[Home] [Help]
90: --
91: -- Insert new contact into all person lists for all profiles which:
92: -- a) Restrict access to contacts
93: -- b) No restriction for contacts but candidates are restricted.
94: insert into per_person_list(person_id, security_profile_id, request_id
95: ,program_application_id, program_id
96: ,program_update_date)
97: select p_person_id, psp.security_profile_id, l_req_id, l_appl_id,
98: l_prog_id, l_upd_date
107: psp.view_all_candidates_flag = 'X')) and
108: business_group_id is null))
109: and not exists
110: (select 1
111: from per_person_list ppl
112: where ppl.security_profile_id = psp.security_profile_id
113: and ppl.person_id = p_person_id);
114: --
115: hr_utility.set_location(l_proc, 20);
152: -- immediately without giving the creator a chance to move person
153: -- to correct org. This one is in the twilight zone, as the person will go
154: -- invisible to the current user at the next LISTGEN run anyway)
155: --
156: INSERT INTO PER_PERSON_LIST
157: (PERSON_ID
158: ,SECURITY_PROFILE_ID
159: ,REQUEST_ID
160: ,PROGRAM_APPLICATION_ID
177: or NVL(psp.custom_restriction_flag, 'N') = 'Y')
178: and business_group_id is null))
179: and not exists
180: (select 1
181: from per_person_list ppl
182: where ppl.security_profile_id = psp.security_profile_id
183: and ppl.granted_user_id is null
184: and ppl.person_id = p_person_id);
185: --
204: --
205: begin
206: hr_utility.set_location('Entering:'|| l_proc, 10);
207: -- remove the person from the list
208: delete from per_person_list
209: where person_id=p_person_id
210: and security_profile_id is not null;
211: --
212: hr_utility.set_location(l_proc, 20);
422: hr_utility.set_location(l_proc, 20);
423: End if;
424: forall per_rec in l_security_profie_table.first .. l_security_profie_table.last
425: SAVE EXCEPTIONS
426: Insert into per_person_list(security_profile_id,
427: person_id,request_id,
428: program_application_id,
429: program_id,
430: program_update_date)
527: null,:l_true,hr_security_internal.evaluate_custom(
528: :p_assignment_id , sec.restriction_text,
529: to_date(to_char(:p_effective_date, ''dd/mm/yyyy'')
530: , ''dd/mm/yyyy''))) = :l_true and not exists (
531: select 1 from per_person_list ppl
532: where ppl.person_id = :l_person_id
533: and ppl.granted_user_id is null
534: and ppl.security_profile_id = sec.security_profile_id) ';
535: -- if position is null
2582: ' hr_security_internal.evaluate_custom(
2583: :p_assignment_id,sec.restriction_text,
2584: to_date(to_char(:p_effective_date, ''dd/mm/yyyy'')
2585: , ''dd/mm/yyyy'')) = :l_true and not exists (
2586: select 1 from per_person_list ppl
2587: where ppl.person_id =:l_person_id
2588: and ppl.security_profile_id = sec.security_profile_id)';
2589: --
2590: if g_debug then
2893: -- presumably as part of the user based security changes.
2894: --
2895: cursor chk_person_list is
2896: select 1
2897: from per_person_list
2898: where person_id = p_person_id
2899: and granted_user_id = p_granted_user_id
2900: and security_profile_id is null;
2901: --
2933: open chk_person_list;
2934: fetch chk_person_list into l_dummy;
2935: if chk_person_list%notfound then
2936: close chk_person_list;
2937: INSERT INTO PER_PERSON_LIST
2938: (PERSON_ID
2939: ,GRANTED_USER_ID)
2940: values
2941: (p_person_id
2965: then
2966: --
2967: -- If a user id is passed then revoke access for just that user
2968: --
2969: delete from per_person_list
2970: where person_id=p_person_id
2971: and granted_user_id =p_granted_user_id
2972: and security_profile_id is null;
2973: else
2973: else
2974: --
2975: -- else revoke access for all users.
2976: --
2977: delete from per_person_list
2978: where person_id = p_person_id
2979: and granted_user_id is not null
2980: and security_profile_id is null;
2981: end if;
4792: l_custom_per = 'Y') THEN
4793: l_temp_clause := and_clause(l_temp_clause,
4794: 'EXISTS
4795: (SELECT null
4796: FROM per_person_list ppl
4797: WHERE ppl.security_profile_id = :security_profile_id
4798: AND ppl.person_id = hr_asg.person_id)');
4799: l_custom_y_set := TRUE;
4800: END IF;
5114: l_custom_per = 'Y') THEN
5115: l_temp_clause := and_clause(l_temp_clause,
5116: 'EXISTS
5117: (SELECT null
5118: FROM per_person_list ppl
5119: WHERE ppl.security_profile_id = :security_profile_id
5120: AND ppl.person_id = hr_asg.person_id)');
5121: l_custom_y_set := TRUE;
5122: END IF;
5773: -- security profile and therefore different access rights.
5774: --
5775: CURSOR csr_get_static_per_for_user IS
5776: SELECT ppl.person_id
5777: FROM per_person_list ppl
5778: WHERE ppl.security_profile_id IS NOT NULL
5779: AND ppl.granted_user_id IS NOT NULL
5780: AND ppl.security_profile_id = p_security_profile_id
5781: AND ppl.granted_user_id = p_user_id;
5786: -- not in use.
5787: --
5788: CURSOR csr_get_static_per IS
5789: SELECT ppl.person_id
5790: FROM per_person_list ppl
5791: WHERE ppl.security_profile_id IS NOT NULL
5792: AND ppl.granted_user_id IS NULL
5793: AND ppl.security_profile_id = p_security_profile_id;
5794:
5805: -- If this is user-based, look for a user and
5806: -- security profile pair. Generally speaking, the static
5807: -- user lists will only be cached when it is known that
5808: -- this user is in the list of users to build static
5809: -- lists for AND they have rows in per_person_list.
