1 Package hr_security_internal as
2 /* $Header: pesecbsi.pkh 120.0.12010000.1 2008/07/28 05:56:16 appldev ship $ */
3
4 --
5 -- Package global user-defined types.
6 --
7 SUBTYPE g_sec_prof_r IS per_security_profiles%ROWTYPE;
8 TYPE g_boolean_t IS TABLE OF BOOLEAN INDEX BY binary_integer;
9 TYPE g_number_t IS TABLE OF NUMBER INDEX BY binary_integer;
10 TYPE g_per_ids_t IS TABLE OF per_all_assignments_f.assignment_id%TYPE;
11
12
13 TYPE g_assignments_t IS TABLE OF per_all_assignments_f%ROWTYPE
14 INDEX BY binary_integer;
15
16 --
17 -- Package global constants.
18 --
19 g_NONE CONSTANT NUMBER := 0;
20 g_ALL CONSTANT NUMBER := 1;
21 g_ORG_SEC_ONLY CONSTANT NUMBER := 2;
22 g_POS_SEC_ONLY CONSTANT NUMBER := 3;
23 g_PAY_SEC_ONLY CONSTANT NUMBER := 4;
24 g_PER_SEC_ONLY CONSTANT NUMBER := 5;
25
26 g_NO_DEBUG CONSTANT NUMBER := 0;
27 g_PIPE CONSTANT NUMBER := 1;
28 g_FND_LOG CONSTANT NUMBER := 2;
29
30 --
31 -- Package global variables.
32 --
33 -- The boolean value is irrelevant as
34 -- inaccessible rows are not added to the tables.
35 --
36 g_org_tbl g_boolean_t;
37 g_pos_tbl g_boolean_t;
38 g_pay_tbl g_boolean_t;
39 g_per_tbl g_boolean_t;
40 --
41 -- The index stores the assignment_id
42 -- and the column value stores the person_id.
43 --
44 g_asg_tbl g_number_t;
45
46 --
47 -- ----------------------------------------------------------------------------
48 -- |--------------------------< evaluate_custom >-----------------------------|
49 -- ----------------------------------------------------------------------------
50 -- {Start Of Comments}
51 --
52 -- Description:
53 -- Routine to evaluate whether custom restriction is valid for the assignment.
54 --
55 -- Prerequisites:
56 -- A person record must have an assignment
57 --
58 -- In Parameters:
59 -- Name Reqd Type Description
60 -- p_restriction_text Yes VARCAHR2 The custom restriction.
61 -- p_assignment_id Yes NUMBER The person's assignment id.
62 -- p_effective_date Yes DATE The effective date of the
63 -- PERSLM run.
64 --
65 -- Post Success:
66 -- processing continues without commiting. Returns TRUE if restriction is
67 -- satisfied otherwise returns FALSE.
68 --
69 --
70 -- Post Failure:
71 --
72 --
73 -- Access Status:
74 -- Internal Development Use Only.
75 --
76 -- {End Of Comments}
77 --
78 function evaluate_custom
79 (p_assignment_id in number,
80 p_restriction_text in varchar2,
81 p_effective_date in date) return varchar2;
82 --
83 -- ----------------------------------------------------------------------------
84 -- |-------------------------< populate_new_payroll >-------------------------|
85 -- ----------------------------------------------------------------------------
86 -- {Start Of Comments}
87 --
88 -- Description:
89 -- This support process inserts a payroll in to the pay_payroll_list table for
90 -- all restricted payroll security profiles within the business group or for
91 -- global profiles. This should be run when a new payroll is created so that
92 -- all secure users can initially see it.
93 --
94 -- Prerequisites:
95 -- A person record must have been entered in to pay_all_payrolls_f
96 --
97 -- In Parameters:
98 -- Name Reqd Type Description
99 -- p_business_group_id Yes NUMBER The person's business group
100 -- p_payroll_id Yes NUMBER The payroll's id.
101 --
102 -- Post Success:
103 -- processing continues without commiting.
104 --
105 --
106 -- Post Failure:
107 -- If the person is already in the list, or no appropriate security profiles
108 -- exist, no action is taken.
109 --
110 -- Access Status:
111 -- Internal Development Use Only.
112 --
113 -- {End Of Comments}
114 --
115 procedure populate_new_payroll
116 (p_business_group_id in number
117 ,p_payroll_id in number);
118 --
119 -- ----------------------------------------------------------------------------
120 -- |-------------------------< populate_new_contact >-------------------------|
121 -- ----------------------------------------------------------------------------
122 -- {Start Of Comments}
123 --
124 -- Description:
125 -- This support process inserts a person in to the per_person_list table for all
126 -- restricted contact security profiles within their business group or global
127 -- profiles. This should be run when a new contact is created so that all secure
128 -- users can initially see them.
