1 PACKAGE BODY HR_SECURITY AS
2 /* $Header: hrscsec.pkb 120.3.12000000.3 2007/08/03 13:57:21 agolechh ship $ */
3 --
4 -- PRIVATE FUNCTIONS AND PROCEDURES
5 --
6 --
7 -- This is the security profile id for the view security
8 -- profile which is associated with the setup business group
9 --
10 VIEW_ALL_PROFILE CONSTANT NUMBER := 0;
11 --
12 --
13 -- 1999-07-19 Bug 775399. A value of -1 for the ORG_ID
14 -- component of the 'client_info' string indicates that
15 -- the user connected to apps but should not see any rows
16 --
17 VIEW_NO_ROWS_ORG_ID CONSTANT NUMBER := -1;
18 --
19 g_apps_schema_mode VARCHAR2(3);
20 g_user_id NUMBER;
21 g_resp_id NUMBER;
22 g_resp_appl_id NUMBER;
23 g_security_group_id NUMBER;
24 g_person_id NUMBER;
25 g_context per_security_profiles%ROWTYPE;
26 g_view_no_rows BOOLEAN;
27 g_effective_date DATE := sysdate;
28 TYPE per_list is table of boolean index by binary_integer;
29 g_person_list per_list;
30
31 --
32 -- DK 2001-11-17
33 -- 2086208. Cache the value of ICX_SEC.G_SESSION_ID so that the
34 -- person list can be rebuilt on a change of login session even if
35 -- the user,resp,sec group remain the same. An alternative scheme is
36 -- to track session switching based on the value of
37 -- FND_GLOBAL.SESSION_CONTEXT. This would cause the person list to
38 -- be rebuilt on each call to FND_GLOBAL.APPS_INITIALIZE.
39 --
40 g_icx_session_id NUMBER := 0 ;
41
42
43 --
44 -----------------------------------------------------------------------
45 -----------------------------------------------------------------------
46 -- begin BIS/discoverer section
47 -----------------------------------------------------------------------
48 --
49 g_org_id_initialized BOOLEAN := FALSE;
50 g_org_id VARCHAR2(15);
51 g_mo_context per_security_profiles%ROWTYPE;
52 g_mo_person_id NUMBER;
53 g_mo_org_sec_known BOOLEAN;
54 --
55 -----------------------------------------------------------------------
56 -- end BIS/discoverer section
57 -----------------------------------------------------------------------
58 --
59 -----------------------------------------------------------------------
60 --< raise_error >------------------------------------------------------
61 -----------------------------------------------------------------------
62 --
63 -- Description:
64 -- Raise an internal error. Not translated.
65 --
66 PROCEDURE raise_error
67 (p_message in varchar2
68 )
69 IS
70 BEGIN
71 raise_application_error(-20001, p_message);
72 END raise_error;
73 --
74 -- PUBLIC FUNCTIONS AND PROCEDURES
75 --
76 -----------------------------------------------------------------------
77 --< get_hr_security_context >------------------------------------------
78 -----------------------------------------------------------------------
79 --
80 FUNCTION get_hr_security_context
81 RETURN NUMBER
82 IS
83 BEGIN
84 return (hr_signon.g_hr_security_profile.security_profile_id);
85 END get_hr_security_context;
86 --
87 -----------------------------------------------------------------------
88 --< get_security_profile >---------------------------------------------
89 -----------------------------------------------------------------------
90 --
91 FUNCTION get_security_profile
92 RETURN NUMBER
93 IS
94 --
95 l_security_profile_id number := -1;
96 --
97 CURSOR get_reporting_id
98 IS
99 SELECT security_profile_id
100 FROM per_security_profiles
101 WHERE reporting_oracle_username = USER;
102 --
103 BEGIN
104 --
105 -- Check the schema mode. APPS schemas have one of the following
106 -- 'U' Universal (APPS schemas)
107 -- 'M' Multi-lingual
108 -- 'K' Multi-currency
109 --
110 -- In this case check the security profile
111 --
112 IF ( g_apps_schema_mode = 'Y' ) THEN
113 --
114 -- If the security context is not set then use the
115 -- seeded view all security profile.
116 --
117 l_security_profile_id := NVL(get_hr_security_context,VIEW_ALL_PROFILE);
118 ELSE
119 --
120 -- If the current schema is attached to a security profile
121 -- then return that otherwise we are in a custom schema and
122 -- so the view_all profile can be returned.
123 --
124 OPEN get_reporting_id;
125 FETCH get_reporting_id INTO l_security_profile_id;
126 --
127 IF get_reporting_id%NOTFOUND THEN
128 CLOSE get_reporting_id;
129 l_security_profile_id := VIEW_ALL_PROFILE;
130 END IF;
131 END IF;
132 --
133 RETURN (l_security_profile_id);
134 END get_security_profile;
135 --
136 -----------------------------------------------------------------------
137 --< get_person_id >------------------------------------------------
138 -----------------------------------------------------------------------
139 --
140 function get_person_id return number is
141 --
142 cursor get_sec_person_id(p_security_profile_id number) is
143 select named_person_id
144 from per_security_profiles
145 where security_profile_id=p_security_profile_id;
146 --
147 cursor get_user_person_id(p_user_id number) is
148 select employee_id
149 from fnd_user
150 where user_id=p_user_id;
151 --
152 l_person_id number;
153 --
154 begin
155 --
156 open get_sec_person_id(get_security_profile);
157 fetch get_sec_person_id into l_person_id;
158 close get_sec_person_id;
159 if l_person_id is null then
160 open get_user_person_id(g_user_id);
161 fetch get_user_person_id into l_person_id;
162 close get_user_person_id;
163 end if;
164 --
165 return l_person_id;
166 --
167 end get_person_id;
168 --
169 --
170 -----------------------------------------------------------------------
171 --< Sync_Person_Cache >------------------------------------------------
172 -----------------------------------------------------------------------
173 --
174 -- Description:
175 --
176 -- For the mean-time, two sets of person cache are maintained.
177 -- This is not ideal, but has been done to prevent regressions, both
178 -- functional and performance, using the evaluate_access method;
179 -- g_person_list will be obsoleted going forward.
180 -- Here people in hr_security_internal.g_per_tbl are added to
181 -- g_person_list for backwards compatibility.
182 --
183 PROCEDURE sync_person_cache
184 IS
185
186 i NUMBER;
187
188 BEGIN
189
190 --
191 -- Sync the two sets of cache.
192 --
193 IF hr_security_internal.g_per_tbl.COUNT > 0 THEN
194 i := hr_security_internal.g_per_tbl.FIRST;
195 WHILE i <= hr_security_internal.g_per_tbl.LAST LOOP
196 g_person_list(i) := TRUE;
197 i := hr_security_internal.g_per_tbl.NEXT(i);
198 END LOOP;
199 END IF;
200
201 END sync_person_cache;
202 --
203 -----------------------------------------------------------------------
204 --< Initialise_Globals >-----------------------------------------------
205 -----------------------------------------------------------------------
206 --
207 -- Description:
208 -- This procedure will initialise all the package globals. It is
209 -- called when any procedure in the package is first run, and also
210 -- whenever the user switches responsibility (and hence calls
211 -- the get_security_profile_id function which then in turns calls
212 -- this procedure).
213 --
214 PROCEDURE Initialise_Globals
215 IS
216 --
217 -- Retrieves the mode of the current schema together with
218 -- the ORG_ID part of CLIENT_INFO for Bug 775399
219 --
220 -- 1999-07-19
221 -- 1. Change SUBSTR to SUBSTRB
222 -- 2. First column now returns 'Y' if the schema is of apps type
223 -- 'U' Universal (APPS schemas)
224 -- 'M' Multi-lingual
225 -- 'K' Multi-currency
226 --
227 CURSOR csr_get_schema_mode
228 IS
229 SELECT DECODE(READ_ONLY_FLAG,'U', 'Y'
230 ,'M', 'Y'
231 ,'K', 'Y'
232 ,'N') schema_mode,
233 DECODE(SUBSTRB(USERENV('CLIENT_INFO'), 1, 1),' ', NULL,
234 SUBSTRB(USERENV('CLIENT_INFO'),1, 10))
235 FROM FND_ORACLE_USERID
236 WHERE ORACLE_USERNAME = user;
237 --
238 -- Get the row from per_security_profiles corresponding to the
239 -- security profile for the session
240 --
241 CURSOR csr_get_sec_prf(p_security_profile_id number)
242 IS
243 SELECT *
244 FROM per_security_profiles
245 WHERE security_profile_id = p_security_profile_id;
246
247 --
248 -- Gets the person stored against a given user.
249 --
250 CURSOR csr_get_person
251 (p_user_id IN NUMBER) IS
252 SELECT fndu.employee_id
253 FROM fnd_user fndu
254 WHERE p_user_id IS NOT NULL
255 AND fndu.user_id = p_user_id;
256
257 --
258 -- Cursors to build security cache.
259 -- Bug 3346940.
260 -- Added the "granted_user_id is null" clause to prevent
261 -- this from picking up static user lists.
262 --
263 cursor get_people(p_security_profile_id number) is
264 select person_id
265 from per_person_list
266 where security_profile_id=p_security_profile_id
267 and granted_user_id is null;
268
269 --
270 -- Bug 3584578.
271 -- All supervisor security is now evaluated in
272 -- hr_security_internal.evaluate_access.
