[Home] [Help]
90: --
91: -- Insert new contact into all person lists for all profiles which:
92: -- a) Restrict access to contacts
93: -- b) No restriction for contacts but candidates are restricted.
94: insert into per_person_list(person_id, security_profile_id, request_id
95: ,program_application_id, program_id
96: ,program_update_date)
97: select p_person_id, psp.security_profile_id, l_req_id, l_appl_id,
98: l_prog_id, l_upd_date
107: psp.view_all_candidates_flag = 'X')) and
108: business_group_id is null))
109: and not exists
110: (select 1
111: from per_person_list ppl
112: where ppl.security_profile_id = psp.security_profile_id
113: and ppl.person_id = p_person_id);
114: --
115: hr_utility.set_location(l_proc, 20);
152: -- immediately without giving the creator a chance to move person
153: -- to correct org. This one is in the twilight zone, as the person will go
154: -- invisible to the current user at the next LISTGEN run anyway)
155: --
156: INSERT INTO PER_PERSON_LIST
157: (PERSON_ID
158: ,SECURITY_PROFILE_ID
159: ,REQUEST_ID
160: ,PROGRAM_APPLICATION_ID
177: or NVL(psp.custom_restriction_flag, 'N') = 'Y')
178: and business_group_id is null))
179: and not exists
180: (select 1
181: from per_person_list ppl
182: where ppl.security_profile_id = psp.security_profile_id
183: and ppl.granted_user_id is null
184: and ppl.person_id = p_person_id);
185: --
204: --
205: begin
206: hr_utility.set_location('Entering:'|| l_proc, 10);
207: -- remove the person from the list
208: delete from per_person_list
209: where person_id=p_person_id
210: and security_profile_id is not null;
211: --
212: hr_utility.set_location(l_proc, 20);
422: hr_utility.set_location(l_proc, 20);
423: End if;
424: forall per_rec in l_security_profie_table.first .. l_security_profie_table.last
425: SAVE EXCEPTIONS
426: Insert into per_person_list(security_profile_id,
427: person_id,request_id,
428: program_application_id,
429: program_id,
430: program_update_date)
527: null,:l_true,hr_security_internal.evaluate_custom(
528: :p_assignment_id , sec.restriction_text,
529: to_date(to_char(:p_effective_date, ''dd/mm/yyyy'')
530: , ''dd/mm/yyyy''))) = :l_true and not exists (
531: select 1 from per_person_list ppl
532: where ppl.person_id = :l_person_id
533: and ppl.granted_user_id is null
534: and ppl.security_profile_id = sec.security_profile_id) ';
535: -- if position is null
2620: ' hr_security_internal.evaluate_custom(
2621: :p_assignment_id,sec.restriction_text,
2622: to_date(to_char(:p_effective_date, ''dd/mm/yyyy'')
2623: , ''dd/mm/yyyy'')) = :l_true and not exists (
2624: select 1 from per_person_list ppl
2625: where ppl.person_id =:l_person_id
2626: and ppl.security_profile_id = sec.security_profile_id)';
2627: --
2628: if g_debug then
2933: -- presumably as part of the user based security changes.
2934: --
2935: cursor chk_person_list is
2936: select 1
2937: from per_person_list
2938: where person_id = p_person_id
2939: and granted_user_id = p_granted_user_id
2940: and security_profile_id is null;
2941: --
2973: open chk_person_list;
2974: fetch chk_person_list into l_dummy;
2975: if chk_person_list%notfound then
2976: close chk_person_list;
2977: INSERT INTO PER_PERSON_LIST
2978: (PERSON_ID
2979: ,GRANTED_USER_ID)
2980: values
2981: (p_person_id
3005: then
3006: --
3007: -- If a user id is passed then revoke access for just that user
3008: --
3009: delete from per_person_list
3010: where person_id=p_person_id
3011: and granted_user_id =p_granted_user_id
3012: and security_profile_id is null;
3013: else
3013: else
3014: --
3015: -- else revoke access for all users.
