Solved

Permissions Query


Userlevel 3
Badge +7

I’ve been asked for a report on which users can create new parts.

Is this information held in a table I can run an SQL query on?

Thanks, Chris.

 

icon

Best answer by durette 2 April 2020, 21:03

View original

10 replies

Userlevel 7

I’ve been asked for a report on which users can create new parts.

Is this information held in a table I can run an SQL query on?

Thanks, Chris.

 

Can you explain in some more detail what you are trying to achieve? A report and creating records doesn’t really line up in my mind. 

Userlevel 3
Badge +7

I need to know which users have permission to create a new Master Part.

 

Userlevel 7
Badge +16

I need to know which users have permission to create a new Master Part.

 

One way to see which users has grants is the Presentation Object Grants window. Form there you can output the results.

 

BR,

Damith

Userlevel 5
Badge +10

You need to identify which roles have the required permission to run the code you want to report on. So using the screens  under Solution Manager - Security- Permission Sets you should be able to identify these. Then you can see which users have been assigned these roles.

From what I recall it is tricky to list out the access purely from code, but it has been a while, and i think we last looked at this in version 7.5. There are some FND tables that hold users vs roles, but i dont recall being able to go down to the IFS methods via that route.

Its worth getting a handle on how this stuff hangs together from the App screens, as you can then utilise the Segregation of Duties utility….useful for when Auditors visit!

Cheers

Mike

Userlevel 7

I need to know which users have permission to create a new Master Part.

 

Ok, I get it now. Maybe you could try something like this?

 

select u.identity, u.role, s.package_name, s.method_name
from SECURITY_SYS_TAB s, FND_USER_ROLE_RUNTIME u
where s.role=u.role and package_name='PART_CATALOG_API' and method_name like 'New%'

 

Userlevel 5
Badge +9

Why dont you just use the Security Per Object report. Although the formatting is a bit rubbish it does show which permission sets and which users have any method from any API. 

This one is handy to see which permission sets have access to a particular form, table, etc. It could be elaborated pretty easily. 

select

po_id, role

from pres_object_grant

where upper(Po_id)  = upper('&PresentationObject')

Userlevel 7
Badge +16

SECURITY_SYS_PRIVS_TAB contains package grants.

SECURITY_SYS_TAB contains method revocations.

 

This will show the database grants:

 

SELECT identity
  FROM fnd_user_role_runtime
 WHERE role IN (SELECT grantee
                  FROM security_sys_privs_tab
                 WHERE table_name = 'PART_CATALOG_API'
                MINUS
                SELECT role
                  FROM security_sys_tab
                 WHERE package_name = 'PART_CATALOG_API'
                   AND method_name = 'New__');
 

 

 

Userlevel 7
Badge +16

I need to know which users have permission to create a new Master Part.

 

Ok, I get it now. Maybe you could try something like this?

 

 select u.identity, u.role, s.package_name, s.method_name
from SECURITY_SYS_TAB s, FND_USER_ROLE_RUNTIME u
where s.role=u.role and package_name='PART_CATALOG_API' and method_name like 'New%'

 

This will show the users who have New% revoked, not granted (at least in Apps 9)

Userlevel 7

I need to know which users have permission to create a new Master Part.

 

Ok, I get it now. Maybe you could try something like this?

 

 select u.identity, u.role, s.package_name, s.method_name
from SECURITY_SYS_TAB s, FND_USER_ROLE_RUNTIME u
where s.role=u.role and package_name='PART_CATALOG_API' and method_name like 'New%'

 

This will show the users who have New% revoked, not granted (at least in Apps 9)

Oh, I did not know that, but makes sense now that you mentioned the privs table. 

Badge +5

Dear Team,

 

Like above, How can we create report  for one permission set with Page wise?

 

in one permission set,  under one page which methods having view and execute access.

Reply