273 --
274 /* cursor get_super_people(p_top_person_id number,
275 p_max_levels number) is
276 select asg.person_id
277 from (select a.person_id,
278 a.supervisor_id
279 from per_all_assignments_f a
280 where trunc(sysdate) between a.effective_start_date
281 and a.effective_end_date
282 and assignment_type <> 'B') asg
283 connect by asg.supervisor_id = prior asg.person_id
284 and Level<=nvl(p_max_levels,Level)+1
285 start with asg.person_id=p_top_person_id;
286 --
287 cursor get_super_people_ppl(p_security_profile_id number,
288 p_top_person_id number,
289 p_max_levels number) is
290 select asg.person_id
291 from (select a.person_id,
292 a.supervisor_id
293 from per_all_assignments_f a
294 where trunc(sysdate) between a.effective_start_date
295 and a.effective_end_date
296 and assignment_type <> 'B') asg
297 where exists (select null
298 from per_person_list ppl
299 where ppl.security_profile_id=p_security_profile_id
300 and ppl.person_id=asg.person_id)
301 connect by asg.supervisor_id = prior asg.person_id
302 and Level<=nvl(p_max_levels,Level)+1
303 start with asg.person_id=p_top_person_id ;
304 --
305 cursor get_super_people_primary(p_top_person_id number,
306 p_max_levels number) is
307 select asg.person_id
308 from (select a.person_id,
309 a.supervisor_id
310 from per_all_assignments_f a
311 where trunc(sysdate) between a.effective_start_date
312 and a.effective_end_date
313 and assignment_type <> 'B'
314 and a.primary_flag='Y') asg
315 connect by asg.supervisor_id = prior person_id
316 and Level<=nvl(p_max_levels,Level)+1
317 start with asg.person_id=p_top_person_id ;
318 --
319 cursor get_super_people_primary_ppl(p_security_profile_id number,
320 p_top_person_id number,
321 p_max_levels number) is
322 select asg.person_id
323 from (select a.person_id,
324 a.supervisor_id
325 from per_all_assignments_f a
326 where trunc(sysdate) between a.effective_start_date
327 and a.effective_end_date
328 and assignment_type <> 'B'
329 and a.primary_flag='Y' ) asg
330 where exists (select null
331 from per_person_list ppl
332 where ppl.security_profile_id=p_security_profile_id
333 and ppl.person_id=asg.person_id)
334 connect by asg.supervisor_id = prior asg.person_id
335 and Level<=nvl(p_max_levels,Level)+1
336 start with asg.person_id=p_top_person_id ;
337 */
338
339 l_security_profile_id number;
340 l_what_to_evaluate number;
341 l_use_static_lists boolean;
342 --
343 BEGIN
344 --
345 -- DK 2001-11-17
346 -- 2086208. Save the ICX session id when the person list is created.
347 -- check_person_list calls initialize_globals if the value saved is
348 -- different to the current value of icx_sec.g_session_id
349 g_icx_session_id := icx_sec.g_session_id;
350 --
351 -- Get the schema mode and org_id from client_info
352 --
353 OPEN csr_get_schema_mode;
354 FETCH csr_get_schema_mode into g_apps_schema_mode, g_org_id;
355 CLOSE csr_get_schema_mode;
356 --
357 l_security_profile_id:=hr_security.get_security_profile;
358 g_user_id:=fnd_global.user_id;
359 g_resp_id:=fnd_global.resp_id;
360 g_resp_appl_id:=fnd_global.resp_appl_id;
361 g_security_group_id:=fnd_global.security_group_id;
362
363 -- g_person_id:=get_person_id; -- Bug 2807573 see below
364 -- g_person_list.delete; --6012095(forward port of 5985232)
365
366 --
367 IF (RTRIM(g_org_id) = TO_CHAR(VIEW_NO_ROWS_ORG_ID) AND g_apps_schema_mode = 'Y' ) THEN
368 g_view_no_rows := TRUE;
369 g_context := null;
370 ELSE
371 g_view_no_rows := FALSE;
372
373 --
374 -- Get the security profile information
375 --
376 OPEN csr_get_sec_prf(l_security_profile_id);
377 FETCH csr_get_sec_prf INTO g_context;
378 --
379 IF csr_get_sec_prf%NOTFOUND THEN
380 CLOSE csr_get_sec_prf;
381 raise_error('HR SECURITY ERROR : INVALID PROFILE VALUE '||l_security_profile_id);
382 ELSE
383 CLOSE csr_get_sec_prf;
384 END IF;
385
386 --
387 -- Bug 2807573 DK 17-FEB-2003
388 --
389 -- Initialization of g_person_id moved to avoid potentially
390 -- unnecessary query.
391 IF ( g_context.view_all_flag = 'N' ) THEN
392 g_person_id:=get_person_id;
393 END IF;
394
395 --
396 -- Reset this flag to false whenever security is re-initialised.
397 -- This tells show_bis_record to re-evaluate organization security
398 -- permissions using g_mo_context instead of g_context.
399 --
400 g_mo_org_sec_known := FALSE;
401
402 --
403 -- Get the security profile as set in the profile option
404 -- 'MO:Security Profile'.
405 --
406 OPEN csr_get_sec_prf(p_security_profile_id =>
407 to_number(fnd_profile.value('XLA_MO_SECURITY_PROFILE_LEVEL')));
408 FETCH csr_get_sec_prf INTO g_mo_context;
409 CLOSE csr_get_sec_prf;
410
411 --
412 -- If MO: Security Profile is not set, use HR: Security Profile.
413 --
414 IF g_mo_context.security_profile_id IS NULL THEN
415 g_mo_context := g_context;
416 g_mo_person_id := g_person_id;
417 ELSE
418 --
419 -- Fetch the person from the MO profile.
420 --
421 IF (NVL(g_mo_context.view_all_flag, 'Y') = 'N') THEN
422 IF g_mo_context.named_person_id IS NOT NULL THEN
423 g_mo_person_id := g_mo_context.named_person_id;
424 ELSE
425 OPEN csr_get_person(g_user_id);
426 FETCH csr_get_person INTO g_mo_person_id;
427 CLOSE csr_get_person;
428 END IF;
429 END IF;
430 END IF;
431
432 --
433 -- Bug 3584578.
434 -- All supervisor security is now evaluated in
435 -- hr_security_internal.evaluate_access.
436
437 /*
438 --
439 -- look to see if we are using supervisor hierarchies
440
441 -- DKERR 5/2002
442 -- Performance fixes for Bug 2374967 made to
443 --
444 -- get_super_people
445 -- get_super_people_ppl
446 -- get_super_people_primary
447 -- get_super_people_primary_ppl
448 --
449 -- See also 2041460
450 --
451 -- In each cursor we construct the list of all assignments as of today
452 -- before we apply the hierarchical query condition ie
453 -- "supervisor = prior person_id". This performs much better than the
454 -- original version which applied the date restriction to assignment rows
455 -- as part of the query condition. However these queries still require a
456 -- of high amount of i/o and performance will depend on how much of
457 -- the assignment table is already in the buffer cache.
458 -- For this reason and also the amount of session memory required to
459 -- cache potentially tens of thousands of person ids make this a less
460 -- scaleable solution than building the cache on a demand basis from
461 -- from a fixed number - possibly 3 levels.
462 --
463 -- Bug 3346940.
464 -- The "supervisor_flag = 'Y'" excludes assignment-based supervisor
465 -- hierarchies. These are built separately in evaluate_access.
466 -- Person-based hierarchies are build below, but only if there are
467 -- not any user-based org or user-based pos restrictions.
468 -- If there are user-based org or user-based pos restrictions, the
469 -- person-based hierarchies are built in evaluate_access, not here.
470 --
471 if g_context.restrict_by_supervisor_flag = 'Y' then
472 if g_context.view_all_organizations_flag='Y'
473 and g_context.view_all_positions_flag='Y'
474 and g_context.view_all_payrolls_flag='Y'
475 and g_context.custom_restriction_flag='N' then
476 --
477 -- we are only restricting by supervisor so do not
478 -- join to per_person_list
479 --
480 if g_context.exclude_secondary_asgs_flag='Y' then
481 --
482 -- find all of the people who are in the supervisor hierarchy of
483 -- primary assignments
484 --
485 for per_rec in get_super_people_primary(g_person_id
486 ,g_context.supervisor_levels)
487 loop
488 g_person_list(per_rec.person_id):=TRUE;
489 end loop;
490 else
491 -- find all of the people who are in the supervisor hierarchy of
492 -- any assignments
493 for per_rec in get_super_people(g_person_id
494 ,g_context.supervisor_levels) loop
495 g_person_list(per_rec.person_id):=TRUE;
496 end loop;
497 end if;
498
499 elsif NVL(g_context.top_organization_method, 'S') <> 'U'
500 and NVL(g_context.top_position_method, 'S') <> 'U'
501 and NVL(g_context.custom_restriction_flag, 'N') <> 'U'
502 and NVL(g_context.restrict_on_individual_asg, 'N') <> 'Y' then
503 --
504 -- Bug 3346940.
505 -- Only evaluate person-based supervisor security if user-based
506 -- org, pos and custom security is not in use and (bug 3507431)
507 -- the security is not on an individual assignment level.
508 --
509 -- we are also restricting by another thing, so join to
510 -- per_person_list
511 --
512 if g_context.exclude_secondary_asgs_flag='Y' then
513 --
514 -- find all of the people who are in the supervisor hierarchy of
515 -- primary assignments as well as the other security restrictions
516 --
517 for per_rec in get_super_people_primary_ppl(l_security_profile_id
518 ,g_person_id
519 ,g_context.supervisor_levels)
520 loop
521 g_person_list(per_rec.person_id):=TRUE;
522 end loop;
523
524 else
525 --
526 -- find all of the people who are in the supervisor hierarchy of
527 -- any assignments as well as the other security restrictions
528 --
529 for per_rec in get_super_people_ppl(l_security_profile_id
530 ,g_person_id
531 ,g_context.supervisor_levels) loop
532 g_person_list(per_rec.person_id):=TRUE;
533 end loop;
534 end if;
535 end if;
536 end if;
537
538 --
539 -- The static per_person_list is now cached during evaluate_access
540 -- so this code can be commented out. Although this is cached
541 -- into a separate table and synched up at the moment, it is
542 -- expected that g_person_list can be obsoleted and replaced by
543 -- g_per_tbl.
544 --
545 else
546 --
547 -- Bug 2807573 DK 17-FEB-2003
548 --
549 -- For a view all security profile we don't need to get
550 -- the per_person_list. It should be empty for such a profile
551 -- but checking involves a range scan and hence unnecessary i/o.