129 --
130 -- Prerequisites:
131 -- A person record must have been entered in to per_all_people_f
132 --
133 -- In Parameters:
134 -- Name Reqd Type Description
135 -- p_business_group_id Yes NUMBER The person's business group
136 -- p_person_id Yes NUMBER The person's id.
137 --
138 -- Post Success:
139 -- processing continues without commiting.
140 --
141 --
142 -- Post Failure:
143 -- If the person is already in the list, or no appropriate security profiles
144 -- exist, no action is taken.
145 --
146 -- Access Status:
147 -- Internal Development Use Only.
148 --
149 -- {End Of Comments}
150 --
151 procedure populate_new_contact
152 (p_business_group_id in number
153 ,p_person_id in number);
154
155 --
156 -- ----------------------------------------------------------------------------
157 -- |-------------------------< populate_new_person >--------------------------|
158 -- ----------------------------------------------------------------------------
159 -- {Start Of Comments}
160 --
161 -- Description:
162 -- This support process inserts a person in to the per_person_list table for all
163 -- non-view-all security profiles within their business group and global
164 -- profiles. This should be run when a new employee, applicant or contingent
165 -- worker is created so that all secure users can initially see them.
166 --
167 -- Prerequisites:
168 -- A person record must have been entered in to per_all_people_f
169 --
170 -- In Parameters:
171 -- Name Reqd Type Description
172 -- p_business_group_id Yes NUMBER The person's business group
173 -- p_person_id Yes NUMBER The person's id.
174 --
175 -- Post Success:
176 -- processing continues without commiting.
177 --
178 --
179 -- Post Failure:
180 -- If the person is already in the list, or no appropriate security profiles
181 -- exist, no action is taken.
182 --
183 -- Access Status:
184 -- Internal Development Use Only.
185 --
186 -- {End Of Comments}
187 --
188 procedure populate_new_person
189 (p_business_group_id in number
190 ,p_person_id in number);
191 --
192 -- ----------------------------------------------------------------------------
193 -- |-----------------------< clear_from_person_list >-------------------------|
194 -- ----------------------------------------------------------------------------
195 -- {Start Of Comments}
196 --
197 -- Description:
198 -- This support process clears all of a persons data from the per_person_list
199 -- table. This should be run to remove the access to a person from secure
200 -- users before re-populating the list with new settings.
201 --
202 -- Prerequisites:
203 -- A person record must have been entered in to per_all_people_f
204 --
205 -- In Parameters:
206 -- Name Reqd Type Description
207 -- p_person_id Yes NUMBER The person's id.
208 --
209 -- Post Success:
210 -- processing continues without commiting.
211 --
212 --
213 -- Post Failure:
214 -- If there are no existing records, no action is taken.
215 --
216 -- Access Status:
217 -- Internal Development Use Only.
218 --
219 -- {End Of Comments}
220 --
221 procedure clear_from_person_list
222 (p_person_id in number);
223 --
224 -- ----------------------------------------------------------------------------
225 -- |--------------------------< add_to_person_list >--------------------------|
226 -- ----------------------------------------------------------------------------
227 -- {Start Of Comments}
228 --
229 -- Description:
230 -- This support process inserts a person in to the per_person_list table for the
231 -- security profiles that match the assignment. This should be run when an
232 -- employee's or applicant's assignment is changed.
233 -- The person is not deleted from the old list, so no access is removed.
234 --
235 -- Prerequisites:
236 -- A person record must have been entered in to per_all_people_f
237 --
238 -- In Parameters:
239 -- Name Reqd Type Description
240 -- p_effective_date Yes DATE The date of the assignment details
241 -- p_assignment_id Yes NUMBER The person's assignment id.
242 -- p_business_group_id No NUMBER The BG ID if we are doing
243 -- profiles in a BG
244 -- p_generation_scope No VARCAHR2 Scope of generation process.
245 --
246 -- Post Success:
247 -- processing continues without commiting.
248 --
249 --
250 -- Post Failure:
251 -- If the person is already in the list, or no appropriate security profiles
252 -- exist, no action is taken.
253 --
254 -- Access Status:
255 -- Internal Development Use Only.
256 --
257 -- {End Of Comments}
258 --
259 procedure add_to_person_list
260 (p_effective_date in date
261 ,p_assignment_id in number
262 ,p_business_group_id in number default null
263 ,p_generation_scope in varchar2 default 'ALL_PROFILES');
264 --
265 -- ----------------------------------------------------------------------------
266 -- |--------------------< clear_from_person_list_changes >--------------------|
267 -- ----------------------------------------------------------------------------
268 -- {Start Of Comments}
269 --
270 -- Description:
271 -- This support process clears all of a persons data from the per_person_list_changes
272 -- table. This should be run when an ex-employee or ex-applicant become a current
273 -- employee or applicant so that the security lists are based on the new assignments.
274 --
275 -- Prerequisites:
276 -- A person record must have been entered in to per_all_people_f
277 --
278 -- In Parameters:
279 -- Name Reqd Type Description
280 -- p_person_id Yes NUMBER The person's id.
