Role LOV and should not have a security role record created for them. They are:
|
The System Security Role block contains:
|
Rules/Notes: |
To record a system security role's availability using the Maintain Security Roles form:
|
Rules/Notes: The creation time and date of a new security role record are automatically entered in the Creation Date field by the System and are the current time and date.
|
To remove a system security role's availability using the Maintain Security Roles form:
|
Rules/Notes: On deleting a record, the deletion time and date (being the current time and date) are automatically entered.Deleted security roles are logically deleted only. |
Last Modified on 25 March, 2004