1 PACKAGE FND_DATA_SECURITY AUTHID CURRENT_USER AS
2 /* $Header: AFSCDSCS.pls 120.5.12000000.1 2007/01/18 13:26:00 appldev ship $ */
3
4 /* This flag will be hardcoded to 'Y' in release 12 and beyond, but 'N' for */
5 /* release 11.5. When it is 'Y', deprecated APIs such as */
6 /* passing a p_user_name will raise a runtime error exception immediately */
7 /* instead of working as they did in relase 11.5 */
8 DISALLOW_DEPRECATED constant varchar(1) := 'Y';
9
10 FUNCTION check_function
11 (
12 p_api_version IN NUMBER,
13 p_function IN VARCHAR2,
14 p_object_name IN VARCHAR2,
15 p_instance_pk1_value IN VARCHAR2 DEFAULT NULL,
16 p_instance_pk2_value IN VARCHAR2 DEFAULT NULL,
17 p_instance_pk3_value IN VARCHAR2 DEFAULT NULL,
18 p_instance_pk4_value IN VARCHAR2 DEFAULT NULL,
19 p_instance_pk5_value IN VARCHAR2 DEFAULT NULL,
20 p_user_name in varchar2 default null /* DEPRECATED */
21 )
22 RETURN VARCHAR2;
23 -- Start OF comments
24 -- API name : check_function
25 -- TYPE : Public
26 -- Pre-reqs : None
27 -- FUNCTION : Determines whether user is granted a particular
28 -- function for a particular object instance.
29 --
30 -- Parameters:
31 -- IN : p_api_version IN NUMBER (required)
32 -- API Version of this procedure (currently 1.0)
33 --
34 -- p_function IN VARCHAR2 (required)
35 -- name of the function
36 --
37 -- p_object_name IN VARCHAR2 (required)
38 -- object on which the grant should be checked
39 -- from fnd_objects table.
40 --
41 -- p_instance_pk[1..5]_value IN NUMBER (required)
42 -- Primary key values for the object instance, with order
43 -- corresponding to the order of the PKs in the
44 -- FND_OBJECTS table. Most objects will only have a
45 -- few primary key columns so just let the higher,
46 -- unused column values default to NULL.
47 -- NOTE: Caller must pass an actual primary key, and it
48 -- must be the primary key of an actual instance (row).
49 --
50 -- p_user_name IN VARCHAR2 (optional) DEPRECATED
51 -- DEPRECATED. DO NOT USE IN NEW CODE. P_USER_NAME
52 -- cannot be implemented correctly because
53 -- instance set clauses may refer to the user_name
54 -- context directly or indirectly and that context
55 -- won't have this value, causing inconsistencies.
56 -- Let this default to null which means current user.
57 -- DEPRECATED. DEPRECATED. DEPRECATED. DEPRECATED.
58 -- User to check grant for, from FND_USER or another
59 -- table (like HZ_PARTIES) that the view column
60 -- WF_ROLES.NAME is based on. Pass the same value stored
61 -- in the GRANTEE_KEY column in FND_GRANTS.
62 -- Examples of values that might be passed: 'SYSADMIN',
63 -- 'HZ_PARTIES:1234'
64 -- Note: If passed, this user_name must refer to an
65 -- actual user, already existing in the WF_USER_ROLES
66 -- table/view.
67 -- Defaults to current FND user if null.
68 --
69 -- OUT
70 -- RETURNs 1 byte result code:
71 -- 'T' function is granted.
72 -- 'F' not granted.
73 -- 'E' Error
74 -- 'U' Unexpected Error
75 --
76 -- If 'E' or 'U' is returned, there will be an error
77 -- message on the FND_MESSAGE stack which
78 -- can be retrieved with FND_MESSAGE.GET_ENCODED()
79 -- If that message is not used, it must be cleared.