281 --
282 -- Post Success:
283 -- processing continues without commiting.
284 --
285 --
286 -- Post Failure:
287 -- If there are no existing records, no action is taken.
288 --
289 -- Access Status:
290 -- Internal Development Use Only.
291 --
292 -- {End Of Comments}
293 --
294 procedure clear_from_person_list_changes
295 (p_person_id in number);
296 --
297 -- ----------------------------------------------------------------------------
298 -- |---------------------< re_enter_person_list_changes >---------------------|
299 -- ----------------------------------------------------------------------------
300 -- {Start Of Comments}
301 --
302 -- Description:
303 -- This support process inserts a person in to the per_person_list_changes table
304 -- for the security profiles that match the their last employee or applicant
305 -- assignment. This should be run when a re-hire or re-application is canceled so
306 -- that the ex-employee or ex-applicant is visible as of their old details.
307 -- The person is not deleted from per_person_list, so this should be done seperatly.
308 --
309 -- Prerequisites:
310 -- A person record must have been entered in to per_all_people_f
311 --
312 -- In Parameters:
313 -- Name Reqd Type Description
314 -- p_person_id Yes NUMBER The person's id.
315 --
316 -- Post Success:
317 -- processing continues without commiting.
318 --
319 --
320 -- Post Failure:
321 -- If the person is already in the list, or no appropriate security profiles
322 -- exist, or they do not have an old assignment, no action is taken.
323 --
324 -- Access Status:
325 -- Internal Development Use Only.
326 --
327 -- {End Of Comments}
328 --
329 procedure re_enter_person_list_changes
330 (p_person_id in number);
331 ----
332 -- ----------------------------------------------------------------------------
333 -- |----------------------< copy_to_person_list_changes >---------------------|
334 -- ----------------------------------------------------------------------------
335 -- {Start Of Comments}
336 --
337 -- Description:
338 -- This support process inserts a person in to the per_person_list_changes table
339 -- for every row in the per_person_list table. This should be run when employment
340 -- or an application is terminated so that the ex-employee or ex-applicant is
341 -- visible as of their last details.
342 -- The person is not deleted from per_person_list.
343 --
344 -- Prerequisites:
345 -- A person record must have been entered in to per_all_people_f
346 --
347 -- In Parameters:
348 -- Name Reqd Type Description
349 -- p_person_id Yes NUMBER The person's id.
350 --
351 -- Post Success:
352 -- processing continues without commiting.
353 --
354 --
355 -- Post Failure:
356 -- If the person is already in the list, or there are no entries in per_person_list,
357 -- no action is taken.
358 --
359 -- Access Status:
360 -- Internal Development Use Only.
361 --
362 -- {End Of Comments}
363 --
364 procedure copy_to_person_list_changes
365 (p_person_id in number);
366 --
367 --
368 -- ----------------------------------------------------------------------------
369 -- |------------------------< grant_access_to_person >------------------------|
370 -- ----------------------------------------------------------------------------
371 -- {Start Of Comments}
372 --
373 -- Description:
374 -- This support process inserts a row in to the per_person_list table
375 -- to allow a grantee to see a person outside of their security profile.
376 --
377 -- Prerequisites:
378 -- A person record must have been entered in to per_all_people_f
379 -- The granted user must have the a security profile assigned to them in some
380 -- responsibility which allows granted users.
381 -- The security profile must allow granted users.
382 --
383 -- In Parameters:
384 -- Name Reqd Type Description
385 -- p_person_id Yes NUMBER The person's id.
386 -- p_granted_user_id Yes NUMBER The id of the user who is
387 -- granted access to the person
388 --
389 --
390 -- Post Success:
391 -- processing continues without commiting.
392 --
393 --
394 -- Post Failure:
395 -- If the user already has access then no action is taken.
396 -- If the person or granted user do not exist then an error
397 -- will be raised.
398 -- If the security profile does not exist for the grantee which allows
399 -- granted users then an error will be raised.
400 --
401 -- Access Status:
402 -- Internal Development Use Only.
403 --
404 -- {End Of Comments}
405 --
406 procedure grant_access_to_person
407 (p_person_id in number
408 ,p_granted_user_id in number);
409 --
410 -- ----------------------------------------------------------------------------
411 -- |----------------------< revoke_access_from_person >-----------------------|
412 -- ----------------------------------------------------------------------------
413 -- {Start Of Comments}
414 --
415 -- Description:
416 -- This support process deletes a row from the per_person_list table
417 -- to revoke access for a grantee to see a person outside of their security
418 -- profile. If no single grantee is explicitly identified then revoke access
419 -- for all grantees.
420 --
421 -- Prerequisites:
422 -- The grantee must have access to see the person
423 --
424 -- In Parameters:
425 -- Name Reqd Type Description
426 -- p_person_id Yes NUMBER The person's id.
