Maintain Person Function Grants - SECF0062

Purpose

To assign System menu, form and job access to individual users. Function grants to individual users should only be considered when it is not practical to provide the necessary grants via security roles.

Subsystem

Security

Structure

Four Blocks

Person

Person Menu Grant

Person Form Grant

Person Job Grant

 

Navigation Buttons invoke:

Person Form Grant block

Person Job Grant block

 

Function Buttons invoke:

the Copy From Process

the Reconcile Object Grants function

Images

 

 

A person is granted access to functions beyond those made available by the role(s) they have been granted, by recording those functions in this form and selecting the Reconcile Object Grants button. Selecting the Reconcile Object Grants button initiates a process which checks that the person has the necessary access to the database for all of its function grants. Any object grants that are missing are added, while any that are no longer required are deleted. Object grant reconciliation can also be performed as an after hours batch job using SECJ0070. This job reconciles the grants of all users, in a single run.

Note:

  • if a form calls another form by either a navigation button or an iconic button (e.g. the Record Admission Enquiry form (ADMF1200) calls the Find Course Form (ADMF1220)) or
  • if a form calls a report either automatically or by a button (e.g. the Basic Course Details form (CRSF1210) calls the Rollover Exception Report (CRSR0630) automatically, the Academic History report (ENRR08M0) is called via a button in INQF1200 (the Student Course Attempt Inquiry screen))

then a person being granted the 'calling' form should also be granted the 'called' function. Failure to grant the called function to the user will result in errors.

 

Person

Explanation

This block displays information identifying the person to whom menu and form access is granted in this form. If the person's identification number or Oracle username are known, query directly in this block. If not, select the Find Person icon and use the Find Person form (ADMF1211) to locate the correct person record. A query in this block will only return person records that have been registered as Oracle users in the Maintain System Users form (SECF0021).

Each time a person's function grants are updated, as the final operation, the Reconcile Object Grants button should be selected. This ensures that the person has the correct access to database objects for the functions granted to them. The process automatically adds any missing object grants and deletes any which are no longer required. The job SECJ0070 can be run (usually after hours) to reconcile the grants of all system users, ensuring that none are overlooked by the reconciliation process. Reconciliation of Object Grants provides further information on the subject.

 

Person Menu Grant

Explanation

This block is used to record and display System menus granted to a person in addition to those granted as a result of the person's security role(s).

 

To grant a person access to a menu, using the Maintain Person Function Grants form:

  1. Locate the Person record for which access is to be granted by either querying directly in the person block or selecting the Find Person icon.
  2. Navigate to the Person Menu Grant block.
  3. Enter Insert mode.
  4. Select the menu to be granted from the list of values (or key a valid value) in the Menu Code field of a blank record.
  5. If this menu is to be the default menu for the person, select the Default Menu checkbox.
  6. Do not select any Administrator checkbox without reading the relevant rule, opposite.
  7. Save.

Rules:

  • All required menus including sub-menus should be granted via this form only where it is not practical to provide the necessary grants via security roles..
  • Only one menu can be flagged as the default menu. A default menu set here will override any default menus inherited via security roles.
  • Granting a person access to a particular menu does not necessarily ensure access to forms and jobs under the menu's structure. The forms and jobs must be specifically granted to either a role granted to the person or via a person form/job grant.
  • Selecting any Administrator checkbox, grants the user the ability to:
    • access every form and job in the system.
    • set the default printer for a user with report run privileges.
    • give a user the ability to submit a standing request when scheduling Callista jobs.

 

Person Form Grant

Explanation

This block is used to record and display forms granted to a person in addition to those granted as a result of the person's security role(s). Use the Back navigation button to exit this block.

 

To grant a person access to a form, using the Maintain Person Function Grants form:

  1. Ensure the correct person record is displayed in the Person block.
  2. Select the Form Grants navigation button to display the Person Form Grant block.
  3. Enter Insert mode.
  4. Select the form to be granted from the list of values (or key a valid value) in the Form field of a blank record.
  5. If access is to be granted to the form for inquiry use only, select the Grant Query Only checkbox.
  6. Repeat step 4. To grant more forms to the person.
  7. Save.
  8. Select the Back button.
  9. Select the Reconcile Objects button or run SECJ0070.

Rules:

  • A person will only have access to those forms specified here and by their security role grant(s).
  • A person may be granted forms without necessarily being granted menus containing those forms. In such cases, the forms can be selected via the Go To and Alpha List facilities.
  • Only forms with their Query Only Mode Valid indicator set (in SECF0060) can be granted as 'query only' in this form.

To remove a person's access to a form, using the Maintain Person Function Grants form:

  1. Ensure the correct person record is displayed in the Person block.
  2. Select the Form Grants navigation button to display the Person Form Grant block.
  3. Select the form for which access is to be deleted.
  4. Delete record.
  5. Save.
  6. Select the Back button.
  7. Select the Reconcile Objects button or run SECJ0070.

 

 

Person Job Grant

Explanation

This block is used to record and display jobs granted to a person in addition to those granted as a result of the person's security role(s). Use the Back navigation button to exit this block.

 

To grant a person access to a job, using the Maintain Person Function Grants form:

  1. Ensure the correct person record is displayed in the Person block.
  2. Select the Job Grants navigation button to display the Person Job Grant block.
  3. Enter Insert mode.
  4. Select the job to be granted from the list of values (or key a valid value) in the Job Name field of a blank record.
  5. If the person has the authority to override the System priority of this job, select the Override Priority checkbox.
  6. Repeat step 4 and 5 to grant more jobs to the person.
  7. Save.
  8. Select the Back button.
  9. Select the Reconcile Objects button or run SECJ0070.

Rules:

  • A person will only have access to those jobs specified here and by their security role grant(s).
  • A person may be granted jobs without necessarily being granted menus containing those jobs. In such cases, the jobs can be selected via the Go To and Alpha List facilities.

To remove a person's access to a job, using the Maintain Person Function Grants form:

  1. Ensure the correct person record is displayed in the Person block.
  2. Select the Job Grants navigation button to display the Person Job Grant block.
  3. Select the job for which access is to be deleted.
  4. Delete record.
  5. Save.
  6. Select the Back button.
  7. Select the Reconcile Objects button or run SECJ0070.

 

 

Copy (Menu, Form and Job Grants) From (One Person to Another)

Explanation

This function permits the copying of the menu, form and job grants of one person to another person. The recipient will then have access to functionality specified by their own security role grants, those menus, forms and jobs copied from the other person and any additional menus, forms and jobs explicitly recorded in this form.

 

To copy menu, form and job grants from one person to another, using the Maintain Person Function Grants form:

  1. Ensure the recipient person record is displayed in the Person block.
  2. Select the Copy From navigation button to display the Copy From block.
  3. Enter the person ID or Oracle username of the person whose records are to be copied in the relevant field.
  4. Execute the query.
  5. Select the Copy button. The menu, form and job grants of the person queried in steps 3 and 4 will be copied to the recipient and be automatically saved.
  6. Select the Reconcile Objects button or run SECJ0070.

Rules:

  • The person ID or Oracle username of the person whose records are being copied must be known in order to perform this function.
  • On executing the Copy function, the records copied to the recipient are automatically saved.
  • To display the copied menu grants it is necessary to re-query the Person Menu Grant block. Navigating to the Person Form or Job Grant blocks will automatically re-query these blocks.

 

Last Modified on 11 March 2002