80 --
81
82 -- Version: Current Version 1.0
83 -- Previous Version : None
84 -- Notes :
85 --
86 -- END OF comments
87 ----------------------------------------------------------------
88
89 -- modified for bug#5395351
90 TYPE FND_PRIVILEGE_NAME_TABLE_TYPE IS TABLE OF fnd_form_functions.function_name%type
91 INDEX BY BINARY_INTEGER;
92
93 PROCEDURE get_functions
94 (
95 p_api_version IN NUMBER,
96 p_object_name IN VARCHAR2,
97 p_instance_pk1_value IN VARCHAR2 DEFAULT NULL,
98 p_instance_pk2_value IN VARCHAR2 DEFAULT NULL,
99 p_instance_pk3_value IN VARCHAR2 DEFAULT NULL,
100 p_instance_pk4_value IN VARCHAR2 DEFAULT NULL,
101 p_instance_pk5_value IN VARCHAR2 DEFAULT NULL,
102 p_user_name IN varchar2 default null, /* DEPRECATED */
103 x_return_status OUT NOCOPY VARCHAR2,
104 x_privilege_tbl OUT NOCOPY FND_PRIVILEGE_NAME_TABLE_TYPE
105 ) ;
106 -- Start OF comments
107 -- API name : get_functions
108 -- TYPE : Public
109 -- Pre-reqs : None
110 -- FUNCTION : get the list of functions user has on the
111 -- object instance
112 --
113 -- Parameters:
114 -- IN : p_api_version IN NUMBER (required)
115 -- API Version of this procedure (currently 1.0)
116 --
117 -- p_object_name IN VARCHAR2 (required)
118 -- object on which the grant should be checked
119 -- from fnd_objects table.
120 --
121 -- p_instance_pk[1..5]_value IN NUMBER (required)
122 -- Primary keys values to an object instance, corresponding
123 -- to the order in the FND_OBJECTS table. Most objects will
124 -- only have a few primary key columns so just pass
125 -- NULL for the unused higher columns.
126 --
127 -- p_user_name IN VARCHAR2 (optional) DEPRECATED
128 -- DEPRECATED. DO NOT USE IN NEW CODE. P_USER_NAME
129 -- cannot be implemented correctly because
130 -- instance set clauses may refer to the user_name
131 -- context directly or indirectly and that context
132 -- won't have this value, causing inconsistencies.
133 -- Let this default to null which means current user.
134 -- DEPRECATED. DEPRECATED. DEPRECATED. DEPRECATED.
135 -- User to check grant for, from FND_USER or another
136 -- table (like HZ_PARTIES) that the view column
137 -- WF_ROLES.NAME is based on. Pass the same value stored
138 -- in the GRANTEE_KEY column in FND_GRANTS.
139 -- Examples of values that might be passed: 'SYSADMIN',
140 -- 'HZ_PARTIES:1234'
141 -- Note: If passed, this user_name must refer to an
142 -- actual user, already existing in the WF_USER_ROLES
143 -- table/view.
144 -- Defaults to current FND user if null.
145 --
146 -- OUT :
147 -- X_return_status OUT VARCHAR2(1)
148 -- Result of all the operations
149 -- 'T' Successfully got list of functions
150 -- 'F' No functions granted
151 -- 'E' Error
152 -- 'U' Unexpected Error
153 --
154 -- If 'E' or 'U' is returned, there will be an error
155 -- message on the FND_MESSAGE stack which
156 -- can be retrieved with FND_MESSAGE.GET_ENCODED()
157 -- If that message is not used, it must be cleared.