427 -- p_granted_user_id Yes NUMBER The id of the user who is
428 -- granted access to the person
429 --
430 --
431 -- Post Success:
432 -- processing continues without commiting.
433 --
434 --
435 -- Post Failure:
436 -- If the granted_user did not have access to see the person then an error
437 -- will be raised.
438 --
439 -- Access Status:
440 -- Internal Development Use Only.
441 --
442 -- {End Of Comments}
443 --
444 procedure revoke_access_from_person
445 (p_person_id in number
446 ,p_granted_user_id in number default null);
447 --
448 -- ----------------------------------------------------------------------------
449 -- |----------------------< op >----------------------------------------------|
450 -- ----------------------------------------------------------------------------
451 -- {Start Of Comments}
452 --
453 -- Description:
454 -- This is a wrapper debug utility for hr_utility.trace and concurrent
455 -- request logging. PYUPIP can not easily be enabled for concurrent
456 -- requests because each thread uses a different SQL session ID; this
457 -- wrapper utility writes output to concurrent request logs making
458 -- debugging easier.
459 --
460 -- Prerequisites:
461 -- If using PYUPIP, it must be enabled.
462 --
463 -- In Parameters:
464 -- Name Reqd Type Description
465 -- p_msg Yes VARCHAR2 The debug output.
466 --
467 -- Post Success:
468 -- Processing continues without commiting.
469 --
470 -- Post Failure:
471 -- This procedure should not fail.
472 --
473 -- Access Status:
474 -- Internal Development Use Only.
475 --
476 -- {End Of Comments}
477 --
478 PROCEDURE op
479 (p_msg IN VARCHAR2);
480 --
481 -- ----------------------------------------------------------------------------
482 -- |----------------------< op >----------------------------------------------|
483 -- ----------------------------------------------------------------------------
484 -- {Start Of Comments}
485 --
486 -- Description:
487 -- This is an overloaded version of the above procedure. This takes
488 -- one additional parameter that specifies the location of the code.
489 --
490 -- Prerequisites:
491 -- If using PYUPIP, it must be enabled.
492 --
493 -- In Parameters:
494 -- Name Reqd Type Description
495 -- p_msg Yes VARCHAR2 The debug output.
496 -- p_location Yes NUMBER Location of code.
497 --
498 -- Post Success:
499 -- Processing continues without commiting.
500 --
501 -- Post Failure:
502 -- This procedure should not fail.
503 --
504 -- Access Status:
505 -- Internal Development Use Only.
506 --
507 -- {End Of Comments}
508 --
509 PROCEDURE op
510 (p_msg IN VARCHAR2
511 ,p_location IN NUMBER);
512 --
513 -- ----------------------------------------------------------------------------
514 -- |----------------------< get_assignments >---------------------------------|
515 -- ----------------------------------------------------------------------------
516 -- {Start Of Comments}
517 --
518 -- Description:
519 -- Given a person, this function returns a PL/SQL table of records
520 -- detailing the person's employee and contingent worker assignments.
521 -- The assignment details are cached to prevent unncessary queries.
522 --
523 -- Prerequisites:
524 -- None.
525 --
526 -- In Parameters:
527 -- Name Reqd Type Description
528 -- p_person_id Yes NUMBER ID of person.
529 -- p_effective_date Yes DATE Effective date on which
530 -- to get the assignments.
531 --
532 -- Post Success:
533 -- Processing continues without commiting.
534 --
535 -- Post Failure:
536 -- The function returns a null PL/SQL table; no error is raised.
537 --
538 -- Access Status:
539 -- Internal Development Use Only.
540 --
541 -- {End Of Comments}
542 --
543 FUNCTION get_assignments
544 (p_person_id IN NUMBER
545 ,p_effective_date IN DATE)
546 RETURN g_assignments_t;
547 --
548 -- ----------------------------------------------------------------------------
549 -- |----------------------< org_access_known >--------------------------------|
550 -- ----------------------------------------------------------------------------
551 -- {Start Of Comments}
552 --
553 -- Description:
554 -- Returns a boolean to indicate whether the organization security
555 -- permissions for the user concerned have already been evaluated
556 -- and cached.
557 --
558 -- Prerequisites:
559 -- None.
560 --
561 -- In Parameters:
562 -- None.
563 --
564 -- Post Success:
565 -- Processing continues without commiting.
566 --
567 -- Post Failure:
568 -- The function should not fail.
569 --
570 -- Access Status:
571 -- Internal Development Use Only.
572 --
573 -- {End Of Comments}
574 --
575 FUNCTION org_access_known
576 RETURN BOOLEAN;
577 --
578 -- ----------------------------------------------------------------------------
579 -- |----------------------< pos_access_known >--------------------------------|
580 -- ----------------------------------------------------------------------------
581 -- {Start Of Comments}
582 --
583 -- Description:
584 -- Returns a boolean to indicate whether the position security
585 -- permissions for the user concerned have already been evaluated
586 -- and cached.
