I’ve been asked for a report on which users can create new parts.
Is this information held in a table I can run an SQL query on?
Thanks, Chris.
Page 1 / 1
I’ve been asked for a report on which users can create new parts.
Is this information held in a table I can run an SQL query on?
Thanks, Chris.
Can you explain in some more detail what you are trying to achieve? A report and creating records doesn’t really line up in my mind.
I need to know which users have permission to create a new Master Part.
I need to know which users have permission to create a new Master Part.
One way to see which users has grants is the Presentation Object Grants window. Form there you can output the results.
BR,
Damith
You need to identify which roles have the required permission to run the code you want to report on. So using the screens under Solution Manager - Security- Permission Sets you should be able to identify these. Then you can see which users have been assigned these roles.
From what I recall it is tricky to list out the access purely from code, but it has been a while, and i think we last looked at this in version 7.5. There are some FND tables that hold users vs roles, but i dont recall being able to go down to the IFS methods via that route.
Its worth getting a handle on how this stuff hangs together from the App screens, as you can then utilise the Segregation of Duties utility….useful for when Auditors visit!
Cheers
Mike
I need to know which users have permission to create a new Master Part.
Ok, I get it now. Maybe you could try something like this?
select u.identity, u.role, s.package_name, s.method_name
from SECURITY_SYS_TAB s, FND_USER_ROLE_RUNTIME u
where s.role=u.role and package_name='PART_CATALOG_API' and method_name like 'New%'
Why dont you just use the Security Per Object report. Although the formatting is a bit rubbish it does show which permission sets and which users have any method from any API.
This one is handy to see which permission sets have access to a particular form, table, etc. It could be elaborated pretty easily.
select
po_id, role
from pres_object_grant
where upper(Po_id) = upper('&PresentationObject')
SECURITY_SYS_PRIVS_TAB contains package grants.
SECURITY_SYS_TAB contains method revocations.
This will show the database grants:
SELECT identity
FROM fnd_user_role_runtime
WHERE role IN (SELECT grantee
FROM security_sys_privs_tab
WHERE table_name = 'PART_CATALOG_API'
MINUS
SELECT role
FROM security_sys_tab
WHERE package_name = 'PART_CATALOG_API'
AND method_name = 'New__');
I need to know which users have permission to create a new Master Part.
Ok, I get it now. Maybe you could try something like this?
select u.identity, u.role, s.package_name, s.method_name
from SECURITY_SYS_TAB s, FND_USER_ROLE_RUNTIME u
where s.role=u.role and package_name='PART_CATALOG_API' and method_name like 'New%'
This will show the users who have New% revoked, not granted (at least in Apps 9)
I need to know which users have permission to create a new Master Part.
Ok, I get it now. Maybe you could try something like this?
select u.identity, u.role, s.package_name, s.method_name
from SECURITY_SYS_TAB s, FND_USER_ROLE_RUNTIME u
where s.role=u.role and package_name='PART_CATALOG_API' and method_name like 'New%'
This will show the users who have New% revoked, not granted (at least in Apps 9)
Oh, I did not know that, but makes sense now that you mentioned the privs table.
Dear Team,
Like above, How can we create report for one permission set with Page wise?
in one permission set, under one page which methods having view and execute access.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.