158 --
159 -- x_functions_tbl OUT TABLE
160 -- list of functions available
161 --
162 -- Version: Current Version 1.0
163 -- Previous Version : None
164 -- Notes :
165 --
166 -- END OF comments
167 ----------------------------------------------------------------
168
169
170
171 ------Procedure GET_MENUS-------------
172 /* INTERNAL ATG USE ONLY. NOT FOR PUBLIC USE. This is primarily */
173 /* by the ATG java code where it will return a list of the menuids */
174 PROCEDURE get_menus
175 (
176 p_api_version IN NUMBER,
177 p_object_name IN VARCHAR2,
178 p_instance_pk1_value IN VARCHAR2 DEFAULT NULL, /* NULL= only chk global gnts*/
179 p_instance_pk2_value IN VARCHAR2 DEFAULT NULL,
180 p_instance_pk3_value IN VARCHAR2 DEFAULT NULL,
181 p_instance_pk4_value IN VARCHAR2 DEFAULT NULL,
182 p_instance_pk5_value IN VARCHAR2 DEFAULT NULL,
183 p_user_name IN VARCHAR2 default null, /* DEPRECATED */
184 x_return_status OUT NOCOPY VARCHAR2,
185 x_menu_tbl OUT NOCOPY FND_TABLE_OF_NUMBER
186 );
187
188
189 -- DEPRECATED. DO NOT CALL THIS. CALL THE OTHER OVERLOADED VERSION INSTEAD.
190 -- This version of get_security_predicate is no longer supported because
191 -- the pk aliases that it takes in the params do not work in our new
192 -- SQL which now puts the object name in the SQL for parameterized
193 -- instance sets. It is being left in the API simply for patching
194 -- reasons but should NEVER be called from new code. The pk aliases
195 -- will be ignored. In some upcoming release this may be dropped
196 -- from the API.
197 -- New code should call the overloaded get_security_predicate without
198 -- the pk aliases, below.
199 -- p_pk[1..5]_alias IN VARCHAR2 (optional)
200 -- Normally the caller wouldn't pass any values for these.
201 -- Column aliases for primary keys. Pass column names
202 -- (optionally including table aliases) of the relevant
203 -- columns, if they are different from the base column names
204 -- as defined in FND_OBJECTS. For example 'MY_VIEW.MY_APP_ID'
205 -- might be passed in as a column alias for the first PK, which
206 -- was defined in FND_OBJECTS as 'APPLICATION_ID'.
207 -- Column aliases are not allowed for p_statement_type='BASE',
208 -- or for p_grant_instance_type ='SET'.
209 --
210 PROCEDURE get_security_predicate /* DEPRECATED DEPRECATED DEPRECATED*/
211 (
212 p_api_version IN NUMBER,
213 p_function IN VARCHAR2 default null,
214 p_object_name IN VARCHAR2,
215 p_grant_instance_type IN VARCHAR2 DEFAULT 'UNIVERSAL',/* SET, INSTANCE*/
216 p_user_name IN VARCHAR2 default null, /* DEPRECATED */
217 /* statement_type: 'OTHER', 'BASE'=VPD, 'EXISTS'= to check existence*/
218 p_statement_type IN VARCHAR2 DEFAULT 'OTHER',
219 p_pk1_alias IN VARCHAR2,
220 p_pk2_alias IN VARCHAR2 DEFAULT NULL,
221 p_pk3_alias IN VARCHAR2 DEFAULT NULL,
222 p_pk4_alias IN VARCHAR2 DEFAULT NULL,
223 p_pk5_alias IN VARCHAR2 DEFAULT NULL,
224 x_predicate out NOCOPY varchar2,
225 x_return_status out NOCOPY varchar2
226 );
227
228
229 /* The non-deprecated version of get_security_predicate. Use this.*/
230 PROCEDURE get_security_predicate
231 (
232 p_api_version IN NUMBER,
233 p_function IN VARCHAR2 default null,
234 p_object_name IN VARCHAR2,
235 p_grant_instance_type IN VARCHAR2 DEFAULT 'UNIVERSAL',/* SET, INSTANCE*/
236 p_user_name IN VARCHAR2 default null, /* DEPRECATED */
237 /* statement_type: 'OTHER', 'BASE'=VPD, 'EXISTS'= to check existence*/
238 p_statement_type IN VARCHAR2 DEFAULT 'OTHER',
239 x_predicate out NOCOPY varchar2,
240 x_return_status out NOCOPY varchar2,
241 p_table_alias IN VARCHAR2 DEFAULT NULL
242 ) ;
243 -- Start OF comments
244 -- API name : get_security_predicate
245 -- TYPE : Public
246 -- Pre-reqs : None
247 -- FUNCTION : get Union of all predicates for user on a function
248 --
249 -- Parameters:
250 -- IN : p_api_version IN NUMBER (required)
251 -- API Version of this procedure (currently 1.0)
252 --
253 -- p_function IN VARCHAR2 (optional)
254 -- name of the function
255 -- NULL means all functions, so the predicate will not
256 -- take the function into account.