587 --
588 -- Prerequisites:
589 -- None.
590 --
591 -- In Parameters:
592 -- None.
593 --
594 -- Post Success:
595 -- Processing continues without commiting.
596 --
597 -- Post Failure:
598 -- The function should not fail.
599 --
600 -- Access Status:
601 -- Internal Development Use Only.
602 --
603 -- {End Of Comments}
604 --
605 FUNCTION pos_access_known
606 RETURN BOOLEAN;
607 --
608 -- ----------------------------------------------------------------------------
609 -- |----------------------< pay_access_known >--------------------------------|
610 -- ----------------------------------------------------------------------------
611 -- {Start Of Comments}
612 --
613 -- Description:
614 -- Returns a boolean to indicate whether the payroll security
615 -- permissions for the user concerned have already been evaluated
616 -- and cached.
617 --
618 -- Prerequisites:
619 -- None.
620 --
621 -- In Parameters:
622 -- None.
623 --
624 -- Post Success:
625 -- Processing continues without commiting.
626 --
627 -- Post Failure:
628 -- The function should not fail.
629 --
630 -- Access Status:
631 -- Internal Development Use Only.
632 --
633 -- {End Of Comments}
634 --
635 FUNCTION pay_access_known
636 RETURN BOOLEAN;
637 --
638 -- ----------------------------------------------------------------------------
639 -- |----------------------< per_access_known >--------------------------------|
640 -- ----------------------------------------------------------------------------
641 -- {Start Of Comments}
642 --
643 -- Description:
644 -- Returns a boolean to indicate whether the person security
645 -- permissions for the user concerned have already been evaluated
646 -- and cached.
647 --
648 -- Prerequisites:
649 -- None.
650 --
651 -- In Parameters:
652 -- None.
653 --
654 -- Post Success:
655 -- Processing continues without commiting.
656 --
657 -- Post Failure:
658 -- The function should not fail.
659 --
660 -- Access Status:
661 -- Internal Development Use Only.
662 --
663 -- {End Of Comments}
664 --
665 FUNCTION per_access_known
666 RETURN BOOLEAN;
667 --
668 -- ----------------------------------------------------------------------------
669 -- |----------------------< show_organization >-------------------------------|
670 -- ----------------------------------------------------------------------------
671 -- {Start Of Comments}
672 --
673 -- Description:
674 -- Returns a TRUE/FALSE VARCHAR2 that determines whether the specified
675 -- organization can be seen for the given security profile cache. This
676 -- function simply checks the cached org table and so if the profile is
677 -- "view all orgs" no organizations will exist in the table. Before using
678 -- this function, check whether the profile restricts by organization first.
679 --
680 -- Prerequisites:
681 -- Verify that the profile restricts by organization prior to calling this
682 -- procedure: it will return FALSE if called with a View All or View All
683 -- Orgs profile context.
684 --
685 -- In Parameters:
686 -- p_organization_id: uniquely identifies the organization for which access
687 -- is being checked.
688 --
689 -- Post Success:
690 -- The function returns 'TRUE' or 'FALSE'.
691 --
692 -- Post Failure:
693 -- The function should not fail.
694 --
695 -- Access Status:
696 -- Internal Development Use Only.
697 --
698 -- {End Of Comments}
699 --
700 FUNCTION show_organization
701 (p_organization_id IN NUMBER)
702 RETURN VARCHAR2;
703 --
704 -- ----------------------------------------------------------------------------
705 -- |----------------------< show_position >-----------------------------------|
706 -- ----------------------------------------------------------------------------
707 -- {Start Of Comments}
708 --
709 -- Description:
710 -- Returns a TRUE/FALSE VARCHAR2 that determines whether the specified
711 -- position can be seen for the given security profile cache. This
712 -- function simply checks the cached pos table and so if the profile is
713 -- "view all pos" no positions will exist in the table. Before using
714 -- this function, check whether the profile restricts by position first.
715 --
716 -- Prerequisites:
717 -- Verify that the profile restricts by position prior to calling this
718 -- procedure: it will return FALSE if called with a View All or View All
719 -- Pos profile context.
720 --
721 -- In Parameters:
722 -- p_position_id: uniquely identifies the position for which access
723 -- is being checked.
724 --
725 -- Post Success:
726 -- The function returns 'TRUE' or 'FALSE'.
727 --
728 -- Post Failure:
729 -- The function should not fail.
730 --
731 -- Access Status:
732 -- Internal Development Use Only.
733 --
734 -- {End Of Comments}
735 --
736 FUNCTION show_position
737 (p_position_id IN NUMBER)
738 RETURN VARCHAR2;
739 --
740 -- ----------------------------------------------------------------------------
741 -- |----------------------< show_payroll >------------------------------------|
742 -- ----------------------------------------------------------------------------
743 -- {Start Of Comments}
744 --
745 -- Description:
746 -- Returns a TRUE/FALSE VARCHAR2 that determines whether the specified
747 -- payroll can be seen for the given security profile cache. This
748 -- function simply checks the cached pay table and so if the profile is
749 -- "view all pay" no payrolls will exist in the table. Before using
750 -- this function, check whether the profile restricts by payroll first.
