reconcile object grants

SECJ0070 - Reconcile Object Grants

Purpose	This job is used to ensure that the database objects required by a security role or user are available to it.
SubSystem	Security
Normally Run By	Administration specialist
Anticipated Frequency	As required
Structure	Block	Reconcile Object Grants
	Tab	Parameters

The job is usually run for roles or users that have recently had updates to their menu or Form, Job, Web Resource or Staff Connect application grants(or Roles in SECF0063 and for users in SECF0062). It can be run regularly to reconcile all roles and all user grants, ensuring that all object grants are up to date.

Job Parameters

The job can be run to reconcile either any single security role or all security roles and user grants.

Related information:

Maintain Security Role Function Grants (SECF0063)
Maintain Person Function Grants (SECF0062)
Understanding Security - Reconciliation of Object Grants

The Reconcile Object Grants block contains:

Parameters

Security Role (LOV)
Person (LOV)

Rules/Notes:

Validations include:

A Security Role or Person parameter must be specified.

Rules/Notes:

Object grants can be reconciled for individual roles in SECF0063 and for individual users in SECF0062.

Field Details

Label	Field Source	Field Type	Format Length	Comments
Security Role:	SSR.security_role	Text (with LOV)	Varchar2(30)	In addition to Security Roles, DEFERRED and % values will be hard coded in LOV
	SSR.description	Text	Varchar2(60)	For the value ‘DEFERRED’ set to ‘ALL SECURITY ROLES WHERE RECONCILE DEFERRED’ For the value ‘%’ set to ‘ALL SECURITY ROLES’
Person:	PE.person_id	Text (with LOV)	Varchar2(10)	In addition to Person users, DEFERRED and % values will be hard coded in LOV
	PDV.context_block_name	Text	Varchar2(85)	For the value DEFERREDset to ‘ALL PERSON USERS WHERE RECONCILE DEFERRED’ For the value ‘%’ set to ‘ALL PERSON USERS’

The parameters are processed as follows:

Parameter		Processing
Security Role	DEFERRED	Invoke the process to reconcile object grants for all Security Roles that have had the reconcile object grants process deferred via SECF0063. These Security Roles will be listed on the System Reconcile Roles table (S_RECONCILE_ROLES where SECURITY_ROLE is not null). Ensure the entries are removed from this table after the reconciliation is complete. Note: This processing is currently performed by the ‘%’ option.
	%	Invoke the process to reconcile object grants for all active Security Roles defined in the Callista SMS (SYS_SECURITY_ROLE where LOGICAL_DELETE_DT is null). If any of the Security Roles are listed on the System Reconcile Roles table (S_RECONCILE_ROLES), ensure the entries are removed after the reconciliation is complete. Note: This processing is new for the job.
	Security Role	Invoke the process to reconcile object grants for the specified Security Role (p_security_role and p_creation_dt). If the Security Role is listed on the System Reconcile Roles table (S_RECONCILE_ROLES), ensure the entry is removed after the reconciliation is complete.
	Null	No processing required for Security Roles.
Person	DEFERRED	Invoke the process to reconcile object grants for all Person users that have had the reconcile object grants process deferred via SECF0062. These Person users will be listed on the System Reconcile Roles table (S_RECONCILE_ROLES where PERSON_ID is not null). Ensure the entries are removed from this table after the reconciliation is complete. Note: This processing is currently performed by the ‘%’ option.
	%	Invoke the process to reconcile object grants for all Person users defined in the Callista SMS that have an Oracle username and have been granted a menu (via a Security Role or directly) (ORACLE_USERNAME IS NOT NULL and record exists on PERSON_MENU_GRANT matching on PERSON_ID and DEFAULT_MENU_IND = Y. If no record exists on PERSON_MENU_GRANT, then look for existence of records on PERSON_ROLE_GRANT and ROLE_MENU_GRANT. Firstly, find the person on PERSON_ROLE_GRANT where LOGICAL_DELETE_DT IS NULL and then join to ROLE_MENU_GRANT matching on SECURITY_ROLE/CREATION_DT and DEFAULT_MENU_IND = Y). If any of the Person users are listed on the System Reconcile Roles table (S_RECONCILE_ROLES), ensure the entries are removed after the reconciliation is complete. Note: This processing is new for the job.
	Person ID	Invoke the process to reconcile object grants for the specified Person (p_person_id). If the Person is listed on the System Reconcile Roles table (S_RECONCILE_ROLES), ensure the entry is removed after the reconciliation is complete.
	Null	No processing required for Person users.

Last Modified on 17-Dec-2013 11:04 AM

History Information

Release Information	Project	Change to Document
16.1.0.0.1	1917 - UI Consolidation	Updated the range of grants reconciled by this job.