257 --
258 -- p_object_name IN VARCHAR2 (required)
259 -- object on which the predicate should be checked.
260 -- from fnd_objects table.
261 --
262 -- p_grant_instance_type IN VARCHAR2 (optional)
263 -- Can take on one of the following values:
264 -- 'INSTANCE'- returns predicate for grants with
265 -- instance_type = 'INSTANCE' or 'GLOBAL'
266 -- 'SET'- returns predicate for grants with
267 -- instance_type = 'SET'
268 -- 'UNIVERSAL'(default)- returns predicate for
269 -- grants with any instance_type.
270 -- 'GRANTS_ONLY'- a special mode that returns a predicate
271 -- for the FND_GRANTS table. This would
272 -- be used in constructing UIs over the
273 -- grants table, or for debugging to
274 -- see which grants are "in play".
275 -- The predicate will assume that the G
276 -- alias is used for FND_GRANTS, so use
277 -- it like this:
278 -- 'SELECT some_columns
279 -- FROM FND_GRANTS GNT
280 -- WHERE '|| x_predicate
281 -- Note: 'SET' mode does not support aliases.
282 --
283 -- p_user_name IN VARCHAR2 (optional) DEPRECATED
284 -- DEPRECATED. DO NOT USE IN NEW CODE. P_USER_NAME
285 -- cannot be implemented correctly because
289 -- Let this default to null which means current user.
286 -- instance set clauses may refer to the user_name
287 -- context directly or indirectly and that context
288 -- won't have this value, causing inconsistencies.
290 -- DEPRECATED. DEPRECATED. DEPRECATED. DEPRECATED.
291 -- User to check grant for, from FND_USER or another
292 -- table (like HZ_PARTIES) that the view column
293 -- WF_ROLES.NAME is based on. Pass the same value stored
294 -- in the GRANTEE_KEY column in FND_GRANTS.
295 -- Examples of values that might be passed: 'SYSADMIN',
296 -- 'HZ_PARTIES:1234'
297 -- Note: If passed, this user_name must refer to an
298 -- actual user, already existing in the WF_USER_ROLES
299 -- table/view.
300 -- Defaults to current FND user if null.
301 --
302 -- p_table_alias IN VARCHAR2 DEFAULT NULL (optional)
303 -- Optional table alias. This table alias
304 -- will be appended in front of the column references
305 -- in the returned x_predicate. Normally used when two
306 -- security predicates are going to be ANDed together to
307 -- use with a select that joins two secured tables.
308 -- The value passed here should correspond to the table
309 -- alias that the statement will use for the p_object_name
310 -- passed to this routine. The default, NULL, means
311 -- there is no table alias so none will be appended.
312 --
313 -- p_statement_type IN VARCHAR2 DEFAULT 'OTHER' (optional)
314 -- Can take one of the following values:
315 -- 'OTHER'- This is the default. This means the predicate
316 -- returned will not be attached by policy
317 -- to the base table ala VPD. In practice this
318 -- allows the predicate to have a subselect against
319 -- the base table, which allows aliases and may
320 -- improve performance.
321 -- 'BASE'- Pass this type if the predicate will be attached
322 -- by policy to the base table. Use 'BASE' when
323 -- VPD will use the returned predicate to control
324 -- access. In practice this means the predicate
325 -- cannot have subselects against the base table,
326 -- prevents aliases and may lower performance.
327 -- 'BASE' mode is currently unsupported but may
328 -- be supported in the future.