751 --
752 -- Prerequisites:
753 -- Verify that the profile restricts by payroll prior to calling this
754 -- procedure: it will return FALSE if called with a View All or View All
755 -- Pay profile context.
756 --
757 -- In Parameters:
758 -- p_payroll_id: uniquely identifies the payroll for which access
759 -- is being checked.
760 --
761 -- Post Success:
762 -- The function returns 'TRUE' or 'FALSE'.
763 --
764 -- Post Failure:
765 -- The function should not fail.
766 --
767 -- Access Status:
768 -- Internal Development Use Only.
769 --
770 -- {End Of Comments}
771 --
772 FUNCTION show_payroll
773 (p_payroll_id IN NUMBER)
774 RETURN VARCHAR2;
775 --
776 -- ----------------------------------------------------------------------------
777 -- |----------------------< evaluate_access >---------------------------------|
778 -- ----------------------------------------------------------------------------
779 -- {Start Of Comments}
780 --
781 -- Description:
782 -- Evaluates security for a particular user and security profile pair.
783 -- The permissions are stored in cache and used by the secure views
784 -- for fast access.
785 --
786 -- Prerequisites:
787 -- When user-based security is used, the application contexts should be set,
788 -- for example, by virtue of starting an applications session or by
789 -- running fnd_global.apps_initialize.
790 --
791 -- In Parameters:
792 -- Name Reqd Type Description
793 -- p_person_id No Number ID of person.
794 -- p_user_id Yes Number ID of user; user's person
795 -- should match the ID
796 -- above.
797 -- p_effective_date Yes Date Effective date on which
798 -- to evaluate security.
799 -- p_sec_prof_rec Yes Record PL/SQL record of security
800 -- profile, used to evaluate
801 -- security.
802 -- p_what_to_evaluate No Number Indicates what security
803 -- should be assessed to
804 -- avoid unncessarily
805 -- evaluating security at
806 -- sign-on.
807 -- p_use_static_lists No Boolean If the static lists
808 -- are not used
809 -- (created using PERSLM)
810 -- permissions are
811 -- evaluated dynamically.
812 -- p_update_static_lists No Boolean Static lists can be
813 -- automatically updated
814 -- instead of updating through
815 -- PERSLM.
816 -- p_debug No Number Indicates the type of
817 -- debugging to use: PIPE
818 -- or concurrent request.
819 --
820 -- Post Success:
821 -- Permissions are cached; processing continues.
822 --
823 -- Post Failure:
824 -- Permissions are not cached; no error is raised.
825 --
826 -- Access Status:
827 -- Internal Development Use Only.
828 --
829 -- {End Of Comments}
830 --
831 PROCEDURE evaluate_access
832 (p_user_id IN NUMBER
833 ,p_effective_date IN DATE
834 ,p_sec_prof_rec IN g_sec_prof_r
835 ,p_person_id IN NUMBER DEFAULT NULL
836 ,p_what_to_evaluate IN NUMBER DEFAULT g_PER_SEC_ONLY
837 ,p_use_static_lists IN BOOLEAN DEFAULT TRUE
838 ,p_update_static_lists IN BOOLEAN DEFAULT FALSE
839 ,p_debug IN NUMBER DEFAULT g_NO_DEBUG);
840 --
841 -- ----------------------------------------------------------------------------
842 -- |----------------------< user_in_static_lists >----------------------------|
843 -- ----------------------------------------------------------------------------
844 -- {Start Of Comments}
845 --
846 -- Description:
847 -- Returns a boolean to indicate whether the specified user has
848 -- permissions stored in any of the static lists.
849 --
850 -- Prerequisites:
851 -- None.
852 --
853 -- In Parameters:
854 -- Name Reqd Type Description
855 -- p_user_id Yes Number ID of user.
856 -- p_security_profile_id Yes Number ID of security profile.
857 --
858 -- Post Success:
859 -- A boolean is returned to indicate whether this user has any permissions
860 -- stored in static lists for this security profile.
861 --
862 -- Post Failure:
863 -- The boolean returns FALSE.
864 --
865 -- Access Status:
866 -- Internal Development Use Only.
867 --
868 -- {End Of Comments}
869 --
870 FUNCTION user_in_static_lists
871 (p_user_id IN NUMBER
872 ,p_security_profile_id IN NUMBER)
873 RETURN BOOLEAN;
874 --
875 -- ----------------------------------------------------------------------------
876 -- |----------------------< delete_static_lists_for_user >--------------------|
877 -- ----------------------------------------------------------------------------
878 -- {Start Of Comments}
879 --
880 -- Description:
881 -- Deletes the static lists for a specified user and specified security
882 -- profile. No commit is issued.