552 --
553 IF ( g_context.view_all_flag = 'N' ) THEN
554
555 -- we are not restricting by hierarchy, so
556 -- find all of the people who are in the security profile
557 for per_rec in get_people(l_security_profile_id) loop
558 g_person_list(per_rec.person_id):=TRUE;
559 end loop;
560 END IF ;
561
562 end if;
563 */
564 --
565 -- The below call to evaluate_access determines all the security
566 -- permissions for the logged on user and caches lists of their
567 -- orgs, positions, people, etc.
568 --
569 -- Where user-based security or assignment-level security is used,
570 -- the security is dynamically assessed, otherwise it picks up
571 -- the permissions from per_person_list.
572 --
573 -- hr_security_internal.evaluate_access keeps a separate person
574 -- cache at the moment, although it is expected that g_person_list
575 -- can be completely replaced by g_per_tbl in the near future
576 -- (this exercise requires references to g_person_list to be
577 -- replaced by g_per_tbl).
578 --
579 if (g_context.view_all_flag = 'N' ) then
580 --
581 -- Fetch the parameters that allow different modelling options.
582 -- THESE PARAMETERS ARE FOR DEVELOPMENT USE ONLY AT PRESENT.
583 --
584 g_effective_date := hr_security_internal.get_effective_date;
585 l_what_to_evaluate := hr_security_internal.get_what_to_evaluate;
586 l_use_static_lists := hr_security_internal.get_use_static_lists;
587
588 hr_security_internal.evaluate_access
589 (p_person_id => g_person_id
590 ,p_user_id => g_user_id
591 ,p_effective_date => g_effective_date
592 ,p_sec_prof_rec => g_context
593 ,p_what_to_evaluate => l_what_to_evaluate
594 ,p_use_static_lists => l_use_static_lists);
595
596 --
597 -- The two sets of person cache are synched.
598 --
599 --sync_person_cache; --6012095(Forward Port of 5985232)
600
601 end if;
602
603 /* --
604 -- GRANTED USERS ARE NOW ADDED IN EVALUATE_ACCESS
605 --
606 -- add granted users if using a restricted profile.
607 -- A user can have been granted access to a person but still be using
608 -- a view all responsiblity. In which case there will be rows in
609 -- PER_PERSON_LIST but as this is a view all profile we can ignore them.
610 --
611 -- 2807573 21-FEB-2003
612 -- Only deal with grant access when using a restricted profile.
613 --
614 if (g_context.view_all_flag = 'N' ) then
615 if g_context.allow_granted_users_flag='Y' then
616 for per_rec in get_granted_users(g_user_id) loop
617 g_person_list(per_rec.person_id):=TRUE;
618 end loop;
619 end if;
620 end if;
621 */
622
623 -- remove the current user if required.
624 if g_context.exclude_person_flag='Y' then
625 --g_person_list.delete(g_person_id);--6012095 (Forward port of 5985232)
626 hr_security_internal.g_per_tbl.delete(g_person_id);
627 end if;
628 --
629
630 END IF;
631
632 END Initialise_Globals;
633 --
634 -----------------------------------------------------------------------
635 --< view_all >---------------------------------------------------------
636 -----------------------------------------------------------------------
637 --
638 FUNCTION view_all return varchar2
639 IS
640 BEGIN
641
642 --
643 -- 2876315
644 --
645 if ( hr_signon.session_context <> fnd_global.session_context )
646 then
647 hr_signon.initialize_hr_security;
648 initialise_globals;
649 end if;
650
651
652 RETURN (NVL(hr_signon.g_hr_security_profile.view_all_flag
653 ,g_context.view_all_flag));
654
655
656 END view_all;
657 --
658 -----------------------------------------------------------------------
659 --< no_restrictions >--------------------------------------------------
660 -----------------------------------------------------------------------
661 --
662 FUNCTION no_restrictions return boolean
663 IS
664 BEGIN
665
666 --
667 -- Bug 2638726
668 -- DK 18-NOV-2002 Modified to use hr_signon cache
669 --
670
671 if (NVL(hr_signon.g_hr_security_profile.restrict_by_supervisor_flag,
672 g_context.restrict_by_supervisor_flag) = 'N'
673 and NVL(hr_signon.g_hr_security_profile.view_all_organizations_flag,
674 g_context.view_all_organizations_flag) = 'Y'
675 and NVL(hr_signon.g_hr_security_profile.view_all_positions_flag,
676 g_context.view_all_positions_flag) = 'Y'
677 and NVL(hr_signon.g_hr_security_profile.view_all_payrolls_flag,
678 g_context.view_all_payrolls_flag) = 'Y'
679 and NVL(hr_signon.g_hr_security_profile.custom_restriction_flag,
680 g_context.custom_restriction_flag) = 'N' ) then
681 RETURN true;
682 else
683 RETURN false;
684 end if;
685 END no_restrictions;
686 -----------------------------------------------------------------------
687 --< view_all_applicants >----------------------------------------------
688 -----------------------------------------------------------------------
689 --
690 FUNCTION view_all_applicants
691 RETURN BOOLEAN
692 IS
693 BEGIN
694 if (NVL(hr_signon.g_hr_security_profile.view_all_applicants_flag
695 ,g_context.view_all_applicants_flag) = 'Y') then
696 RETURN TRUE;
697 else
698 return FALSE;
699 end if;
700 END view_all_applicants;
701 --
702
703 -----------------------------------------------------------------------
704 --< view_all_cwk >-----------------------------------------------------
705 -----------------------------------------------------------------------
706 --
707 FUNCTION view_all_cwk
708 RETURN BOOLEAN
709 IS
710 BEGIN
711 if NVL(hr_signon.g_hr_security_profile.view_all_cwk_flag
712 ,g_context.view_all_cwk_flag) = 'Y' then
713 return true;
714 else
715 return false;
716 end if;
717 END view_all_cwk;
718 --
719 -----------------------------------------------------------------------
720 --< view_all_contacts >------------------------------------------------
721 -----------------------------------------------------------------------
722 --
723 FUNCTION view_all_contacts
724 RETURN BOOLEAN
725 IS
726 BEGIN
727 if NVL(hr_signon.g_hr_security_profile.view_all_contacts_flag
728 ,g_context.view_all_contacts_flag) = 'Y' then
729 return true;
730 else
731 return false;
732 end if;
733 END view_all_contacts;
734 --
735 -----------------------------------------------------------------------
736 --< view_all_candidates >----------------------------------------------
737 -----------------------------------------------------------------------
738 --
739 function view_all_candidates return boolean is
740 --
741 begin
742 -- This function will return TRUE if iRecruitment is not installed
743 -- or view_all_candidates_flag is set to 'All'.
744 if (nvl(hr_signon.g_hr_security_profile.view_all_candidates_flag,
745 g_context.view_all_candidates_flag) = 'Y' or
746 nvl(fnd_profile.value('IRC_INSTALLED_FLAG'), 'N') = 'N') then
747 --
748 return true;
749 --
750 else
751 --
752 return false;
753 --
754 end if;
755 --
756 end view_all_candidates;
757 --
758 -----------------------------------------------------------------------
759 --< view_all_employees >-----------------------------------------------
760 -----------------------------------------------------------------------
761 --
762 FUNCTION view_all_employees
763 RETURN BOOLEAN
764 IS
765 BEGIN
766 if NVL(hr_signon.g_hr_security_profile.view_all_employees_flag
767 ,g_context.view_all_employees_flag) = 'Y' then
768 return true;
769 else
770 return false;
771 end if;
772 END view_all_employees;
773 --
774 -----------------------------------------------------------------------
775 --< restricted_applicants >----------------------------------------------
776 -----------------------------------------------------------------------
777 --
778 FUNCTION restricted_applicants
779 RETURN BOOLEAN
780 IS
781 BEGIN
782 if (NVL(hr_signon.g_hr_security_profile.view_all_applicants_flag
783 ,g_context.view_all_applicants_flag) = 'N') then
784 RETURN TRUE;
785 else
786 return FALSE;
787 end if;
788 END restricted_applicants;
789 --
790 -----------------------------------------------------------------------
791 --< restricted_cwk >-----------------------------------------------------
792 -----------------------------------------------------------------------
793 --
794 FUNCTION restricted_cwk
795 RETURN BOOLEAN
796 IS
797 BEGIN
798 if NVL(hr_signon.g_hr_security_profile.view_all_cwk_flag
799 ,g_context.view_all_cwk_flag) = 'N' then
800 return true;
801 else
802 return false;
803 end if;
804 END restricted_cwk;
805 --
806 -----------------------------------------------------------------------
807 --< restricted_contacts >------------------------------------------------
808 -----------------------------------------------------------------------
809 --
810 FUNCTION restricted_contacts
811 RETURN BOOLEAN
812 IS
813 BEGIN
814 if NVL(hr_signon.g_hr_security_profile.view_all_contacts_flag
815 ,g_context.view_all_contacts_flag) = 'N' then
816 return true;
817 else
818 return false;
819 end if;
820 END restricted_contacts;
821 --
822 -----------------------------------------------------------------------
823 --< restricted_employees >-----------------------------------------------
824 -----------------------------------------------------------------------
825 --
826 FUNCTION restricted_employees
827 RETURN BOOLEAN
828 IS
829 BEGIN
830 if NVL(hr_signon.g_hr_security_profile.view_all_employees_flag
831 ,g_context.view_all_employees_flag) = 'N' then
832 return true;
833 else
834 return false;
835 end if;
836 END restricted_employees;
837 --
838 -----------------------------------------------------------------------
839 --< view_all_organizations >-------------------------------------------
840 -----------------------------------------------------------------------
841 --
842 FUNCTION view_all_organizations
843 RETURN BOOLEAN
844 IS
845 BEGIN
846 RETURN
847 (NVL(hr_signon.g_hr_security_profile.view_all_organizations_flag
848 ,g_context.view_all_organizations_flag) = 'Y' );
849 END view_all_organizations;
850 --
851 -----------------------------------------------------------------------
852 --< view_all_positions >-----------------------------------------------
853 -----------------------------------------------------------------------
854 --
855 FUNCTION view_all_positions
856 RETURN BOOLEAN
857 IS
858 BEGIN
859 RETURN
860 (NVL(hr_signon.g_hr_security_profile.view_all_positions_flag
861 ,g_context.view_all_positions_flag) = 'Y' );
862 END view_all_positions;
863 --
864 -----------------------------------------------------------------------
865 --< restrict_by_supervisor >-------------------------------------------
866 -----------------------------------------------------------------------
867 --
868 FUNCTION restrict_by_supervisor
869 RETURN BOOLEAN
870 IS
871 BEGIN
872 RETURN
873 (NVL(hr_signon.g_hr_security_profile.restrict_by_supervisor_flag
874 ,g_context.restrict_by_supervisor_flag) = 'Y' );
875 END restrict_by_supervisor;
876 --
877 --
878 --
879 -----------------------------------------------------------------------
880 --< view_all_payrolls >------------------------------------------------
881 -----------------------------------------------------------------------
882 --
883 FUNCTION view_all_payrolls
884 RETURN BOOLEAN
885 IS
886 BEGIN
887 RETURN
888 (NVL(hr_signon.g_hr_security_profile.view_all_payrolls_flag
889 ,g_context.view_all_payrolls_flag) = 'Y' );
890 END view_all_payrolls;
891 --
892 --
893 --
894 -----------------------------------------------------------------------
895 --< exclude_person >------------------------------------------------
896 -----------------------------------------------------------------------
897 --
898 FUNCTION exclude_person
899 RETURN BOOLEAN
900 IS
901 BEGIN
902 RETURN
903 (NVL(hr_signon.g_hr_security_profile.exclude_person_flag
904 ,g_context.exclude_person_flag) = 'Y' );
905 END exclude_person;
906 --
907 -----------------------------------------------------------------------
908 --< check_person_list >------------------------------------------------
909 -----------------------------------------------------------------------
910 --
911 FUNCTION check_person_list
912 (p_person_id IN NUMBER
913 )
914 RETURN BOOLEAN
915 IS
916 begin
917
918 IF globals_need_refreshing THEN
919 hr_signon.initialize_hr_security;
920 initialise_globals;
921 END IF;
922 --
923 -- return g_person_list.exists(p_person_id); -- Fixed for bug 5985232
924 return hr_security_internal.g_per_tbl.exists(p_person_id); -- Fixed for bug 5985232 (6320769)
925
926 END check_person_list;
927 --
928 -----------------------------------------------------------------------
929 --< globals_need_refreshing >------------------------------------------
930 -----------------------------------------------------------------------
931 --
932 FUNCTION globals_need_refreshing
933 RETURN BOOLEAN
934 IS
935
936 l_return BOOLEAN;
937
938 BEGIN
939
940 --- DK 2001-11-17
941 ---
942 --- Bug 2086208
943 --- Along with changes in the cached values of user,resp and security group
944 --- a change in the ICX session id causes the person list to be rebuilt.
