Solved

Viewing all background Jobs

  • 18 February 2020
  • 3 replies
  • 849 views
S
Rank
Userlevel 5
Badge +10

Hello,

We have a ‘super user’ in the business who wishes to view all background jobs; however currently can only see jobs submitted by themselves.

I know by granting system privilege ADMINISTRATOR would enable this, however it would also give them too much access.

Is there a way of allowing them to view all background jobs without giving them full admin access? 

They also wish to view scheduled database tasks...so same question will apply to this area

We are using Apps 8.

Regards

Shaun

icon

Best answer by NickPorter 19 February 2020, 00:04

View original

3 replies

Rusiru Dharmadasa
Rank
Userlevel 7
Badge +19

considering the standard functionality, unfortunately the answer will be NO. The view itself checks whether a job is owned by current user or has ADMINISTRATOR sys privilege. You will need to create your own DB View and make a quick report from this view. But be careful to grant it only to this specific user.

Rusiru
CallumW
Rank
Userlevel 6
Badge +15

As Rusiru has just mentioned - its coded in the view to need the ADMINISTRATOR privilege

 

WHERE (
 (( SELECT Security_SYS.Has_System_Privilege('ADMINISTRATOR') FROM DUAL) = 'TRUE' )
 OR
 ( username = ( SELECT nvl(rtrim(substr(userenv('CLIENT_INFO'),1,30)),user) FROM DUAL ))
)

 

 

Callum Wells - https://uk.linkedin.com/in/callum-wells
NickPorter
Rank
Userlevel 6
Badge +18

As noted already, this cannot be done natively in the application, but it could be handled by granting access to the underlying tables/views through something like an IAL.

Here’s a modified version of an approach that was well described by @durette  in a different thread, however you MUST be very certain that you truly want to do this for security reasons… looking at details of other folk’s background jobs (or any other area where this control is in the system) potentially exposes data that other users should not have to:

GRANT SELECT ON ifsapp.deferred_job TO ifsinfo WITH GRANT OPTION;

  • Grant the same permission to any other required tables or views such as ifsapp.deferred_job_execution or ifsapp.deferred_job_status
  • Create one or more IALs as the IFSINFO user (or whatever your IAL owner account is) referencing ifsapp.DEFERRED_JOB, ifsapp.DEFERRED_JOB_STATUS or ifsapp.DEFERRED_JOB_EXECUTION.
  • Create a Quick Report that references the IAL.
  • Grant the report and the IAL to a permission set.
  • Grant the permission set to one or more users.
  • Refresh the security cache

Nick

Reply


Terms & ConditionsCookie settings