3016: --
3017: delete from per_person_list
3018: where person_id = p_person_id
3019: and granted_user_id is not null
3020: and security_profile_id is null;
3021: end if;
4926: l_custom_per = 'Y') THEN
4927: l_temp_clause := and_clause(l_temp_clause,
4928: 'EXISTS
4929: (SELECT null
4930: FROM per_person_list ppl
4931: WHERE ppl.security_profile_id = :security_profile_id
4932: AND ppl.person_id = hr_asg.person_id)');
4933: l_custom_y_set := TRUE;
4934: END IF;
5263: l_custom_per = 'Y') THEN
5264: l_temp_clause := and_clause(l_temp_clause,
5265: 'EXISTS
5266: (SELECT null
5267: FROM per_person_list ppl
5268: WHERE ppl.security_profile_id = :security_profile_id
5269: AND ppl.person_id = hr_asg.person_id)');
5270: l_custom_y_set := TRUE;
5271: END IF;
6017: -- security profile and therefore different access rights.
6018: --
6019: CURSOR csr_get_static_per_for_user IS
6020: SELECT ppl.person_id
6021: FROM per_person_list ppl
6022: WHERE ppl.security_profile_id IS NOT NULL
6023: AND ppl.granted_user_id IS NOT NULL
6024: AND ppl.security_profile_id = p_security_profile_id
6025: AND ppl.granted_user_id = p_user_id;
6030: -- not in use.
6031: --
6032: CURSOR csr_get_static_per IS
6033: SELECT ppl.person_id
6034: FROM per_person_list ppl
6035: WHERE ppl.security_profile_id IS NOT NULL
6036: AND ppl.granted_user_id IS NULL
6037: AND ppl.security_profile_id = p_security_profile_id;
6038:
6049: -- If this is user-based, look for a user and
6050: -- security profile pair. Generally speaking, the static
6051: -- user lists will only be cached when it is known that
6052: -- this user is in the list of users to build static
6053: -- lists for AND they have rows in per_person_list.
6054: --
6055: IF g_dbg THEN op(l_proc, 20); END IF;
6056:
6057: IF p_cache_by_user THEN
6249: -- evaluated) but did once have an assignment.
6250: --
6251: CURSOR csr_get_static_per IS
6252: SELECT plc.person_id
6253: FROM per_person_list_changes plc
6254: WHERE plc.security_profile_id IS NOT NULL
6255: AND plc.security_profile_id = p_security_profile_id
6256: AND NOT EXISTS
6257: (SELECT NULL
6330: -- granted access.
6331: --
6332: CURSOR csr_get_granted_users IS
6333: SELECT ppl.person_id
6334: FROM per_person_list ppl
6335: WHERE ppl.granted_user_id IS NOT NULL
6336: AND ppl.granted_user_id = p_user_id
6337: AND ppl.security_profile_id IS NULL;
6338:
6670: -- picked up here.
6671: --
6672: SELECT ppl.person_id
6673: INTO l_person_id
6674: FROM per_person_list ppl
6675: WHERE ppl.granted_user_id IS NOT NULL
6676: AND ppl.security_profile_id IS NOT NULL
6677: AND ppl.granted_user_id = p_user_id
6678: AND ppl.security_profile_id = p_security_profile_id
6888:
6889: IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
6890:
6891: --
6892: -- Delete all people in per_person_list for this user
6893: -- and this security profile.
6894: --
6895: IF g_dbg THEN op(l_proc, 20); END IF;
6896:
6898: -- Here it is important to specify that the security_profile_id is not
6899: -- null because rows with a null security_profile_id indicate
6900: -- access explicitly granted through SSHR.
6901: --
6902: DELETE FROM per_person_list ppl
6903: WHERE ppl.granted_user_id IS NOT NULL
6904: AND ppl.security_profile_id IS NOT NULL
6905: AND ppl.granted_user_id = p_user_id
6906: AND ppl.security_profile_id = p_security_profile_id;
7212: -- delete_per_list_for_user) prior to insertion.
7213: --
7214: IF g_dbg THEN op(l_proc||'('||to_char(i)||'):'); END IF;
7215:
7216: INSERT INTO per_person_list
7217: (security_profile_id
7218: ,person_id
7219: ,granted_user_id
7220: ,request_id
7916: ,p_use_static_lists => p_use_static_lists);
7917:
7918: --
7919: -- Contacts for the people visible (both related and unrelated) and
7920: -- rows in per_person_list_changes are not processed and so not visible
7921: -- for all types of user-based security.
7922:
7923: -- The reason for this is to remain consistent with supervisor security
7924: -- (been around since 11i) where PPLC people were not processed and
7935: -- this scenario without need to refer to the cache.
7936:
7937: -- A condition with view_all_contacts_flag = All and
7938: -- view_all_candidates_flag = None, needs caching (ie: similar to
7939: -- record existing in per_person_list). The additional OR condition
7940: -- is included as part of Candidate Security enchancements.