945 --- Ideally this would be signalled via the product initialization code
946 ---
947
948 IF g_user_id <> fnd_global.user_id
949 or g_resp_id <> fnd_global.resp_id
950 or g_resp_appl_id <> fnd_global.resp_appl_id
951 or g_security_group_id <> fnd_global.security_group_id
952 or g_icx_session_id <> icx_sec.g_session_id
953 THEN
954 l_return := TRUE;
955 ELSE
956 l_return := FALSE;
957
958 END IF;
959 --
960 return l_return;
961
962 END globals_need_refreshing;
963 --
964 -----------------------------------------------------------------------
965 --< check_organization_list >------------------------------------------
966 -----------------------------------------------------------------------
967 --
968 FUNCTION check_organization_list
969 (p_organization_id IN NUMBER
970 )
971 RETURN BOOLEAN
972 IS
973 --
974 CURSOR chk_org_list
975 IS
976 SELECT 1
977 FROM per_organization_list
978 WHERE security_profile_id = get_security_profile
979 AND organization_id = p_organization_id;
980 --
981 l_return_value BOOLEAN;
982 l_dummy NUMBER;
983 --
984 BEGIN
985 OPEN chk_org_list;
986 FETCH chk_org_list INTO l_dummy;
987 l_return_value := chk_org_list%FOUND;
988 CLOSE chk_org_list;
989 --
990 RETURN (l_return_value);
991 END check_organization_list;
992 --
993 -----------------------------------------------------------------------
994 --< check_position_list >----------------------------------------------
995 -----------------------------------------------------------------------
996 --
997 FUNCTION check_position_list
998 (p_position_id IN NUMBER
999 )
1000 RETURN BOOLEAN
1001 IS
1002 CURSOR chk_pos_list IS
1003 SELECT 1
1004 FROM per_position_list
1005 WHERE security_profile_id = get_security_profile
1006 AND position_id = p_position_id;
1007 --
1008 l_return_value BOOLEAN;
1009 l_dummy NUMBER;
1010 --
1011 BEGIN
1012 OPEN chk_pos_list;
1013 FETCH chk_pos_list INTO l_dummy;
1014 l_return_value := chk_pos_list%FOUND;
1015 CLOSE chk_pos_list;
1016 --
1017 RETURN (l_return_value);
1018 END check_position_list;
1019 --
1020 -----------------------------------------------------------------------
1021 --< check_payroll_list >-----------------------------------------------
1022 -----------------------------------------------------------------------
1023 --
1024 FUNCTION check_payroll_list
1025 (p_payroll_id IN NUMBER
1026 )
1027 RETURN BOOLEAN
1028 IS
1029 CURSOR chk_pay_list
1030 IS
1031 SELECT 1
1032 FROM pay_payroll_list
1033 WHERE security_profile_id = get_security_profile
1034 AND payroll_id = p_payroll_id;
1035 --
1036 l_return_value boolean;
1037 l_dummy number;
1038 --
1039 BEGIN
1040 OPEN chk_pay_list;
1041 FETCH chk_pay_list INTO l_dummy;
1042 l_return_value := chk_pay_list%FOUND;
1043 CLOSE chk_pay_list;
1044 --
1045 RETURN (l_return_value);
1046 END check_payroll_list;
1047 --
1048 -----------------------------------------------------------------------
1049 --< show_person >-- overloaded and called directly from secure views --
1050 -----------------------------------------------------------------------
1051 --
1052 function show_person(
1053 p_person_id in number
1054 ,p_current_applicant_flag in varchar2
1055 ,p_current_employee_flag in varchar2
1056 ,p_current_npw_flag in varchar2
1057 ,p_employee_number in varchar2
1058 ,p_applicant_number in varchar2
1059 ,p_npw_number in varchar2
1060 ) return varchar2 is
1061 --
1062 begin
1063 -- if the profile excludes users, prevent the logged on user from seeing
1064 -- themselves under any circumstances.
1065 if (p_person_id = g_person_id and exclude_person) then
1066 --
1067 return 'FALSE';
1068 --
1069 end if;
1070 -- Return TRUE if the security profile has no person restrictions.
1071 if (view_all = 'Y' or
1072 (view_all_employees and view_all_applicants and view_all_cwk and
1073 view_all_contacts and view_all_candidates)) then
1074 --
1075 return 'TRUE';
1076 --
1077 end if;
1078 -- Return TRUE if the security profile has no work structure
1079 -- restrictions and the person restriction is "Restricted" for this
1080 -- type of person.
1081 if (no_restrictions and
1082 ((p_current_employee_flag = 'Y' and restricted_employees) or
1083 (p_current_applicant_flag = 'Y' and restricted_applicants) or
1084 (p_current_npw_flag = 'Y' and restricted_cwk) or
1085 (p_employee_number is null and p_applicant_number is null and
1086 p_npw_number is null and restricted_contacts and
1087 view_all_candidates))) then
1088 --
1089 return 'TRUE';
1090 --
1091 end if;
1092 -- Return TRUE if the security profile is view all contacts or you
1093 -- can see all the other types of people (and so contacts too)
1094 -- and where this person is a contact.
1095
1096 -- A condition with view_all_contacts_flag = All and
1097 -- view_all_candidates_flag = None, will not be taken care in below
1098 -- IF condition. ie: in such a scenario, its been decided that contacts
1099 -- will be populated in per_person_list through PERSLM. Thereby this
1100 -- function (SHOW_PERSON) will return a TRUE through CHECK_PERSON_LIST.
1101
1102 -- Contacts Candidates Contacts cached
1103 -- ------------------------------------------
1104 -- All All No
1105 -- All None Yes
1106 -- Restricted All Yes
1107 -- Restricted None Yes
1108 if view_all_contacts and view_all_candidates and
1109 p_employee_number is null and p_applicant_number is null and
1110 p_npw_number is null then
1111 --
1112 return 'TRUE';
1113 --
1114 end if;
1115 -- Return TRUE if the profile has restrictions but they
1116 -- are not relevant to this person.
1117
1118 -- Applicants are treated different: they must be only
1119 -- an applicant and not an employee / contingent worker
1120 -- to immediately return TRUE. This prevents emps or
1121 -- cwks being visible in an applicant-only security
1122 -- profile. Applicants who are also emps and cwks will
1123 -- have their security determined by listgen so the person
1124 -- list must be checked in this example.
1125 if (p_current_employee_flag = 'Y' and view_all_employees) or
1126 (p_current_npw_flag = 'Y' and view_all_cwk) or
1127 (p_current_applicant_flag ='Y' and nvl(p_current_npw_flag, 'N') = 'N'
1128 and nvl(p_current_employee_flag, 'N') = 'N'
1129 and view_all_applicants) then
1130 --
1131 return 'TRUE';
1132 --
1133 end if;
1134 --
1135 if view_all_applicants and p_applicant_number is not null and
1136 p_employee_number is null and p_npw_number is null then
1137 -- Profile is view all applicants, person is or has been an applicant
1138 -- and they person have not been an employee/cont worker so grant
1139 -- access. If the person is/was an Emp/CWK then grant access based
1140 -- on Emp/CWK criteria i.e. if the person is also an Emp and is
1141 -- visible then grant access. This does mean that an Ex-Emp and Apl
1142 -- will disappear from a view_all_applicants/restricted employees
1143 -- profile on termination of the application if the terminated Emp
1144 -- assignment does not allow access to this person for this profile.