329 -- 'EXISTS'- Pass this type if the predicate will be
330 -- simply used to determine if there are any rows
331 -- at all that are available. The predicate
332 -- returned will be of the format like 'EXISTS ...'
333 --
334 -- OUT :
335 -- X_return_status OUT VARCHAR2(1)
336 -- Result of all the operations
337 -- 'T' Successfully got predicate
338 -- 'E' Error
339 -- 'U' Unexpected Error
340 -- 'L' Value too long- predicate too large for
341 -- database VPD.
342 --
343 -- If 'E', 'U, or 'L' is returned, there will be an error
344 -- message on the FND_MESSAGE stack which
345 -- should be retrieved and displayed with
346 -- FND_MESSAGE.GET_ENCODED() or FND_MESSAGE.GET()
347 -- If that message is not used, it must be cleared by
348 -- the caller with FND_MESSAGE.CLEAR().
349 -- In other words, if one of those values
350 -- is returned, the caller MUST either retrieve
351 -- the message or clear it.
352 --
353 -- Return Value:
354 -- All the available predicates from the grants on
355 -- this function for this user, ORed together to form
356 -- a big gob of SQL that can be dropped into the where
357 -- clause, to limit rows returned to those that are
358 -- allowed by the security. Does not include 'WHERE'.
359 --
360 -- Version: Current Version 1.0
361 -- Previous Version : None
362 -- Notes :
363 --
364 -- END OF comments
365
366
367
368 PROCEDURE get_security_predicate_w_binds
369 (
370 p_api_version IN NUMBER,
371 p_function IN VARCHAR2 default null,
372 p_object_name IN VARCHAR2,
373 p_grant_instance_type IN VARCHAR2 DEFAULT 'UNIVERSAL',/* SET, INSTANCE*/
374 p_user_name IN VARCHAR2 default null, /* DEPRECATED */
375 /* statement_type: 'OTHER', 'BASE'=VPD, 'EXISTS'= to check existence*/
376 p_statement_type IN VARCHAR2 DEFAULT 'OTHER',
377 p_table_alias IN VARCHAR2 DEFAULT NULL,
378 x_predicate out NOCOPY varchar2,
379 x_return_status out NOCOPY varchar2,
380 x_function_id out NOCOPY NUMBER,
381 x_object_id out NOCOPY NUMBER,
382 x_bind_order out NOCOPY VARCHAR2
383 ) ;
384 -- Start OF comments
388 -- FUNCTION : get Union of all predicates for user on a function,
385 -- API name : get_security_predicate_w_binds
386 -- TYPE : Public
387 -- Pre-reqs : None
389 -- with binds inline. This routine functions like
390 -- get_security_predicate(), so see the documentation
391 -- for that routine for descriptions of most of the
392 -- parameters. The only difference in parameters is
393 -- that this routine has two additional output parameters
394 -- listed below, x_function_id and x_object_id.
395 --
396 -- Note on binds: The predicate returned from this statement
397 -- is designed for PL/SQL binds by name; the format of the
398 -- binds is ":FUNCTION_ID_BIND" and ":OBJECT_ID_BIND".
399 -- If the caller wants to use this with java style "?" binds,
400 -- the caller will be responsible for replacing the strings
401 -- ":FUNCTION_ID_BIND" and ":OBJECT_ID_BIND" with the "?".
402 --
403 -- Parameters: (see header for get_security_predicate() for docs on
404 -- other parameters)
405 --
406 -- OUT : x_function_id OUT NUMBER
407 -- if the value is NULL then the predicate
408 -- returned does not have a function id bind, so
409 -- the caller must not bind this value.
410 -- if the value is non-null, then the predicate has one
411 -- or more instances of the bind ":FUNCTION_ID_BIND"
412 -- in the statement. The caller should bind by name
413 -- the value of the number x_function_id before executing
414 -- the SQL statement.
415 --
416 -- x_object_id OUT NUMBER
417 -- if the value is NULL then the predicate
418 -- returned does not have a object id bind, so
419 -- the caller must not bind this value.