5810: --
5811: IF g_dbg THEN op(l_proc, 20); END IF;
5812:
5813: IF p_cache_by_user THEN
6005: -- evaluated) but did once have an assignment.
6006: --
6007: CURSOR csr_get_static_per IS
6008: SELECT plc.person_id
6009: FROM per_person_list_changes plc
6010: WHERE plc.security_profile_id IS NOT NULL
6011: AND plc.security_profile_id = p_security_profile_id
6012: AND NOT EXISTS
6013: (SELECT NULL
6086: -- granted access.
6087: --
6088: CURSOR csr_get_granted_users IS
6089: SELECT ppl.person_id
6090: FROM per_person_list ppl
6091: WHERE ppl.granted_user_id IS NOT NULL
6092: AND ppl.granted_user_id = p_user_id
6093: AND ppl.security_profile_id IS NULL;
6094:
6426: -- picked up here.
6427: --
6428: SELECT ppl.person_id
6429: INTO l_person_id
6430: FROM per_person_list ppl
6431: WHERE ppl.granted_user_id IS NOT NULL
6432: AND ppl.security_profile_id IS NOT NULL
6433: AND ppl.granted_user_id = p_user_id
6434: AND ppl.security_profile_id = p_security_profile_id
6644:
6645: IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
6646:
6647: --
6648: -- Delete all people in per_person_list for this user
6649: -- and this security profile.
6650: --
6651: IF g_dbg THEN op(l_proc, 20); END IF;
6652:
6654: -- Here it is important to specify that the security_profile_id is not
6655: -- null because rows with a null security_profile_id indicate
6656: -- access explicitly granted through SSHR.
6657: --
6658: DELETE FROM per_person_list ppl
6659: WHERE ppl.granted_user_id IS NOT NULL
6660: AND ppl.security_profile_id IS NOT NULL
6661: AND ppl.granted_user_id = p_user_id
6662: AND ppl.security_profile_id = p_security_profile_id;
6968: -- delete_per_list_for_user) prior to insertion.
6969: --
6970: IF g_dbg THEN op(l_proc||'('||to_char(i)||'):'); END IF;
6971:
6972: INSERT INTO per_person_list
6973: (security_profile_id
6974: ,person_id
6975: ,granted_user_id
6976: ,request_id
7671: ,p_use_static_lists => p_use_static_lists);
7672:
7673: --
7674: -- Contacts for the people visible (both related and unrelated) and
7675: -- rows in per_person_list_changes are not processed and so not visible
7676: -- for all types of user-based security.
7677:
7678: -- The reason for this is to remain consistent with supervisor security
7679: -- (been around since 11i) where PPLC people were not processed and
7690: -- this scenario without need to refer to the cache.
7691:
7692: -- A condition with view_all_contacts_flag = All and
7693: -- view_all_candidates_flag = None, needs caching (ie: similar to
7694: -- record existing in per_person_list). The additional OR condition
7695: -- is included as part of Candidate Security enchancements.
7696:
7697: -- if p_sec_prof_rec.view_all_contacts_flag = 'N' or
7698: -- (p_sec_prof_rec.view_all_contacts_flag = 'Y' and
7711: add_contacts_to_cache(p_effective_date
7712: ,p_sec_prof_rec.business_group_id);
7713: --
7714: end if;
7715: -- Add the people in per_person_list_changes to the cache.
7716: -- It is expected that this can be obsoleted at a future
7717: -- date, because per_person_list_changes is effectively
7718: -- obsolete and is retained solely for the purpose of not
7719: -- breaking customer custom processes that use this table.
7713: --
7714: end if;
7715: -- Add the people in per_person_list_changes to the cache.
7716: -- It is expected that this can be obsoleted at a future
7717: -- date, because per_person_list_changes is effectively
7718: -- obsolete and is retained solely for the purpose of not
7719: -- breaking customer custom processes that use this table.
7720:
7721: -- add_per_list_changes_to_cache(p_sec_prof_rec.security_profile_id
8209: -- WARNING: This will delete any self-service grants.
8210: --
8211: IF g_dbg THEN op(l_proc, 40); END IF;
8212:
8213: DELETE FROM per_person_list ppl
8214: WHERE ppl.granted_user_id IS NOT NULL
8215: AND ppl.security_profile_id IS NOT NULL
8216: AND ppl.granted_user_id = p_user_id
8217: AND ppl.security_profile_id = p_security_profile_id;
8339: -- and otherwise it is not a very high cost.
8340: CURSOR pev IS
8341: SELECT pp.person_id
8342: FROM per_people_f pp,
8343: per_person_list pl
8344: WHERE pp.person_id = pl.person_id
8345: AND pp.business_group_id = p_business_group_id;
8346: BEGIN
8347: --
8358: AND pay.business_group_id = p_business_group_id);
8359: hr_utility.set_location(l_proc,40);
8360: --
8361: FOR pevrec IN pev LOOP
8362: DELETE FROM per_person_list pl
8363: WHERE pl.person_id = pevrec.person_id;
8364: END LOOP;
8365: hr_utility.set_location(l_proc,50);
8366: --
8418: -- bug fix 3760559. l_proc size increased to 80.
8419: l_proc varchar2(80) := 'HR_SECURITY_INTERNAL.DELETE_PER_FROM_SECURITY_LIST';
8420: begin
8421: hr_utility.set_location('Entering:'|| l_proc, 10);
8422: delete from per_person_list l
8423: where l.person_id = P_PERSON_ID;
8424: exception
8425: when NO_DATA_FOUND then
8426: hr_utility.set_location(l_proc, 20);