Purpose

To assign System menu, form and job access to individual security roles. When users are granted security roles they inherit the function grants for those roles, as defined in this form.

Subsystem

Security

Structure

Four Blocks

Security Role

Security Role Menu Grant

Security Role Form Grant

Security Role Job Grant

Navigation Buttons invoke:

Security Role Form Grant block

Security Role Job Grant block

Function Buttons invoke:

the Copy From Process

the Grant Menu Structure Process

the Reconcile Object Grants function

Images

A database administrator (DBA) creates user roles for use in Callista. A user role specifies the full range of functionality potentially available to users granted that role. The security administrator can define the access of a user role by individually specifying in this form the menus, forms, jobs and reports that the role can access. Selecting the Reconcile Object Grants button initiates a process which checks that the role has the necessary object grants for all of its function grants. Any object grants which are missing are added while any which are no longer required are deleted. Object grant reconciliation can also be performed as an after hours batch job using SECJ0070.

Note:

• if a form calls another form by either a navigation button or an iconic button (e.g. the Record Admission Enquiry form (ADMF1200) calls the Find Course Form (ADMF1220)) or
• if a form calls a report either automatically or by a button (e.g. the Basic Course Details form (CRSF1210) calls the Rollover Exception Report (CRSR0630) automatically, the Academic History report (ENRR08M0) is called via a button in INQF1200 (the Student Course Attempt Inquiry screen))

then a role being granted the 'calling' form should also be granted the 'called' function. Failure to grant the called function to the role will result in errors occurring when the calling form is used by users granted the role.

The Grant Menu Structure process grants the user role a menu structure containing all of the sub-menus, forms, jobs and reports under the selected menu. Menu structures are maintained in SECF0061.

Further details are contained in the Callista Technical Documentation.

Security Role

Explanation

This block displays information identifying the security role to which menu and form access is granted via this form. This block can be queried to locate the security role to which menus, forms and or jobs are to be granted.

The granting of a menu and sub-menus alone will not give access to the items (forms and jobs) in those menus. Security roles must also be granted access to the relevant forms/jobs. Even then, access may be limited if the security roles do not have the necessary data level access.

Each time a security role is updated, as the final operation, either the Reconcile Object Grants button should be selected or job SECJ0070 should be run to perform the reconciliation. This ensures that the role has the correct object grants for the functions granted to it. The process automatically adds any missing object grants and deletes any that are no longer required. Reconciliation of Object Grants provides further information on the subject.

Security Role Menu Grant

Explanation

This block is used to record and display System menus granted to the displayed security role(s). Menus may be granted individually, or whole menu structures, including submenus, forms and jobs may be granted in a single operation using the Grant Menu Structure function.

To grant access to a menu, for the displayed security role, using the Maintain Security Role Function Grants form:

1. Locate the security role for which access is to be granted by querying in the security role block.
2. Navigate to the Security Role Menu Grant block.
3. Enter Insert mode.
4. Select the menu to be granted from the list of values (or key a valid value) in the Menu Code field of a blank record.
5. If this menu is to be the default menu for the security role, select the Default Menu checkbox.
6. Save.

Rules:

• All required menus including sub-menus must be granted via this form.
• Only one menu can be flagged as the default menu.

To grant access to a menu and all its menu substructure including submenus, forms and jobs, for the displayed security role, using the Maintain Security Role Function Grants form:

1. Locate the security role for which access is to be granted by querying in the security role block.
2. Navigate to the Security Role Menu Grant block.
3. Select the menu whose structure is to be granted, from the displayed menu grants or
4. Grant the menu whose structure is to be granted using the method detailed above.
5. Select the menu whose structure is to be granted, then select the Grant Menu Structure function button.
6. All submenus, forms and jobs of the selected menu will be granted.
7. Select the Reconcile Objects button or run SECJ0070.

Rules:

• On executing the Grant Menu Structure function, the granted menu structure is automatically saved.
• To display the granted sub-menus it is necessary to re-query the Security Role menu Grant block. To display the granted forms and jobs, it is necessary to navigate to the Form Grant and Job Grant blocks and re-query.

Security Role Form Grant

Explanation

This block is used to record and display the forms to which access has been granted for the displayed security role.

To grant a security role access to a form, using the Maintain Security Role Function Grants form:

1. Ensure the correct security role record is displayed in the Security Role block.
2. Select the Form Grants navigation button to display the Security Role Form Grant block.
3. Enter Insert mode.
4. Select the form to be granted from the list of values (or key a valid value) in the Form field of a blank record.
5. If access is to be granted to the form for inquiry use only, select the Grant Query Only checkbox.
6. Repeat steps 4 and 5 to grant more forms to the security role.
7. Save.
8. Select the Back button.
9. Select the Reconcile Objects button or run SECJ0070.

 Rules/Notes:

• Only forms with their Query Only Mode Valid indicator set (in SECF0060) can be granted as 'query only' in this form.

To remove a security role's access to a form, using the Maintain Security Role Function Grants form:

1. Ensure the correct security role record is displayed in the Security Role block.
2. Select the Form Grants navigation button to display the Security Role Form Grant block.
3. Select the form for which access is to be deleted.
4. Delete record.
5. Save.
6. Select the Back button.
7. Select the Reconcile Objects button or run SECJ0070.

Security Role Job Grant

Explanation

This block is used to record and display the jobs to which access has been granted for the displayed security role.

To grant a security role access to a job, using the Maintain Security Role Function Grants form:

1. Ensure the correct security role record is displayed in the Security Role block.
2. Select the Job Grants navigation button to display the Security Role Job Grant block.
3. Enter Insert mode.
4. Select the job to be granted from the list of values (or key a valid value) in the Job Name field of a blank record.
5. If a person with this security role has the authority to override the System priority of this job, select the Override Priority checkbox.
6. Repeat step 4 and 5 to grant more jobs to the security role.
7. Save.
8. Select the Back button.
9. Select the Reconcile Objects button or run SECJ0070.

To remove a security role's access to a job, using the Maintain Security Role Function Grants form:

1.                  Ensure the correct security role record is displayed in the Security Role block.

2.                  Select the Job Grants navigation button to display the Security Role Job Grant block.

3.                  Select the job for which access is to be deleted.

4.                  Delete record.

5.                  Save.

6.                  Select the Back button.

7.                  Select the Reconcile Objects button or run SECJ0070.

Copy (Menu, Form and Job Grants) From (One Security Role to Another)

Explanation

This function permits the copying of the menu, form and job grants of one security role to another security role. The recipient role will then have access to those menus, forms and jobs copied from the other security role and any additional menus, forms and jobs explicitly recorded in this form.

To copy menu, form and job grants from one security role to another, using the Maintain Security Role Function Grants form:

1. Ensure the recipient security role record is displayed in the Security Role block.
2. Select the Copy From navigation button to display the Copy From block.
3. Execute a query in the Security Role field to locate the security role whose grants are to be copied.
4. Select the Copy button. The menu, form and job grants of the security role queried in step 3 will be copied to the recipient security role and be automatically saved.
5. Select the Reconcile Objects button or run SECJ0070.

Rules:

• On executing the Copy function, the records copied to the recipient are automatically saved.
• To display the copied menu grants it is necessary to re-query the Security Role Menu Grant block. Navigating to the Security Role Form or Job Grant blocks will automatically re-query these blocks.