420 -- if the value is non-null, then the predicate has one
421 -- or more instances of the bind ":OBJECT_ID_BIND"
422 -- in the statement. The caller should bind by name
423 -- the value of the number x_function_id before executing
424 -- the SQL statement.
425 --
426 -- x_bind_order OUT VARCHAR2(256)
427 -- This returns a string that is designed to help callers
428 -- who want to do bind by position instead of bind by name.
429 -- It will contain the
430 -- letter 'F' for function id binds, and the letter 'O'
431 -- for object_id binds, in the order in which they appear
432 -- in the returned predicate.
433 -- For instance if it returned the string 'FOOF', that would
434 -- mean that the caller should bind:
435 -- 1. FUNCTION_ID_BIND
436 -- 2. OBJECT_ID_BIND
437 -- 3. OBJECT_ID_BIND
438 -- 4. FUNCTION_ID_BIND
439 -- The caller can loop through this string a character at
440 -- a time, doing the appropriate binds for each.
441 -- Just to be safe, the caller should allow for up to 256
442 -- characters of possible return value, although in practice
443 -- there should never be that many binds.
444 --
445 -- Version: Current Version 1.0
446 -- Previous Version : None
447 -- Notes :
448 --
449 -- END OF comments
450
451
452 TYPE FND_INSTANCE_PK_RECORD is record
453 (PK1_VALUE varchar2(256),
454 PK2_VALUE varchar2(256),
455 PK3_VALUE varchar2(256),
456 PK4_VALUE varchar2(256),
457 PK5_VALUE varchar2(256));
458
459 TYPE FND_INSTANCE_TABLE_TYPE IS TABLE OF FND_INSTANCE_PK_RECORD
460 INDEX BY BINARY_INTEGER;
461
462
463
464 -- DEPRECATED. DO NOT CALL GET_INSTANCES.
465 PROCEDURE get_instances -- DEPRECATED. DO NOT CALL GET_INSTANCES.
466 (
467 p_api_version IN NUMBER,
468 p_function IN VARCHAR2 DEFAULT NULL,
469 p_object_name IN VARCHAR2,
470 p_user_name IN VARCHAR2 DEFAULT NULL, /* DEPRECATED */
471 x_return_status OUT NOCOPY VARCHAR2,
472 x_object_key_tbl OUT NOCOPY FND_INSTANCE_TABLE_TYPE
473 );
474 -- Start OF comments
475 -- API name : get_instances
476 -- TYPE : Public
477 -- Pre-reqs : None
478 -- FUNCTION : get list of all instances granted to a particular user
479 -- on a particular function.
480 --
481 -- DEPRECATED. DO NOT CALL GET_INSTANCES.
482 -- This routine is left around as a legacy from the original API
483 -- but is no longer supported. The reason is that we do not support
484 -- doing full table selects with data security predicate. We require
485 -- that a main where clause limits the number of rows that data security
486 -- gets to see. There is no way to limit the number of rows that would
487 -- be processed by data security, so this routine is not supported.
488 --
489 -- Parameters:
490 -- IN : p_api_version IN NUMBER (required)
491 -- API Version of this procedure (currently 1.0)
492 --
493 -- p_function IN VARCHAR2 (optional)
494 -- name of the function
498 -- p_object_name IN VARCHAR2 (required)
495 -- If null, return union of predicates for all functions
496 -- granted on this object type.
497 --
499 -- object on which the predicate should be checked.
500 -- from fnd_objects table.
501 --
502 -- p_user_name IN VARCHAR2 (optional) DEPRECATED
503 -- DEPRECATED. DO NOT USE IN NEW CODE. P_USER_NAME
504 -- cannot be implemented correctly because
505 -- instance set clauses may refer to the user_name
506 -- context directly or indirectly and that context
507 -- won't have this value, causing inconsistencies.
508 -- Let this default to null which means current user.
509 -- DEPRECATED. DEPRECATED. DEPRECATED. DEPRECATED.
