Is it possible to setup an event action to deactivate a user account? Is there an API method I can use in an event action?
Solved
Event action to Deactivate User account
+14Best answer by durette
This would be impossible without some custom code. An event action runs as the end user, and most end users aren’t going to have permission to deactivate users, even themselves.
As a word of warning, a deactivated user is deactivated everywhere and can no longer work without IT intervention to reactivate them, even if they only made a mistake. To put that more bluntly, you can’t make money without working employees.
I added some protection to ensure your app owner and other system accounts don’t get locked.
I didn’t test this.
SET SQLBLANKLINES ON
CREATE OR REPLACE PACKAGE c_deactivate_user_api AUTHID DEFINER IS
/*
module_ CONSTANT VARCHAR2(25) := 'FNDBAS';
lu_name_ CONSTANT VARCHAR2(25) := 'CDeactivateUser';
These comments get read by DATABASE_SYS. DO NOT REMOVE.
*/
PROCEDURE init;
PROCEDURE deactivate_current_user;
END c_deactivate_user_api;
/
CREATE OR REPLACE PACKAGE BODY c_deactivate_user_api IS
PROCEDURE init IS BEGIN NULL; END init;
PROCEDURE deactivate_current_user
IS
attr_ VARCHAR2(32767);
objid_ fnd_user.objid%TYPE;
objversion_ fnd_user.objversion%TYPE;
info_ VARCHAR2(32767);
BEGIN
IF fnd_session_api.get_fnd_user != fnd_session_api.get_app_owner
AND fnd_session_api.get_fnd_user NOT LIKE 'IFS%'
THEN
SELECT objid, objversion
INTO objid_, objversion_
FROM fnd_user
WHERE identity = fnd_session_api.get_fnd_user;
client_sys.clear_attr(attr_);
client_sys.add_to_attr('ACTIVE', 'FALSE', attr_);
fnd_user_api.modify__(info_, objid_ objversion_, attr_, 'DO');
END IF;
END deactivate_current_user;
END c_deactivate_user_api;
/
GRANT EXECUTE ON c_deactivate_user_api TO ifssys;
EXEC dictionary_sys.rebuild_dictionary_storage_(0, 'PACKAGES');
EXEC security_sys.grant_package('C_DEACTIVATE_USER_API', 'FND_ENDUSER');
EXEC security_sys.refresh_active_list__(0);Your event action would then call…
BEGIN
IF /* some very naughty thing is being attempted */ 1=0 THEN
c_deactivate_user_api.deactivate_current_user;
END IF;
END;
This topic has been closed for replies.
You can deactivate an individual user account on the RMB
A background task runs at the end of each day to check whether the activate/deactivate dates have passed.
What are you trying to do via the event?
+14The event is needed for security requirement possibly to prevent certain transactions.
+19This would be impossible without some custom code. An event action runs as the end user, and most end users aren’t going to have permission to deactivate users, even themselves.
As a word of warning, a deactivated user is deactivated everywhere and can no longer work without IT intervention to reactivate them, even if they only made a mistake. To put that more bluntly, you can’t make money without working employees.
I added some protection to ensure your app owner and other system accounts don’t get locked.
I didn’t test this.
SET SQLBLANKLINES ON
CREATE OR REPLACE PACKAGE c_deactivate_user_api AUTHID DEFINER IS
/*
module_ CONSTANT VARCHAR2(25) := 'FNDBAS';
lu_name_ CONSTANT VARCHAR2(25) := 'CDeactivateUser';
These comments get read by DATABASE_SYS. DO NOT REMOVE.
*/
PROCEDURE init;
PROCEDURE deactivate_current_user;
END c_deactivate_user_api;
/
CREATE OR REPLACE PACKAGE BODY c_deactivate_user_api IS
PROCEDURE init IS BEGIN NULL; END init;
PROCEDURE deactivate_current_user
IS
attr_ VARCHAR2(32767);
objid_ fnd_user.objid%TYPE;
objversion_ fnd_user.objversion%TYPE;
info_ VARCHAR2(32767);
BEGIN
IF fnd_session_api.get_fnd_user != fnd_session_api.get_app_owner
AND fnd_session_api.get_fnd_user NOT LIKE 'IFS%'
THEN
SELECT objid, objversion
INTO objid_, objversion_
FROM fnd_user
WHERE identity = fnd_session_api.get_fnd_user;
client_sys.clear_attr(attr_);
client_sys.add_to_attr('ACTIVE', 'FALSE', attr_);
fnd_user_api.modify__(info_, objid_ objversion_, attr_, 'DO');
END IF;
END deactivate_current_user;
END c_deactivate_user_api;
/
GRANT EXECUTE ON c_deactivate_user_api TO ifssys;
EXEC dictionary_sys.rebuild_dictionary_storage_(0, 'PACKAGES');
EXEC security_sys.grant_package('C_DEACTIVATE_USER_API', 'FND_ENDUSER');
EXEC security_sys.refresh_active_list__(0);Your event action would then call…
BEGIN
IF /* some very naughty thing is being attempted */ 1=0 THEN
c_deactivate_user_api.deactivate_current_user;
END IF;
END;
If you find this forum useful, please consider paying back to the community in your own areas of expertise. If you ask for help in a private message, please know that I will likely repost it as a forum question (with your personal details redacted) and answer it publicly. -- Kevin Durette - https://www.linkedin.com/in/kevindurette
+14Thank you, this is probably not wise to use an event. Thank you for the input.
1 person likes this
+19arebbeadle wrote:
Thank you, this is probably not wise to use an event. Thank you for the input.
Yes, and I believe you’re allowed to mark your own response as the best answer.
If you find this forum useful, please consider paying back to the community in your own areas of expertise. If you ask for help in a private message, please know that I will likely repost it as a forum question (with your personal details redacted) and answer it publicly. -- Kevin Durette - https://www.linkedin.com/in/kevindurette
1 person likes this
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.