883 --
884 -- Prerequisites:
885 -- None.
886 --
887 -- In Parameters:
888 -- Name Reqd Type Description
889 -- p_user_id Yes Number ID of user.
890 -- p_security_profile_id Yes Number ID of security profile.
891 --
892 -- Post Success:
893 -- Static list permissions are deleted for the specified user and
894 -- security profile.
895 --
896 -- Post Failure:
897 -- The permissions are not deleted; no error is raised.
898 --
899 -- Access Status:
900 -- Internal Development Use Only.
901 --
902 PROCEDURE delete_static_lists_for_user
903 (p_user_id IN NUMBER
904 ,p_security_profile_id IN NUMBER);
905 --
906 -- ----------------------------------------------------------------------------
907 -- |----------------------< get_effective_date >------------------------------|
908 -- ----------------------------------------------------------------------------
909 -- {Start Of Comments}
910 --
911 -- Description:
912 -- Fetch the effective date used to assess security. This defaults
913 -- to the system date.
914 --
915 -- Prerequisites:
916 -- None.
917 --
918 -- In Parameters:
919 -- None
920 --
921 -- Post Success:
922 -- Returns the effective date.
923 --
924 -- Post Failure:
925 -- None.
926 --
927 -- Access Status:
928 -- Internal Development Use Only.
929 --
930 FUNCTION get_effective_date RETURN DATE;
931 --
932 -- ----------------------------------------------------------------------------
933 -- |----------------------< get_what_to_evaluate >----------------------------|
934 -- ----------------------------------------------------------------------------
935 -- {Start Of Comments}
936 --
937 -- Description:
938 -- Fetch the "what to evaluate" security type. This allows the assessment
939 -- of security permissions to be delayed from sign-on to on-demand.
940 -- Alternatively, it allows all permissions to be evaluated on the spot.
941 --
942 -- Prerequisites:
943 -- None.
944 --
945 -- In Parameters:
946 -- None
947 --
948 -- Post Success:
949 -- Returns the what to evaluate type.
950 --
951 -- Post Failure:
952 -- None.
953 --
954 -- Access Status:
955 -- Internal Development Use Only.
956 --
957 FUNCTION get_what_to_evaluate RETURN NUMBER;
958 --
959 -- ----------------------------------------------------------------------------
960 -- |----------------------< get_use_static_lists >----------------------------|
961 -- ----------------------------------------------------------------------------
962 -- {Start Of Comments}
963 --
964 -- Description:
965 -- Determines whether static lists should be used or not. This only
966 -- applies where appropriate, for example, user-based security does not
967 -- use static lists unless the user has had static lists built.
968 --
969 -- Prerequisites:
970 -- None.
971 --
972 -- In Parameters:
973 -- None
974 --
975 -- Post Success:
976 -- Returns a boolean indicating whether static lists should be used.
977 --
978 -- Post Failure:
979 -- None.
980 --
981 -- Access Status:
982 -- Internal Development Use Only.
983 --
984 FUNCTION get_use_static_lists RETURN BOOLEAN;
985 --
986
987 --
988 -- ----------------------------------------------------------------------------
989 -- |-------------------< delete_security_list_for_bg >-------------------------|
990 -- ----------------------------------------------------------------------------
991 -- {Start Of Comments}
992 --
993 -- Description:
994 -- Deletes all the entries for a given business group from the following
995 -- security list tables:
996 --
997 -- pay_security_payrolls
998 -- pay_payroll_list
999 -- per_person_list
1000 -- per_position_list
1001 -- per_organization_list
1002 -- per_security_profiles
1003 --
1004 --
1005 -- Prerequisites:
1006 -- None.
1007 --
1008 -- In Parameters:
1009 -- Name Reqd Type Description
1010 -- p_business_group_id YES Number ID of Business Group.
1011
1012 --
1013 -- Post Success:
1014 -- All entries for a business group in the security list tables are removed.
1015 --
1016 -- Post Failure:
1017 -- None.
1018 --
1019 -- Access Status:
1020 -- Internal Development Use Only.
1021 --
1022 PROCEDURE delete_security_list_for_bg(p_business_group_id number);
1023 --
1024 --
1025 -- ----------------------------------------------------------------------------
1026 -- |------------------< delete_per_from_security_list >-----------------------|
1027 -- ----------------------------------------------------------------------------
1028 -- {Start Of Comments}
1029 --
1030 -- Description:
1031 -- Removes a person entries from static security list.
1032 --
1033 -- Prerequisites:
1034 -- None.
1035 --
1036 -- In Parameters:
1037 -- Name Reqd Type Description
1038 -- p_person_id YES Number ID of Person.
1039 --
1040 -- Post Success:
1041 -- A person entries are deleted from per_person_list table.
1042 --
1043 -- Post Failure:
1044 -- None.
1045 --
1046 -- Access Status:
1047 -- Internal Development Use Only.