1145 -- i.e. the profile allows access to Emps in "Org 1" but when the
1146 -- person was an employee they were in "Org 2".
1147
1148 -- This is slightly inconsistent with behaviour of PERSLM when
1149 -- granting access to Ex-Emp and Ex-Apl people for profiles which
1150 -- are restricted_employees and restricted_applicants but is better
1151 -- than the current situation.
1152
1153 -- We could/do have similar problems with view_all_emp and
1154 -- view_all_npw profiles but it's less likely that customers have
1155 -- view_all_emp/npw profiles. For now we'll ignore these cases.
1156 return 'TRUE';
1157 --
1158 end if;
1159 -- If security evaluation was deferred at logon, or if the person/
1160 -- assignment permissions are unknown for some other reason, use
1161 -- caching on demand to evaluate permissions on the fly.
1162 if not hr_security_internal.per_access_known then
1163 -- Passing a value to p_what_to_evaluate avoids evaluating
1164 -- permissions for irrelevant security criteria.
1165 hr_security_internal.evaluate_access(
1166 p_person_id => g_person_id
1167 ,p_user_id => g_user_id
1168 ,p_effective_date => g_effective_date
1169 ,p_sec_prof_rec => g_context
1170 ,p_what_to_evaluate => hr_security_internal.g_per_sec_only);
1171 -- The two sets of person cache are synched.
1172 --sync_person_cache;--Fixed for bug 6012095(Fwd port of 5985232)
1173 --
1174 end if;
1175 -- We must check the person list to determine this person's security.
1176 if check_person_list(p_person_id) then
1177 --
1178 return 'TRUE';
1179 --
1180 end if;
1181 -- This person cannot be visible.
1182 return 'FALSE';
1183 --
1184 end show_person;
1185 --
1186 -----------------------------------------------------------------------
1187 --< show_person >--- original called from show_record -----------------
1188 -----------------------------------------------------------------------
1189 --
1190 FUNCTION show_person
1191 (p_person_type_id IN NUMBER
1192 ,p_person_id IN NUMBER
1193 ,p_employee_number IN VARCHAR2
1194 ,p_applicant_number IN VARCHAR2
1195 )
1196 RETURN VARCHAR2
1197 IS
1198 BEGIN
1199 -- added for bug 4193763
1200 if (p_person_id = g_person_id and exclude_person) then
1201 --
1202 return 'FALSE';
1203 --
1204 end if;
1205
1206 -- added for bug 4193763
1207 --
1208 -- If View All is set to 'Yes' OR
1209 -- the profile is view all contact and both the numbers are null OR
1210 -- the profile is view all emp/apl/cwk
1211 --
1212 IF view_all = 'Y'
1213 OR (view_all_contacts AND
1214 view_all_employees AND
1215 view_all_applicants AND
1216 view_all_cwk) THEN
1217 RETURN 'TRUE';
1218 END IF;
1219
1220 --
1221 -- Return TRUE if the security profile is view all contacts and
1222 -- this person is a contact.
1223 --
1224 IF view_all_contacts AND
1225 p_employee_number is null AND
1226 p_applicant_number is null THEN
1227 return 'TRUE';
1228 END IF;
1229
1230 --
1231 -- If View All Employees is 'Yes' and this is an employee
1232 --
1233 IF (view_all_employees AND p_employee_number IS NOT NULL)
1234 OR (view_all_employees AND p_employee_number IS NOT NULL) THEN
1235 --
1236 -- If this is the excluding person return false
1237 --
1238 -- added for bug 4193763
1239 -- commented the if condition
1240 -- if exclude_person and p_person_id=g_person_id then
1241 -- RETURN 'FALSE';
1242 -- else
1243 RETURN 'TRUE';
1244 -- end if;
1245 -- added for bug 4193763
1246 --
1247 -- If View All Applicants is 'Yes' and this is an applicant
1248 --
1249 ELSIF p_applicant_number IS NOT NULL THEN
1250 if view_all_applicants and view_all_employees and view_all_cwk then
1251 RETURN 'TRUE';
1252 end if;
1253 END IF;
1254
1255 --
1256 -- If security evaluation was deferred at logon,
1257 -- or if the person / assignment permissions are unknown for
1258 -- some other reason, use caching on demand to evaluate
1259 -- permissions on the fly.
1260 --
1261 IF NOT hr_security_internal.per_access_known THEN
1262 --
1263 -- Passing a value to p_what_to_evaluate avoids evaluating
1264 -- permissions for irrelevant security criteria.
1265 --
1266 hr_security_internal.evaluate_access
1267 (p_person_id => g_person_id
1268 ,p_user_id => g_user_id
1269 ,p_effective_date => g_effective_date
1270 ,p_sec_prof_rec => g_context
1271 ,p_what_to_evaluate => hr_security_internal.g_PER_SEC_ONLY);
1272
1273 --
1274 -- The two sets of person cache are synched.
1275 --
1276 --sync_person_cache; --6012095(Forward Port of 5985232)
1277
1278 END IF;
1279
1280 --
1281 -- Check the global pl/sql table for the person
1282 --
1283 IF check_person_list(p_person_id) THEN
1284 RETURN 'TRUE';
1285
1286 END IF;
1287 RETURN 'FALSE';
1288 END show_person;
1289 --
1290 -----------------------------------------------------------------------
1291 --< show_asg_for_per >-------------------------------------------------
1292 -----------------------------------------------------------------------
1293 --
1294 -- This function is private. To make use of this function, use the
1295 -- wrapper function show_record (which is public).
1296 --
1297 -- This function has been renamed from show_assignment to
1298 -- show_asg_for_per as part of the assignment and user security
1299 -- changes (bug 3346940). This function assesses assignment security
1300 -- at the person level, i.e., if you can see the person you can see
1301 -- all their assignments.
1302 --
1303 -- show_record calls this function by default unless another parameter
1304 -- is passed to show_record, in which case it calls show_assignment.
1305 --
1306 FUNCTION show_asg_for_per
1307 (p_assignment_id IN NUMBER
1308 ,p_person_id IN NUMBER
1309 ,p_assignment_type IN VARCHAR2
1310 )
1311 RETURN VARCHAR2 IS
1312
1313 BEGIN
1314 --
1315 -- added for bug 4193763
1316 if (p_person_id = g_person_id and exclude_person) then
1317 --
1318 return 'FALSE';
1319 --
1320 end if;
1321 -- added for bug 4193763
1322 --
1323 IF ((view_all = 'Y')
1324 OR (view_all_employees AND
1325 view_all_applicants AND
1326 view_all_cwk AND
1327 view_all_contacts)
1328 OR (no_restrictions))
1329 THEN
1330 RETURN 'TRUE';
1331 ELSIF (view_all_applicants AND p_assignment_type = 'A') THEN
1332 RETURN 'TRUE';
1333 ELSIF (view_all_employees AND p_assignment_type = 'E') THEN
1334 RETURN 'TRUE';
1335 ELSIF (view_all_CWK AND p_assignment_type = 'C') THEN
1336 RETURN 'TRUE';
1337 ELSIF (check_person_list(p_person_id)) THEN
1338 RETURN 'TRUE';
1339 ELSE
1340 RETURN 'FALSE';
1341 END IF;
1342 END show_asg_for_per;
1343 --
1344 -----------------------------------------------------------------------
1345 --< show_assignment >--------------------------------------------------
1346 -----------------------------------------------------------------------
1347 --
1348 -- This function is private. To make use of this function, use the
1349 -- wrapper function show_record (which is public).
1350 --
1351 -- This function has been added as part of the assignment
1352 -- and user security changes (bug 3346940). The previous
1353 -- show_assignment, which assesses security at a person level, has
1354 -- been re-named to show_asg_for_per.
1355 --
1356 -- This function assesses security for each individual assignment.
1357 --
1358 -- show_record calls this function if an additional parameter is
1359 -- passed to show_record.
1360 --
1361 FUNCTION show_assignment
1362 (p_assignment_id IN NUMBER
1363 ,p_person_id IN NUMBER
1364 ,p_assignment_type IN VARCHAR2
1365 )
1366 RETURN VARCHAR2 IS
1367
1368 BEGIN
1369
1370 --
1371 -- Exclude the current user or named user if set.
1372 --
1373 IF exclude_person
1374 AND p_person_id = g_person_id
1375 THEN
1376 RETURN 'FALSE';
1377 END IF;
1378
1379 --
1380 -- Assess the permissions using the given parameters if
1381 -- possible.
1382 --
1383 IF ((view_all = 'Y')
1384 OR (view_all_employees AND
1385 view_all_applicants AND
1386 view_all_cwk AND
1387 view_all_contacts)
1388 OR (no_restrictions))
1389 THEN
1390 RETURN 'TRUE';
1391 ELSIF (view_all_applicants AND p_assignment_type = 'A') THEN
1392 RETURN 'TRUE';
1393 ELSIF (view_all_employees AND p_assignment_type = 'E') THEN
1394 RETURN 'TRUE';
1395 ELSIF (view_all_cwk AND p_assignment_type = 'C') THEN
1396 RETURN 'TRUE';
1397 END IF;
1398
1399 --
1400 -- If security evaluation was deferred at logon,
1401 -- or if the person / assignment permissions are unknown for
1402 -- some other reason, use caching on demand to evaluate
1403 -- permissions on the fly.
1404 --
1405 IF NOT hr_security_internal.per_access_known THEN
1406 --
1407 -- Passing a value to p_what_to_evaluate avoids evaluating
1408 -- permissions for irrelevant security criteria.
1409 --
1410 hr_security_internal.evaluate_access
1411 (p_person_id => g_person_id
1412 ,p_user_id => g_user_id
1413 ,p_effective_date => g_effective_date
1414 ,p_sec_prof_rec => g_context
1415 ,p_what_to_evaluate => hr_security_internal.g_PER_SEC_ONLY);
1416
1417 --
1418 -- The two sets of person cache are synched.