7941:
7942: -- if p_sec_prof_rec.view_all_contacts_flag = 'N' or
7943: -- (p_sec_prof_rec.view_all_contacts_flag = 'Y' and
7956: add_contacts_to_cache(p_effective_date
7957: ,p_sec_prof_rec.business_group_id);
7958: --
7959: end if;
7960: -- Add the people in per_person_list_changes to the cache.
7961: -- It is expected that this can be obsoleted at a future
7962: -- date, because per_person_list_changes is effectively
7963: -- obsolete and is retained solely for the purpose of not
7964: -- breaking customer custom processes that use this table.
7958: --
7959: end if;
7960: -- Add the people in per_person_list_changes to the cache.
7961: -- It is expected that this can be obsoleted at a future
7962: -- date, because per_person_list_changes is effectively
7963: -- obsolete and is retained solely for the purpose of not
7964: -- breaking customer custom processes that use this table.
7965:
7966: -- add_per_list_changes_to_cache(p_sec_prof_rec.security_profile_id
8201: ,p_use_static_lists => p_use_static_lists);
8202:
8203: --
8204: -- Contacts for the people visible (both related and unrelated) and
8205: -- rows in per_person_list_changes are not processed and so not visible
8206: -- for all types of user-based security.
8207:
8208: -- The reason for this is to remain consistent with supervisor security
8209: -- (been around since 11i) where PPLC people were not processed and
8220: -- this scenario without need to refer to the cache.
8221:
8222: -- A condition with view_all_contacts_flag = All and
8223: -- view_all_candidates_flag = None, needs caching (ie: similar to
8224: -- record existing in per_person_list). The additional OR condition
8225: -- is included as part of Candidate Security enchancements.
8226:
8227: -- if p_sec_prof_rec.view_all_contacts_flag = 'N' or
8228: -- (p_sec_prof_rec.view_all_contacts_flag = 'Y' and
8241: add_contacts_to_cache(p_effective_date
8242: ,p_sec_prof_rec.business_group_id);
8243: --
8244: end if;
8245: -- Add the people in per_person_list_changes to the cache.
8246: -- It is expected that this can be obsoleted at a future
8247: -- date, because per_person_list_changes is effectively
8248: -- obsolete and is retained solely for the purpose of not
8249: -- breaking customer custom processes that use this table.
8243: --
8244: end if;
8245: -- Add the people in per_person_list_changes to the cache.
8246: -- It is expected that this can be obsoleted at a future
8247: -- date, because per_person_list_changes is effectively
8248: -- obsolete and is retained solely for the purpose of not
8249: -- breaking customer custom processes that use this table.
8250:
8251: -- add_per_list_changes_to_cache(p_sec_prof_rec.security_profile_id
9073: -- WARNING: This will delete any self-service grants.
9074: --
9075: IF g_dbg THEN op(l_proc, 40); END IF;
9076:
9077: DELETE FROM per_person_list ppl
9078: WHERE ppl.granted_user_id IS NOT NULL
9079: AND ppl.security_profile_id IS NOT NULL
9080: AND ppl.granted_user_id = p_user_id
9081: AND ppl.security_profile_id = p_security_profile_id;
9203: -- and otherwise it is not a very high cost.
9204: CURSOR pev IS
9205: SELECT pp.person_id
9206: FROM per_people_f pp,
9207: per_person_list pl
9208: WHERE pp.person_id = pl.person_id
9209: AND pp.business_group_id = p_business_group_id;
9210: BEGIN
9211: --
9222: AND pay.business_group_id = p_business_group_id);
9223: hr_utility.set_location(l_proc,40);
9224: --
9225: FOR pevrec IN pev LOOP
9226: DELETE FROM per_person_list pl
9227: WHERE pl.person_id = pevrec.person_id;
9228: END LOOP;
9229: hr_utility.set_location(l_proc,50);
9230: --
9282: -- bug fix 3760559. l_proc size increased to 80.
9283: l_proc varchar2(80) := 'HR_SECURITY_INTERNAL.DELETE_PER_FROM_SECURITY_LIST';
9284: begin
9285: hr_utility.set_location('Entering:'|| l_proc, 10);
9286: delete from per_person_list l
9287: where l.person_id = P_PERSON_ID;
9288: exception
9289: when NO_DATA_FOUND then
9290: hr_utility.set_location(l_proc, 20);