510 -- User to check grant for, from FND_USER or another
511 -- table (like HZ_PARTIES) that the view column
512 -- WF_ROLES.NAME is based on. Pass the same value stored
513 -- in the GRANTEE_KEY column in FND_GRANTS.
514 -- Examples of values that might be passed: 'SYSADMIN',
515 -- 'HZ_PARTIES:1234'
516 -- Defaults to current FND user if null.
517 --
518 -- OUT :
519 -- X_return_status OUT VARCHAR2(1)
520 -- Result of all the operations
521 -- 'T' Successfully got instances
522 -- 'F' No instances accessible
523 -- 'E' Error
524 -- 'U' Unexpected Error
525 --
526 -- If 'E', or 'U' is returned, there will be an error
527 -- message on the FND_MESSAGE stack which
528 -- can be retrieved with FND_MESSAGE.GET_ENCODED()
529 -- If that message is not used, it must be cleared.
530 --
531 -- Return Value:
532 -- Table of primary keys of all the available instances
533 -- from the grants on this function for this user.
534 --
535 -- Version: Current Version 1.0
536 -- Previous Version : None
537 -- Notes :
538 --
539 -- END OF comments
540
541
542
543 /* CHECK_INSTANCE_IN_SET IS DESUPPORTED. DO NOT CALL THIS FUNCTION. */
544 /* FUNCTIONALITY HAS BEEN STRIPPED OUT. */
545 /* This nonfunctional stub is left in the API just to prevent compilation */
546 /* problems with old code from old patches. */
547 FUNCTION check_instance_in_set
548 (
549 p_api_version IN NUMBER,
550 p_instance_set_name IN VARCHAR2,
551 p_instance_pk1_value IN VARCHAR2,
552 p_instance_pk2_value IN VARCHAR2 DEFAULT NULL,
553 p_instance_pk3_value IN VARCHAR2 DEFAULT NULL,
554 p_instance_pk4_value IN VARCHAR2 DEFAULT NULL,
555 p_instance_pk5_value IN VARCHAR2 DEFAULT NULL
556 ) return VARCHAR2;
557
558
559
560 ---This is an internal procedure. Not for general use.
561 -- Gets the orig_system_id and orig_system from wf_roles,
562 -- given the user_name.
563 -- This is around mostly for backward compatibility with our
564 -- grants loader, but we may eliminate even that use and this
565 -- routine may disappear entirely, so outside code should
566 -- not call it or their code will break in the future.
567 -----------------------------------------------
568 -- DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED
569 -- Release 11 only, not in Release 12.
570 procedure get_orig_key(p_user_name in VARCHAR2, /* DEPRECATED */
571 x_orig_system out NOCOPY varchar2,
572 x_orig_system_id out NOCOPY NUMBER);
573
574
575 -- check_global_object_type_grant- Internal procedure not for general use.
576 -- Is a particular function granted globally to all objects in
577 -- the current context.
578 -- If you are thinking of calling this you should probably call
579 -- FND_FUNCTION.TEST_INSTANCE instead, because that calls this and more.
580 FUNCTION check_global_object_type_grant
581 (
582 p_api_version IN NUMBER,
583 p_function IN VARCHAR2,
584 p_user_name in varchar2 default null /* DEPRECATED */
585 )
586 RETURN VARCHAR2;
587
588
589 /*
590 ** upgrade_predicate-
591 ** an internal-only routine that upgrades the predicate
592 ** from the 11.5.8 style predicate "X.column_name = G.parameter1" format
593 ** to the new "[Amp]TABLE_ALIAS.column_name = [Amp]GRANT_ALIAS.parameter1"
594 ** format where [Amp] represents an ampersand.