1419 --
1420 --sync_person_cache;--(Fwd port of 5985232)
1421
1422 END IF;
1423
1424 --
1425 -- If restricting at an individual assignment level, check
1426 -- the assignments list, rather than the person list.
1427 --
1428 IF NVL(g_context.restrict_on_individual_asg, 'N') = 'Y'
1429 THEN
1430 IF hr_security_internal.g_asg_tbl.EXISTS(p_assignment_id) THEN
1431 RETURN 'TRUE';
1432 ELSE
1433 RETURN 'FALSE';
1434 END IF;
1435 ELSE
1436 --
1437 -- For safety, continue using check_person_list rather than
1438 -- referencing hr_security_internal.g_per_tbl until
1439 -- evaluate_access does all the work.
1440 --
1441 IF check_person_list(p_person_id) THEN
1442 RETURN 'TRUE';
1443 ELSE
1444 RETURN 'FALSE';
1445 END IF;
1446 END IF;
1447
1448 END show_assignment;
1449 --
1450 -----------------------------------------------------------------------
1451 --< show_organization >------------------------------------------------
1452 -----------------------------------------------------------------------
1453 --
1454 FUNCTION show_organization
1455 (p_organization_id IN NUMBER
1456 )
1457 RETURN VARCHAR2
1458 IS
1459 BEGIN
1460
1461 --
1462 -- The revised changes here made for enhancement 3346940
1463 -- obsolete check_organization_list (it is no longer used).
1464 -- Instead the cached organization list is accessed directly.
1465 --
1466
1467 --
1468 -- Immediately return true if there is no security.
1469 --
1470 IF (view_all = 'Y' OR view_all_organizations) THEN
1471 RETURN 'TRUE';
1472 END IF;
1473
1474 --
1475 -- If security evaluation was deferred at logon,
1476 -- or if organization permissions are unknown for
1477 -- some other reason, use caching on demand to evaluate
1478 -- permissions on the fly.
1479 --
1480 IF NOT hr_security_internal.org_access_known THEN
1481 --
1482 -- Passing a value to p_what_to_evaluate avoids evaluating
1483 -- permissions for non-org security criteria.
1484 --
1485 hr_security_internal.evaluate_access
1486 (p_person_id => g_person_id
1487 ,p_user_id => g_user_id
1488 ,p_effective_date => g_effective_date
1489 ,p_sec_prof_rec => g_context
1490 ,p_what_to_evaluate => hr_security_internal.g_ORG_SEC_ONLY);
1491 END IF;
1492
1493 IF hr_security_internal.g_org_tbl.EXISTS(p_organization_id) THEN
1494 RETURN 'TRUE';
1495 ELSE
1496 RETURN 'FALSE';
1497 END IF;
1498
1499 END show_organization;
1500 --
1501 -----------------------------------------------------------------------
1502 --< show_position >----------------------------------------------------
1503 -----------------------------------------------------------------------
1504 --
1505 FUNCTION show_position
1506 (p_position_id IN NUMBER
1507 )
1508 RETURN VARCHAR2
1509 IS
1510 BEGIN
1511
1512 --
1513 -- The revised changes here made for enhancement 3346940
1514 -- obsolete check_position_list (it is no longer used).
1515 -- Instead the cached position list is accessed directly.
1516 --
1517
1518 --
1519 -- Immediately return true if there is no security.
1520 --
1521 IF (view_all = 'Y' OR view_all_positions) THEN
1522 RETURN 'TRUE';
1523 END IF;
1524
1525 --
1526 -- If security evaluation was deferred at logon,
1527 -- or if position permissions are unknown for
1528 -- some other reason, use caching on demand to evaluate
1529 -- permissions on the fly.
1530 --
1531 IF NOT hr_security_internal.pos_access_known THEN
1532 --
1533 -- Passing a value to p_what_to_evaluate avoids evaluating
1534 -- permissions for non-pos security criteria.
1535 --
1536 hr_security_internal.evaluate_access
1537 (p_person_id => g_person_id
1538 ,p_user_id => g_user_id
1539 ,p_effective_date => g_effective_date
1540 ,p_sec_prof_rec => g_context
1541 ,p_what_to_evaluate => hr_security_internal.g_POS_SEC_ONLY);
1542 END IF;
1543
1544 IF hr_security_internal.g_pos_tbl.EXISTS(p_position_id) THEN
1545 RETURN 'TRUE';
1546 ELSE
1547 RETURN 'FALSE';
1548 END IF;
1549
1550 END show_position;
1551 --
1552 -----------------------------------------------------------------------
1553 --< show_payroll >-----------------------------------------------------
1554 -----------------------------------------------------------------------
1555 --
1556 FUNCTION show_payroll
1557 (p_payroll_id IN NUMBER
1558 )
1559 RETURN VARCHAR2
1560 IS
1561 BEGIN
1562
1563 --
1564 -- The revised changes here made for enhancement 3346940
1565 -- obsolete check_payroll_list (it is no longer used).
1566 -- Instead the cached payroll list is accessed directly.
1567 --
1568
1569 --
1570 -- Immediately return true if there is no security.
1571 --
1572 IF (view_all = 'Y' OR view_all_payrolls) THEN
1573 RETURN 'TRUE';
1574 END IF;
1575
1576 --
1577 -- If security evaluation was deferred at logon,
1578 -- or if payroll permissions are unknown for
1579 -- some other reason, use caching on demand to evaluate
1580 -- permissions on the fly.
1581 --
1582 IF NOT hr_security_internal.pay_access_known THEN
1583 --
1584 -- Passing a value to p_what_to_evaluate avoids evaluating
1585 -- permissions for non-pos security criteria.
1586 --
1587 hr_security_internal.evaluate_access
1588 (p_person_id => g_person_id
1589 ,p_user_id => g_user_id
1590 ,p_effective_date => g_effective_date
1591 ,p_sec_prof_rec => g_context
1592 ,p_what_to_evaluate => hr_security_internal.g_PAY_SEC_ONLY);
1593 END IF;
1594
1595 IF hr_security_internal.g_pay_tbl.EXISTS(p_payroll_id) THEN
1596 RETURN 'TRUE';
1597 ELSE
1598 RETURN 'FALSE';
1599 END IF;
1600
1601 END show_payroll;
1602 --
1603 -----------------------------------------------------------------------
1604 --< show_vacancy >-----------------------------------------------------
1605 -----------------------------------------------------------------------
1606 --
1607 FUNCTION show_vacancy
1608 (p_vacancy_id IN NUMBER
1609 ,p_organization_id IN NUMBER
1610 ,p_position_id IN NUMBER
1611 ,p_manager_id IN NUMBER
1612 ,p_security_method IN VARCHAR2
1613 ,p_business_group_id IN VARCHAR2 default null
1614 )
1615 RETURN VARCHAR2
1616 IS
1617 CURSOR CSR_TEAM is
1618 Select 1
1619 from irc_rec_team_members team
1620 ,per_all_people_f per
1621 ,fnd_user usr
1622 where team.vacancy_id = p_vacancy_id
1623 and team.party_id = nvl(per.party_id, usr.customer_id)
1624 and per.person_id(+) = usr.employee_id
1625 and sysdate between per.effective_start_date
1626 and per.effective_end_date
1627 and usr.user_id = g_user_id;
1628 l_dummy number;
1629 l_user_in_team boolean;
1630 l_bg_id number;
1631 BEGIN
1632
1633 -- Bug 5188828
1634 -- Vacancies should be restricted to BG of security profile when profile is local
1635
1636 l_bg_id := get_sec_profile_bg_id;
1637 if (l_bg_id is not null and
1638 p_business_group_id is not null and
1639 l_bg_id <> p_business_group_id ) then
1640 return 'FALSE';
1641 end if;
1642
1643 /*
1644 ** If the security profile is "View All" or the vacancy is
1645 ** "Unsecured" then allow access.
1646 */
1647 IF ( view_all = 'Y'
1648 OR p_security_method = 'U') THEN
1649 return 'TRUE';
1650 END IF;
1651
1652 /*
1653 ** Check for Team security.
1654 */
1655 IF p_security_method = 'T' THEN
1656 open csr_team;
1657 fetch csr_team into l_dummy;
1658 IF csr_team %found THEN
1659 close csr_team;
1660 return 'TRUE';
1661 ELSE
1662 close csr_team;
1663 return 'FALSE';
1664 END IF;
1665 /*
1666 ** Check for Business and Team security.
1667 */
1668 ELSIF nvl(p_security_method,'B') = 'B' THEN
1669
1670 IF p_organization_id IS NULL
1671 AND p_position_id IS NULL
1672 AND ((restrict_by_supervisor AND p_manager_id IS NULL)
1673 OR (NOT restrict_by_supervisor)) THEN
1674 /*
1675 ** The organization and position are NULL and either not using
1676 ** supervisor security or we are using supervisor security but
1677 ** the vacancy manager is NULL so allow access as there is nothing
1678 ** to restrict by.
1679 */
1680 RETURN 'TRUE';
1681 ELSIF (restrict_by_supervisor
1682 AND (p_manager_id IS NULL
1683 OR
1684 ( p_manager_id IS NOT NULL
1685 AND check_person_list(p_manager_id))))
1686 OR (NOT restrict_by_supervisor) THEN
1687 /*
1688 ** We are EITHER using supervisor security and either the manager is
1689 ** NULL or we have access to the manager OR we are not using
1690 ** supervisor security so grant access based Org and Pos.
1691 */
1692 IF ( p_organization_id IS NOT NULL
1693 AND p_position_id IS NULL) THEN
1694 RETURN show_organization(p_organization_id);
1695 ELSIF ( p_organization_id IS NOT NULL
1696 AND p_position_id IS NOT NULL) THEN
1697 IF ( show_organization(p_organization_id) = 'TRUE'
1698 AND show_position(p_position_id) = 'TRUE' )
1699 THEN
1700 RETURN 'TRUE';
1701 -- ELSE
1702 -- RETURN 'FALSE';
1703 END IF;
1704 ELSIF ( p_position_id IS NULL
1705 AND p_organization_id IS NULL) then
1706 RETURN 'TRUE';
1707 ELSE
1708 RETURN 'FALSE';
1709 END IF;
1710 END IF;
1711 /*
1712 ** No access based on org, pos and supervisor so check the team
1713 ** access for this user.