1048 --
1049 PROCEDURE delete_per_from_security_list(p_person_id in number);
1050 --
1051 --
1052 -- ----------------------------------------------------------------------------
1053 -- |----------------------< add_org_to_security_list >------------------------|
1054 -- ----------------------------------------------------------------------------
1055 -- {Start Of Comments}
1056 --
1057 -- Description:
1058 -- Adds an organization entry for a security profile to static
1059 -- security list.
1060 --
1061 -- Prerequisites:
1062 -- None.
1063 --
1064 -- In Parameters:
1065 -- Name Reqd Type Description
1066 -- P_Security_Profile_Id YES Number ID of security Profile
1067 -- p_organization_id YES Number ID of Person.
1068 --
1069 -- Post Success:
1070 -- An organization entry is added for a security profile in the
1071 -- per_organization_list table.
1072 --
1073 -- Post Failure:
1074 -- None.
1075 --
1076 -- Access Status:
1077 -- Internal Development Use Only.
1078 --
1079 PROCEDURE add_org_to_security_list(p_security_profile_id in number,
1080 p_organization_id in number);
1081 --
1082 --
1083 -- ----------------------------------------------------------------------------
1084 -- |------------------< delete_org_from_security_list >-----------------------|
1085 -- ----------------------------------------------------------------------------
1086 -- {Start Of Comments}
1087 --
1088 -- Description:
1089 -- Removes organization entries for specified organization from the static
1090 -- security list.
1091 --
1092 -- Prerequisites:
1093 -- None.
1094 --
1095 -- In Parameters:
1096 -- Name Reqd Type Description
1097 -- p_organization_id YES Number ID of Person.
1098 --
1099 -- Post Success:
1100 -- An organization entries are deleted from per_organization_list table
1101 -- for a specified organization_id.
1102 --
1103 -- Post Failure:
1104 -- None.
1105 --
1106 -- Access Status:
1107 -- Internal Development Use Only.
1108 --
1109 PROCEDURE delete_org_from_security_list(p_organization_id in number);
1110 --
1111 --
1112 -- ----------------------------------------------------------------------------
1113 -- |--------------------< add_pos_to_security_list >------------------------|
1114 -- ----------------------------------------------------------------------------
1115 -- {Start Of Comments}
1116 --
1117 -- Description:
1118 -- Adds a position entry for a security profile to static
1119 -- security list.
1120 --
1121 -- Prerequisites:
1122 -- None.
1123 --
1124 -- In Parameters:
1125 -- Name Reqd Type Description
1126 -- P_Security_Profile_Id YES Number ID of security Profile
1127 -- p_position_id YES Number ID of Position
1128 --
1129 -- Post Success:
1130 -- An position entry is added for a security profile in the
1131 -- per_position_list table.
1132 --
1133 -- Post Failure:
1134 -- None.
1135 --
1136 -- Access Status:
1137 -- Internal Development Use Only.
1138 --
1139 PROCEDURE add_pos_to_security_list(p_security_profile_id in number,
1140 p_position_id in number);
1141 --
1142 --
1143 -- ----------------------------------------------------------------------------
1144 -- |------------------< delete_pos_from_security_list >-----------------------|
1145 -- ----------------------------------------------------------------------------
1146 -- {Start Of Comments}
1147 --
1148 -- Description:
1149 -- Removes position entries for specified position from the static
1150 -- security list.
1151 --
1152 -- Prerequisites:
1153 -- None.
1154 --
1155 -- In Parameters:
1156 -- Name Reqd Type Description
1157 -- p_position_id YES Number ID of Position.
1158 --
1159 -- Post Success:
1160 -- A position entries are deleted from per_position_list table
1161 -- for a specified position_id.
1162 --
1163 -- Post Failure:
1164 -- None.
1165 --
1166 -- Access Status:
1167 -- Internal Development Use Only.
1168 --
1169 PROCEDURE delete_pos_from_security_list(p_position_id in number);
1170 --
1171 --
1172 -- ----------------------------------------------------------------------------
1173 -- |----------------- delete_payroll_from_security_list >---------------------|
1174 -- ----------------------------------------------------------------------------
1175 -- {Start Of Comments}
1176 --
1177 -- Description:
1178 -- Removes payroll entries for specified payroll from the static
1179 -- security list.
1180 --
1181 -- Prerequisites:
1182 -- None.
1183 --
1184 -- In Parameters:
1185 -- Name Reqd Type Description
1186 -- p_payroll_id YES Number ID of Payroll.
1187 --
1188 -- Post Success:
1189 -- A payroll entries are deleted from pay_payroll_list table
1190 -- for a specified payroll_id.
1191 --
1192 -- Post Failure:
1193 -- None.
1194 --
1195 -- Access Status:
1196 -- Internal Development Use Only.
1197 --
1198 PROCEDURE delete_pay_from_security_list(p_payroll_id number);
1199 --
1200 END hr_security_internal;