Question

Permissions - Query Only vs Full Access

  • 24 June 2020
  • 1 reply
  • 366 views
S
Rank
Userlevel 5
Badge +10

Morning,

I need to be able to report on query(view) only access vs full access within permission sets. 

I understand each presentation object uses associated Oracle APIs, and typically the use of modify or new methods would identify those with ‘full’ access; however there are some screens which have other methods which allow approvals and such like which would also be deemed full. 

I don’t really want to have to go through each and hard code the different options into the query.

If you un tick Remove but leave new and modify methods, IFS deems that as partially granted which clouds the water.

Does anyone have a tried and tested SQL query which provides accurate reporting of query access on pres objects vs full access please? 

We are using IFS Apps 8.

Regards

Shaun

 

1 reply

paul harland
Rank
Userlevel 7
Badge +24

hi Shaun

I don’t have exactly what you are looking for, but these might help you:

I have used this query in the past to find which roles have a particular database object.  

select role, 

ifsapp.pres_object_util_api.is_object_available
('SPECIFIC_SALES_PRICE_API.Modify__'
, role) Is_obj_available

from ifsapp.fnd_role order by 2 desc

And with regard to presentation objects I used to variations on this query:

select * from (
select r.role
from fnd_role r
where '&object' = (select po_id from ifsapp.pres_object_grant pog where po_id = '&object' and pog.role =r.role)
union all
select r.role
from ifsapp.fnd_role r
where ifsapp.pres_object_util_api.is_object_available('&object', role) ='TRUE')
order by 1
 

For view access you would need to combine the role having the presentation object granted, having some database objects not granted, but having all of the database objects arked “pragma”, that is, defined as read only methods.  So there’s some work to do. :-) 

Reply


Terms & ConditionsCookie settings