1714 */
1715 open csr_team;
1716 fetch csr_team into l_dummy;
1717 IF csr_team %found THEN
1718 close csr_team;
1719 return 'TRUE';
1720 ELSE
1721 close csr_team;
1722 return 'FALSE';
1723 END IF;
1724 END IF; /* security_method = 'B' */
1725 END show_vacancy;
1726 --
1727 -----------------------------------------------------------------------
1728 --< show_record >------------------------------------------------------
1729 -----------------------------------------------------------------------
1730 --
1731 FUNCTION show_record
1732 (p_table_name IN VARCHAR2
1733 ,p_unique_id IN NUMBER
1734 ,p_val1 IN VARCHAR2 DEFAULT NULL
1735 ,p_val2 IN VARCHAR2 DEFAULT NULL
1736 ,p_val3 IN VARCHAR2 DEFAULT NULL
1737 ,p_val4 IN VARCHAR2 DEFAULT NULL
1738 ,p_val5 IN VARCHAR2 DEFAULT NULL
1739 )
1740 RETURN VARCHAR2
1741 IS
1742 BEGIN
1743
1744 --
1745 -- 3676633
1746 --
1747 IF ( globals_need_refreshing ) THEN
1748 hr_signon.initialize_hr_security;
1749 initialise_globals;
1750 END IF;
1751
1752
1753 IF (g_view_no_rows) THEN
1754 RETURN 'FALSE';
1755 END IF;
1756 --
1757 IF (p_table_name = 'PER_ALL_PEOPLE_F') THEN
1758 RETURN (show_person(p_person_id => p_unique_id,
1759 p_person_type_id => p_val1,
1760 p_employee_number => p_val2,
1761 p_applicant_number => p_val3));
1762 ELSIF (p_table_name = 'PER_ALL_ASSIGNMENTS_F') THEN
1763 --
1764 -- Assess assignment level security if the extra parameter
1765 -- is passed in, otherwise assess security at the person
1766 -- level (show_asg_for_per).
1767 --
1768 IF NVL(p_val3, 'N') = 'Y' THEN
1769 RETURN (show_assignment(p_assignment_id => p_unique_id,
1770 p_person_id => p_val1,
1771 p_assignment_type => p_val2 ));
1772 ELSE
1773 RETURN (show_asg_for_per(p_assignment_id => p_unique_id,
1774 p_person_id => p_val1,
1775 p_assignment_type => p_val2 ));
1776 END IF;
1777 ELSIF (p_table_name = 'HR_ALL_ORGANIZATION_UNITS') THEN
1778 RETURN (show_organization(p_organization_id => p_unique_id ));
1779 ELSIF (p_table_name = 'PER_ALL_POSITIONS' ) THEN
1780 RETURN (show_position(p_position_id => p_unique_id));
1781 ELSIF (p_table_name = 'PAY_ALL_PAYROLLS_F') THEN
1782 RETURN (show_payroll(p_payroll_id => p_unique_id));
1783 ELSIF (p_table_name = 'PER_ALL_VACANCIES') THEN
1784 RETURN (show_vacancy(p_vacancy_id => p_unique_id,
1785 p_organization_id => p_val1,
1786 p_position_id => p_val2,
1787 p_manager_id => p_val3,
1788 p_security_method => p_val4,
1789 p_business_group_id => p_val5));
1790 ELSE
1791 raise_error ('HR_SECURITY : INVALID TABLE NAME');
1792 END IF;
1793 END show_record;
1794 --
1795 -----------------------------------------------------------------------
1796 --< Show_BIS_Record >--------------------------------------------------
1797 -----------------------------------------------------------------------
1798 --
1799 -- Description:
1800 -- This procedure is used from BIS views to restrict records based
1801 -- on the organization.
1802 --
1803 FUNCTION Show_BIS_Record
1804 ( p_org_id in NUMBER
1805 )
1806 RETURN VARCHAR2
1807 IS
1808
1809 l_pv_org_id number;
1810 l_org_id number;
1811
1812 --
1813 -- Checks to see if there are any records in org_access for
1814 -- the current responsibility. fnd_global.resp_appl_id is used
1815 -- to improve index performance.
1816 --
1817 CURSOR c_chk_resp_in_org_access IS
1818 SELECT null
1819 FROM org_access oa
1820 WHERE oa.resp_application_id = g_resp_appl_id
1821 AND oa.responsibility_id = g_resp_id;
1822
1823 --
1824 -- Returns a single record in org_access that matches the
1825 -- current responsibility and p_org_id (if one exists).
1826 -- fnd_global.resp_appl_id is used to improve index performance.
1827 --
1828 CURSOR c_get_org_access_org IS
1829 SELECT oa.organization_id
1830 FROM org_access oa
1831 WHERE oa.resp_application_id = g_resp_appl_id
1832 AND oa.responsibility_id = g_resp_id
1833 AND oa.organization_id = p_org_id;
1834
1835 --
1836 -- Gets all inventory orgs belonging to a particular operating unit.
1837 --
1838 CURSOR c_get_inventory_org (org_id IN NUMBER) IS
1839 SELECT null
1840 FROM hr_organization_information oi
1841 WHERE oi.organization_id = p_org_id
1842 AND oi.org_information_context = 'Accounting Information'
1843 AND to_number(oi.org_information3) = org_id;
1844
1845
1846 BEGIN
1847
1848 --
1849 -- If p_org_id is null then always show the record.
1850 --
1851 IF (p_org_id IS NULL) THEN
1852 RETURN 'TRUE';
1853 END IF;
1854
1855 IF globals_need_refreshing THEN
1856 --
1857 -- Bug 3476231.
1858 -- This bug-fix adds support for all HRMS organization security
1859 -- features. In addition to supporting operating unit and
1860 -- inventory org security features, it supports organization
1861 -- hierarchy, include and exclude orgs and user-based organization
1862 -- security.
1863 -- To do this effectively, it is now necessary to re-initialise
1864 -- security whenever the user, resp, etc. changes, hence the
1865 -- globals_need_refreshing function call.
1866 --
1867 -- This function re-evaluates organization security using the
1868 -- MO: Security Profile instead of HR: Security Profile
1869 -- by calling evaluate_access with the g_mo_contexts (see below).
1870 -- If MO: Security Profile has no value, the context is already
1871 -- set to HR: Security Profile.
1872 --
1873 hr_signon.initialize_hr_security;
1874 initialise_globals;
1875 END IF;
1876
1877 --
1878 -- Immediately return TRUE if there is no security.
1879 --
1880 IF g_mo_context.security_profile_id IS NULL OR
1881 NVL(g_mo_context.view_all_flag, 'Y') = 'Y' OR
1882 NVL(g_mo_context.view_all_organizations_flag, 'Y') = 'Y' OR
1883 NVL(g_mo_context.org_security_mode, 'NONE') = 'NONE'
1884 THEN
1885 RETURN 'TRUE';
1886 END IF;
1887
1888 --
1889 -- Evaluate organization security by operating unit.
1890 --
1891 IF g_mo_context.org_security_mode = 'OU' THEN
1892 --
1893 -- The org security mode is operating unit only. Get the
1894 -- 'MO:Operating Unit' profile option.
1895 --
1896 l_pv_org_id := to_number(fnd_profile.value('ORG_ID'));
1897
1898 --
1899 -- The value of the profile option 'MO:Operating Unit' is
1900 -- validated against p_org_id.
1901 --
1902 IF l_pv_org_id = p_org_id THEN
1903 RETURN 'TRUE';
1904 ELSE
1905 RETURN 'FALSE';
1906 END IF;
1907
1908 --
1909 -- Evaluate organization security by operating unit
1910 -- and inventory organizations.
1911 --
1912 ELSIF g_mo_context.org_security_mode = 'OU_INV' THEN
1913 --
1914 -- The org_security_mode is operating unit and inventory orgs.
1915 -- Get the 'MO:Operating Unit' profile option.
1916 --
1917 l_pv_org_id := to_number(fnd_profile.value('ORG_ID'));
1918
1919 --
1920 -- The value of the profile option 'MO:Operating Unit' is
1921 -- compared against p_org_id.
1922 --
1923 IF l_pv_org_id = p_org_id THEN
1924 RETURN 'TRUE';
1925 END IF;
1926
1927 --
1928 -- Get the org_access rows and see if any orgs match. If there are
1929 -- no matches against p_org_id, FALSE is returned. If no rows
1930 -- exist for the current responsibility, p_org_id is checked against
1931 -- the inventory orgs for the operating unit via hr_organization_units.
1932 --
1933 OPEN c_chk_resp_in_org_access;
1934 FETCH c_chk_resp_in_org_access into l_org_id;
1935
1936 IF c_chk_resp_in_org_access%FOUND THEN
1937 --
1938 -- There are matching records, so see if any orgs in org_access
1939 -- match p_org_id.
1940 --
1941 OPEN c_get_org_access_org;
1942 FETCH c_get_org_access_org INTO l_org_id;
1943
1944 IF c_get_org_access_org%FOUND THEN
1945 CLOSE c_chk_resp_in_org_access;
1946 CLOSE c_get_org_access_org;
1947 RETURN 'TRUE';
1948 ELSE
1949 CLOSE c_chk_resp_in_org_access;
1950 CLOSE c_get_org_access_org;
1951 RETURN 'FALSE';
1952 END IF;
1953
1954 ELSE
1955 --
1956 -- There are no records in org_access that match the responsibility
1957 -- so get the inventory orgs for the operating unit.
1958 --
1959 CLOSE c_chk_resp_in_org_access;
1960
1961 OPEN c_get_inventory_org (l_pv_org_id);
1962 FETCH c_get_inventory_org into l_org_id;
1963
1964 IF c_get_inventory_org%FOUND THEN
1965 CLOSE c_get_inventory_org;
1966 RETURN 'TRUE';
1967 ELSE
1968 CLOSE c_get_inventory_org;
1969 RETURN 'FALSE';
1970 END IF;
1971
1972 END IF;
1973
1974 --
1975 -- Evaluate organization security by organization hierarchy
1976 -- and / or a discrete list of organizations.
