Purpose

To record the set of available user security roles which define broad access to the System.

Subsystem

Security

Structure

Single Block

System Security Role

Image

System Security Role

Explanation

A security role is the primary means of controlling the access which users have to the System. Security roles are analogous to staffing functions in that a security role can be set up to provide the System access which a person carrying out a particular function requires to be able to perform that function. The same person would be excluded from access to areas of the System not defined by the security role assigned to them. A person may have more than one role assigned to them, recognising that the person may have cross functional responsibilities or that a particular role may be relevant to staff performing different business functions.

Security roles can define the type of access to data, i.e. Select, Insert, Update or Delete access, by virtue of their object grants.

All security roles are created by a DBA/Application Support Administrator. The security roles to be made available to users are then recorded using this form.

The functions (menus, forms, jobs) available to a security role are recorded in SECF0063. The object grants required for use of each granted function are automatically associated with the role either when the Reconcile Object Grants button is selected in SECF0063 or when the job SECJ0070 is run for that role.

A number of security roles are included as part of an Oracle (release 8 and greater) installation and appear in LOVs in this form. They are not directly relevant to Callista and should not be selected from the LOV. These are Database Administrator roles and should not be granted to users. Your Database Administrator should be consulted before creating a record for a particular role.

As a guide, in Oracle 8.0.5 the following roles will be displayed but don't pertain to Callista. No security role record should be created for these:

• AQ_ADMINISTRATOR_ROLE
• AQ_USER_ROLE
• CONNECT
• DBA
• DELETE_CATALOG_ROLE
• EXECUTE_CATALOG_ROLE
• EXP_FULL_DATABASE
• IMP_FULL_DATABASE
• MONITORER
• RECOVERY_CATALOG_OWNER
• RESOURCE
• SELECT_CATALOG_ROLE
• SNMPAGENT

 In addition, the following roles which are required for Callista operation should not have a security role record created for them:

• COR_LET_SEL
• GEN_OPERATIONAL
• JBS_SERVER
• SSF_WEB_PAGE_ADMIN
• SSF_WEB_USER

Certain roles which are used dynamically by Callista will appear in the Security Role LOV and should not have a security role record created for them. They are:

• Person Object Roles which appear as PRSN_OBJ_<person ID>

To record a system security role's availability using the Maintain Security Roles form:

1. Enter Insert Mode.
2. Select the appropriate system security role from the list of values in the Security Role field.
3. Enter a meaningful description for the security role in the Description field.
4. Enter any notes regarding this security role in the Notes field.
5. Save.

Rules:

• The creation time and date of a new security role record are automatically entered in the Creation Date field by the System and are the current time and date.

To remove a system security role's availability using the Maintain Security Roles form:

1. Select the security role to be made unavailable.
2. Delete record.
3. Save.

Rules:

• On deleting a record, the deletion time and date (being the current time and date) are automatically entered.
• Deleted security roles are logically deleted only.