595 **
596 */
597 FUNCTION upgrade_predicate(in_pred in varchar2) return VARCHAR2;
598
599
600 /*
601 ** upgrade_column_type-
602 ** an internal-only routine that upgrades the FND_OBJECT column types
603 ** from the obsolete NUMBER type to INTEGER type (leaving other types
604 ** alone)
605 **
606 */
607 FUNCTION upgrade_column_type(in_col_type in varchar2) return VARCHAR2;
608
609 /*
610 ** upgrade_grantee_key-
611 ** an internal-only routine that upgrades the GRANTEE_KEY to 'GLOBAL'
612 ** in any case where the GRANTEE_TYPE is 'GLOBAL'. This will go in 11.5.10.
613 **
614 */
615 FUNCTION upgrade_grantee_key(in_grantee_type in varchar2,
616 in_grantee_key in varchar2) return VARCHAR2;
617
618
619 /*
623 ** and the grant table alias in the fnd_grants table.
620 ** substitute_pred-
621 **
622 ** an internal-only routine that substitutes in the object table alias
624 **
625 */
626 FUNCTION substitute_predicate(in_pred in varchar2,
627 in_table_alias in varchar2) return VARCHAR2;
628
629 /*
630 ** to_int- DEPRECATED DEPRECATED DEPRECATED DEPRECATED
631 ** Convert an integer (no decimal) canonical format VARCHAR2 into NUMBER.
632 **
633 ** Note that this routine is now deprecated because it is best to
634 ** use the inline logic described one paragraph below.
635 **
636 ** Here's what this routine does, for understanding old code:
637 ** This should be used with id type numbers that don't have decimals
638 ** because it performs better than to_decimal().
639 ** If due to the SQL statement being evaluated in an unanticipated order,
640 ** this is being called on non-numerical data, just returns -11111.
641 ** The reason that it is essential that this is called instead of to_number()
642 ** on grant parameters is that this routine will not cause an exception if
643 ** the generated predicate ends up being evaluated such that the grant
644 ** rows are not filtered before going through the fnd_data_security.to_int()
645 ** routine. Some grant rows may have non-numeric data if they are for other
646 ** object instance sets. We need to make sure that the data security
647 ** clause will not generate an exception no matter what order the database
648 ** decides to evaluate the statement in.
649 **
650 ** Note: The performance team has come up with a better solution than
651 ** calling this routine. Instead of calling this routine, your predicate
652 ** should use the following logic:
653 **
654 ** TO_NUMBER(DECODE(RTRIM(TRANSLATE(([AMP]GRANT_ALIAS.PARAMETER1,
655 ** '0123456789',' ')), [AMP]GRANT_ALIAS.PARAMETER1, :b1, -11111))
656 ** (where [AMP] represents and ampersand character)
657 **
658 ** This serves the same purpose as
659 **
660 ** to_int([AMP]GRANT_ALIAS.PARAMETER1)
661 ** (where [AMP] represents and ampersand character)
662 **
663 ** but without the function call overhead, so it will perform better.
664 **
665 */
666 FUNCTION to_int(inval in varchar2) return NUMBER; /* DEPRECATED */
667
668 /*
669 ** to_decimal-
670 ** Convert a canonical format VARCHAR2 with a decimal into a NUMBER.
671 ** If due to the SQL statement being evaluated in an unanticipated order,
672 ** this is being called on non-numerical data, and just
673 ** returns -11111.
674 */
675 FUNCTION to_decimal(inval in varchar2) return NUMBER;
676
677 /*
678 ** to_date-
679 ** Convert a canonical format date VARCHAR2 into a DATE.
680 ** If due to the SQL statement being evaluated in an unanticipated order,
681 ** this is being called on non-date data, just returns 11-JAN-1970.
682 */
683 FUNCTION to_date (inval in varchar2 /* format 'YYYY/MM/DD' */ ) return DATE;
684 /* GSSC note: the above line may errantly cause File.Date.5 but this file */
685 /* AFSCDSCS.pls is grandfathered in so it will still build */
686
687 ---This is an internal procedure. Not for general use.
688 -- Gets returns a result indicating whether the user has a role.
689 function CHECK_USER_ROLE(P_USER_NAME in varchar2)
690 return varchar2 /* T/F */;
691
692 END FND_DATA_SECURITY;