1977 --
1978 ELSIF g_mo_context.org_security_mode = 'HIER' THEN
1979 --
1980 -- This flag indicates whether the organization permissions have
1981 -- already been cached using g_mo_context.
1982 --
1983 IF NOT g_mo_org_sec_known THEN
1984 --
1985 -- Re-evaluate organization security using the g_mo_context.
1986 --
1987 hr_security_internal.evaluate_access
1988 (p_person_id => g_mo_person_id
1989 ,p_user_id => g_user_id
1990 ,p_effective_date => g_effective_date
1991 ,p_sec_prof_rec => g_mo_context
1992 ,p_what_to_evaluate => hr_security_internal.g_ORG_SEC_ONLY);
1993
1994 --
1995 -- Set this flag so that the permissions are not re-evaluated
1996 -- with each function call. This flag is reset back to false
1997 -- when the user's logon attributes change (for example, the
1998 -- user changes responsibility).
1999 --
2000 g_mo_org_sec_known := TRUE;
2001
2002 END IF;
2003
2004 IF hr_security_internal.g_org_tbl.EXISTS(p_org_id) THEN
2005 RETURN 'TRUE';
2006 ELSE
2007 RETURN 'FALSE';
2008 END IF;
2009
2010 END IF;
2011
2012 RETURN 'FALSE';
2013
2014 END Show_BIS_Record;
2015 --
2016 -----------------------------------------------------------------------
2017 --< add_assignment >---------------------------------------------------
2018 -----------------------------------------------------------------------
2019 --
2020 procedure add_assignment
2021 (p_person_id number
2022 ,p_assignment_id number) is
2023 begin
2024
2025 IF globals_need_refreshing THEN
2026 hr_signon.initialize_hr_security;
2027 initialise_globals;
2028 END IF;
2029
2030 IF g_context.view_all_flag <> 'Y' AND
2031 NVL(g_context.restrict_on_individual_asg, 'N') = 'Y' AND
2032 p_person_id IS NOT NULL AND
2033 p_assignment_id IS NOT NULL
2034 THEN
2035 hr_security_internal.g_asg_tbl(p_assignment_id) := p_person_id;
2036 END IF;
2037
2038 end add_assignment;
2039 --
2040 -----------------------------------------------------------------------
2041 --< add_person >-------------------------------------------------------
2042 -----------------------------------------------------------------------
2043 --
2044 procedure add_person(p_person_id number) is
2045 --
2046 begin
2047 --
2048 if globals_need_refreshing then
2049 hr_signon.initialize_hr_security;
2050 initialise_globals;
2051 end if;
2052 --
2053 if g_context.view_all_flag <> 'Y' then
2054 --
2055 --g_person_list(p_person_id) := TRUE;--6012095(Forward port of 5985232)
2056 hr_security_internal.g_per_tbl(p_person_id) := TRUE;
2057 --
2058 end if;
2059 --
2060 end add_person;
2061 --
2062 -----------------------------------------------------------------------
2063 --< remove_person >----------------------------------------------------
2064 -----------------------------------------------------------------------
2065 --
2066 procedure remove_person(p_person_id number) is
2067 begin
2068 if g_context.view_all_flag<>'Y' then
2069 -- g_person_list.delete(p_person_id); --6012095(Forward port of 5985232)
2070 hr_security_internal.g_per_tbl.delete(p_person_id);
2071 end if;
2072 end remove_person;
2073 --
2074 -----------------------------------------------------------------------
2075 --< add_organization >-------------------------------------------------
2076 -----------------------------------------------------------------------
2077 --
2078 procedure add_organization
2079 (p_organization_id number,
2080 p_security_Profile_id number) is
2081 begin
2082 --
2083 IF globals_need_refreshing THEN
2084 hr_signon.initialize_hr_security;
2085 initialise_globals;
2086 END IF;
2087 --
2088 IF g_context.view_all_flag <> 'Y' AND
2089 g_context.view_all_organizations_flag = 'N' AND
2090 p_organization_id IS NOT NULL
2091 THEN
2092 hr_security_internal.g_org_tbl(p_organization_id) := TRUE;
2093 END IF;
2094 --
2095 IF (NVL(g_context.top_organization_method, 'S') <> 'U') THEN
2096 hr_security_internal.add_org_to_security_list(p_security_Profile_id,
2097 p_organization_id);
2098 END IF;
2099 --
2100 end add_organization;
2101 --
2102 --
2103 -----------------------------------------------------------------------
2104 --< add_position >-----------------------------------------------------
2105 -----------------------------------------------------------------------
2106 --
2107 procedure add_position
2108 (p_position_id number,
2109 p_security_profile_id number) is
2110 begin
2111 --
2112 IF globals_need_refreshing THEN
2113 hr_signon.initialize_hr_security;
2114 initialise_globals;
2115 END IF;
2116 --
2117 IF g_context.view_all_flag <> 'Y' AND
2118 g_context.view_all_positions_flag = 'N' AND
2119 p_position_id IS NOT NULL
2120 THEN
2121 hr_security_internal.g_pos_tbl(p_position_id) := TRUE;
2122 END IF;
2123 --
2124 IF (NVL(g_context.top_position_method, 'S') <> 'U') THEN
2125 hr_security_internal.add_pos_to_security_list(p_security_profile_id,
2126 p_position_id);
2127 END IF;
2128 --
2129 end add_position;
2130 --
2131 --
2132 -----------------------------------------------------------------------
2133 --< add_payroll >------------------------------------------------------
2134 -----------------------------------------------------------------------
2135 --
2136 procedure add_payroll
2137 (p_payroll_id number) is
2138 begin
2139
2140 IF globals_need_refreshing THEN
2141 hr_signon.initialize_hr_security;
2142 initialise_globals;
2143 END IF;
2144
2145 IF g_context.view_all_flag <> 'Y' AND
2146 g_context.view_all_payrolls_flag = 'N' AND
2147 p_payroll_id IS NOT NULL
2148 THEN
2149 hr_security_internal.g_pay_tbl(p_payroll_id) := TRUE;
2150 END IF;
2151
2152 end add_payroll;
2153 --
2154 -------------------------------------------------------------------------
2155 ---------------------< get_sec_profile_bg_id >---------------------------
2156 -------------------------------------------------------------------------
2157 --
2158 FUNCTION get_sec_profile_bg_id
2159 RETURN NUMBER
2160 is
2161 begin
2162 if fnd_global.user_id <> -1 then
2163
2164 if globals_need_refreshing then
2165 hr_signon.initialize_hr_security;
2166 initialise_globals;
2167 end if;
2168
2169 return g_context.business_group_id;
2170
2171 else
2172 return null;
2173 end if;
2174 end get_sec_profile_bg_id;
2175 --
2176 -------------------------------------------------------------------------
2177 ---------------------< restrict_on_individual_asg >----------------------
2178 -------------------------------------------------------------------------
2179 --
2180 FUNCTION restrict_on_individual_asg
2181 RETURN BOOLEAN
2182 IS
2183
2184 BEGIN
2185 --
2186 -- Ensure the cache is up to date.
2187 --
2188 IF globals_need_refreshing THEN
2189 hr_signon.initialize_hr_security;
2190 initialise_globals;
2191 END IF;
2192
2193 --
2194 -- Return the restrict on individual assignment flag.
2195 --
2196 RETURN (NVL(hr_signon.g_hr_security_profile.restrict_on_individual_asg
2197 ,NVL(g_context.restrict_on_individual_asg, 'N')) = 'Y');
2198
2199 END restrict_on_individual_asg;
2200 --
2201 -------------------------------------------------------------------------
2202 ---------------------< restrict_by_supervisor_flag >---------------------
2203 -------------------------------------------------------------------------
2204 --
2205 FUNCTION restrict_by_supervisor_flag
2206 RETURN VARCHAR2
2207 IS
2208
2209 BEGIN
2210 --
2211 -- Ensure the cache is up to date.
2212 --
2213 IF globals_need_refreshing THEN
2214 hr_signon.initialize_hr_security;
2215 initialise_globals;
2216 END IF;
2217
2218 --
2219 -- Return the type of supervisor security.
2220 --
2221 RETURN (NVL(hr_signon.g_hr_security_profile.restrict_on_individual_asg
2222 ,NVL(g_context.restrict_on_individual_asg, 'N')));
2223
2224 END restrict_by_supervisor_flag;
2225 --
2226 --
2227 PROCEDURE delete_list_for_bg(p_business_group_id NUMBER)
2228 IS
2229 BEGIN
2230 hr_security_internal.delete_security_list_for_bg(p_business_group_id);
2231 END;
2232 --
2233 --
2234 PROCEDURE delete_per_from_list(p_person_id number)
2235 IS
2236 BEGIN
2237 hr_security_internal.delete_per_from_security_list(p_person_id);
2238 END;
2239 --
2240 --
2241 PROCEDURE delete_org_from_list(p_organization_id number)
2242 IS
2243 BEGIN
2244 hr_security_internal.delete_org_from_security_list(p_organization_id);
2245 END;
2246 --
2247 --
2248 PROCEDURE delete_pos_from_list(p_position_id number)
2249 IS
2250 BEGIN
2251 hr_security_internal.delete_pos_from_security_list(p_position_id);
2252 END;
2253 --
2254 --
2255 PROCEDURE delete_payroll_from_list(p_payroll_id number)
2256 IS
2257 BEGIN
2258 hr_security_internal.delete_pay_from_security_list(p_payroll_id);
2259 END;
2260 --
2261 --
2262 -------------------------------------------------------------------------
2263 ---------------------< PACKAGE INITIALIZATION >--------------------------
2264 -------------------------------------------------------------------------
2265 --
2266 BEGIN
2267 --
2268 -- Initialise package global variables
2269 --
2270 hr_signon.initialize_hr_security;
2271 Initialise_Globals;
2272 --
2273 END HR_SECURITY;