Skip to main content
Solved

Permissions Query

C
Sidekick (Customer)
Forum|alt.badge.img+9

I’ve been asked for a report on which users can create new parts.

Is this information held in a table I can run an SQL query on?

Thanks, Chris.

 

Best answer by durette

SECURITY_SYS_PRIVS_TAB contains package grants.

SECURITY_SYS_TAB contains method revocations.

 

This will show the database grants:

 

SELECT identity
  FROM fnd_user_role_runtime
 WHERE role IN (SELECT grantee
                  FROM security_sys_privs_tab
                 WHERE table_name = 'PART_CATALOG_API'
                MINUS
                SELECT role
                  FROM security_sys_tab
                 WHERE package_name = 'PART_CATALOG_API'
                   AND method_name = 'New__');
 

 

 

View original
    Did this topic help you find an answer to your question?

    10 replies

    A
    Superhero (Employee)
    • anmise
    • Superhero (Employee)
    • 1426 replies
    • March 31, 2020
    chrisplant wrote:

    I’ve been asked for a report on which users can create new parts.

    Is this information held in a table I can run an SQL query on?

    Thanks, Chris.

     

    Can you explain in some more detail what you are trying to achieve? A report and creating records doesn’t really line up in my mind. 

    C
    Sidekick (Customer)
    Forum|alt.badge.img+9
    • chrisplant
    • Author
    • Sidekick (Customer)
    • 26 replies
    • March 31, 2020

    I need to know which users have permission to create a new Master Part.

     

    dsj
    Superhero (Partner)
    Forum|alt.badge.img+22
    • dsj
    • Superhero (Partner)
    • 836 replies
    • March 31, 2020
    chrisplant wrote:

    I need to know which users have permission to create a new Master Part.

     

    One way to see which users has grants is the Presentation Object Grants window. Form there you can output the results.

     

    BR,

    Damith

    DSJ - https://dsj23.me
    C
    1 person likes this
    • C
      chrisplant
    MikeArbon
    Hero (Customer)
    Forum|alt.badge.img+10
    • MikeArbon
    • Hero (Customer)
    • 91 replies
    • March 31, 2020

    You need to identify which roles have the required permission to run the code you want to report on. So using the screens  under Solution Manager - Security- Permission Sets you should be able to identify these. Then you can see which users have been assigned these roles.

    From what I recall it is tricky to list out the access purely from code, but it has been a while, and i think we last looked at this in version 7.5. There are some FND tables that hold users vs roles, but i dont recall being able to go down to the IFS methods via that route.

    Its worth getting a handle on how this stuff hangs together from the App screens, as you can then utilise the Segregation of Duties utility….useful for when Auditors visit!

    Cheers

    Mike

    https://www.linkedin.com/in/mikearbon
    C
    Dineshy7
    2 people like this
    • C
      chrisplant
    • Dineshy7
      Dineshy7
    A
    Superhero (Employee)
    • anmise
    • Superhero (Employee)
    • 1426 replies
    • March 31, 2020
    chrisplant wrote:

    I need to know which users have permission to create a new Master Part.

     

    Ok, I get it now. Maybe you could try something like this?

     

    select u.identity, u.role, s.package_name, s.method_name
from SECURITY_SYS_TAB s, FND_USER_ROLE_RUNTIME u
where s.role=u.role and package_name='PART_CATALOG_API' and method_name like 'New%'

     

    D
    Hero (Customer)
    Forum|alt.badge.img+11
    • david.harmer
    • Hero (Customer)
    • 142 replies
    • April 1, 2020

    Why dont you just use the Security Per Object report. Although the formatting is a bit rubbish it does show which permission sets and which users have any method from any API. 

    This one is handy to see which permission sets have access to a particular form, table, etc. It could be elaborated pretty easily. 

    select

    po_id, role

    from pres_object_grant

    where upper(Po_id)  = upper('&PresentationObject')

    durette
    Superhero (Customer)
    Forum|alt.badge.img+19
    • durette
    • Superhero (Customer)
    • 525 replies
    • Answer
    • April 2, 2020

    SECURITY_SYS_PRIVS_TAB contains package grants.

    SECURITY_SYS_TAB contains method revocations.

     

    This will show the database grants:

     

    SELECT identity
      FROM fnd_user_role_runtime
     WHERE role IN (SELECT grantee
                      FROM security_sys_privs_tab
                     WHERE table_name = 'PART_CATALOG_API'
                    MINUS
                    SELECT role
                      FROM security_sys_tab
                     WHERE package_name = 'PART_CATALOG_API'
                       AND method_name = 'New__');
     

     

     

    If you find this forum useful, please consider paying back to the community in your own areas of expertise. If you ask for help in a private message, please know that I will likely repost it as a forum question (with your personal details redacted) and answer it here. -- Kevin Durette - https://www.linkedin.com/in/kevindurette
    M
    1 person likes this
    • M
      Matthew
    durette
    Superhero (Customer)
    Forum|alt.badge.img+19
    • durette
    • Superhero (Customer)
    • 525 replies
    • April 2, 2020
    anmise wrote:
    chrisplant wrote:

    I need to know which users have permission to create a new Master Part.

     

    Ok, I get it now. Maybe you could try something like this?

     

     select u.identity, u.role, s.package_name, s.method_name
from SECURITY_SYS_TAB s, FND_USER_ROLE_RUNTIME u
where s.role=u.role and package_name='PART_CATALOG_API' and method_name like 'New%'

     

    This will show the users who have New% revoked, not granted (at least in Apps 9)

    If you find this forum useful, please consider paying back to the community in your own areas of expertise. If you ask for help in a private message, please know that I will likely repost it as a forum question (with your personal details redacted) and answer it here. -- Kevin Durette - https://www.linkedin.com/in/kevindurette
    J
    1 person likes this
    • J
      JohannesWittwer
    A
    Superhero (Employee)
    • anmise
    • Superhero (Employee)
    • 1426 replies
    • April 3, 2020
    durette wrote:
    anmise wrote:
    chrisplant wrote:

    I need to know which users have permission to create a new Master Part.

     

    Ok, I get it now. Maybe you could try something like this?

     

     select u.identity, u.role, s.package_name, s.method_name
from SECURITY_SYS_TAB s, FND_USER_ROLE_RUNTIME u
where s.role=u.role and package_name='PART_CATALOG_API' and method_name like 'New%'

     

    This will show the users who have New% revoked, not granted (at least in Apps 9)

    Oh, I did not know that, but makes sense now that you mentioned the privs table. 

    R
    Sidekick (Partner)
    Forum|alt.badge.img+5
    • Ramadass
    • Sidekick (Partner)
    • 14 replies
    • June 8, 2021

    Dear Team,

     

    Like above, How can we create report  for one permission set with Page wise?

     

    in one permission set,  under one page which methods having view and execute access.

    Reply


    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings