1 Package hr_security_internal AUTHID CURRENT_USER as
2 /* $Header: pesecbsi.pkh 120.1.12020000.3 2013/03/05 06:30:11 swrajapa ship $ */
3
4 --
5 -- Package global user-defined types.
6 --
7 SUBTYPE g_sec_prof_r IS per_security_profiles%ROWTYPE;
8 TYPE g_boolean_t IS TABLE OF BOOLEAN INDEX BY binary_integer;
9 TYPE g_number_t IS TABLE OF NUMBER INDEX BY binary_integer;
10 TYPE g_per_ids_t IS TABLE OF per_all_assignments_f.assignment_id%TYPE;
11
12
13 TYPE g_assignments_t IS TABLE OF per_all_assignments_f%ROWTYPE
14 INDEX BY binary_integer;
15
16 --
17 -- Package global constants.
18 --
19 g_NONE CONSTANT NUMBER := 0;
20 g_ALL CONSTANT NUMBER := 1;
21 g_ORG_SEC_ONLY CONSTANT NUMBER := 2;
22 g_POS_SEC_ONLY CONSTANT NUMBER := 3;
23 g_PAY_SEC_ONLY CONSTANT NUMBER := 4;
24 g_PER_SEC_ONLY CONSTANT NUMBER := 5;
25
26 g_NO_DEBUG CONSTANT NUMBER := 0;
27 g_PIPE CONSTANT NUMBER := 1;
28 g_FND_LOG CONSTANT NUMBER := 2;
29
30 --
31 -- Package global variables.
32 --
33 -- The boolean value is irrelevant as
34 -- inaccessible rows are not added to the tables.
35 --
36 g_org_tbl g_boolean_t;
37 g_pos_tbl g_boolean_t;
38 g_pay_tbl g_boolean_t;
39 g_per_tbl g_boolean_t;
40 g_vac_per_tbl g_boolean_t; -- Added for Bug 8353429
41 --
42 -- The index stores the assignment_id
43 -- and the column value stores the person_id.
44 --
45 g_asg_tbl g_number_t;
46 g_vac_asg_tbl g_number_t; -- Added for Bug 8353429
47 --
48 -- ----------------------------------------------------------------------------
49 -- |--------------------------< evaluate_custom >-----------------------------|
50 -- ----------------------------------------------------------------------------
51 -- {Start Of Comments}
52 --
53 -- Description:
54 -- Routine to evaluate whether custom restriction is valid for the assignment.
55 --
56 -- Prerequisites:
57 -- A person record must have an assignment
58 --
59 -- In Parameters:
60 -- Name Reqd Type Description
61 -- p_restriction_text Yes VARCAHR2 The custom restriction.
62 -- p_assignment_id Yes NUMBER The person's assignment id.
63 -- p_effective_date Yes DATE The effective date of the
64 -- PERSLM run.
65 --
66 -- Post Success:
67 -- processing continues without commiting. Returns TRUE if restriction is
68 -- satisfied otherwise returns FALSE.
69 --
70 --
71 -- Post Failure:
72 --
73 --
74 -- Access Status:
75 -- Internal Development Use Only.
76 --
77 -- {End Of Comments}
78 --
79 function evaluate_custom
80 (p_assignment_id in number,
81 p_restriction_text in varchar2,
82 p_effective_date in date) return varchar2;
83 --
84 -- ----------------------------------------------------------------------------
85 -- |-------------------------< populate_new_payroll >-------------------------|
86 -- ----------------------------------------------------------------------------
87 -- {Start Of Comments}
88 --
89 -- Description:
90 -- This support process inserts a payroll in to the pay_payroll_list table for
91 -- all restricted payroll security profiles within the business group or for
92 -- global profiles. This should be run when a new payroll is created so that
93 -- all secure users can initially see it.
94 --
95 -- Prerequisites:
96 -- A person record must have been entered in to pay_all_payrolls_f
97 --
98 -- In Parameters:
99 -- Name Reqd Type Description
100 -- p_business_group_id Yes NUMBER The person's business group
101 -- p_payroll_id Yes NUMBER The payroll's id.
102 --
103 -- Post Success:
104 -- processing continues without commiting.
105 --
106 --
107 -- Post Failure:
108 -- If the person is already in the list, or no appropriate security profiles
109 -- exist, no action is taken.
110 --
111 -- Access Status:
112 -- Internal Development Use Only.
113 --
114 -- {End Of Comments}
115 --
116 procedure populate_new_payroll
117 (p_business_group_id in number
118 ,p_payroll_id in number);
119 --
120 -- ----------------------------------------------------------------------------
121 -- |-------------------------< populate_new_contact >-------------------------|
122 -- ----------------------------------------------------------------------------
123 -- {Start Of Comments}
124 --
125 -- Description:
126 -- This support process inserts a person in to the per_person_list table for all
127 -- restricted contact security profiles within their business group or global
128 -- profiles. This should be run when a new contact is created so that all secure
129 -- users can initially see them.
130 --
131 -- Prerequisites:
132 -- A person record must have been entered in to per_all_people_f
133 --
134 -- In Parameters:
135 -- Name Reqd Type Description
136 -- p_business_group_id Yes NUMBER The person's business group
137 -- p_person_id Yes NUMBER The person's id.
138 --
139 -- Post Success:
140 -- processing continues without commiting.
141 --
142 --
143 -- Post Failure:
144 -- If the person is already in the list, or no appropriate security profiles
145 -- exist, no action is taken.
146 --
147 -- Access Status:
148 -- Internal Development Use Only.
149 --
150 -- {End Of Comments}
151 --
152 procedure populate_new_contact
153 (p_business_group_id in number
154 ,p_person_id in number);
155
156 --
157 -- ----------------------------------------------------------------------------
158 -- |-------------------------< populate_new_person >--------------------------|
159 -- ----------------------------------------------------------------------------
160 -- {Start Of Comments}
161 --
162 -- Description:
163 -- This support process inserts a person in to the per_person_list table for all
164 -- non-view-all security profiles within their business group and global
165 -- profiles. This should be run when a new employee, applicant or contingent
166 -- worker is created so that all secure users can initially see them.
167 --
168 -- Prerequisites:
169 -- A person record must have been entered in to per_all_people_f
170 --
171 -- In Parameters:
172 -- Name Reqd Type Description
173 -- p_business_group_id Yes NUMBER The person's business group
174 -- p_person_id Yes NUMBER The person's id.
175 --
176 -- Post Success:
177 -- processing continues without commiting.
178 --
179 --
180 -- Post Failure:
181 -- If the person is already in the list, or no appropriate security profiles
182 -- exist, no action is taken.
183 --
184 -- Access Status:
185 -- Internal Development Use Only.
186 --
187 -- {End Of Comments}
188 --
189 procedure populate_new_person
190 (p_business_group_id in number
191 ,p_person_id in number);
192 --
193 -- ----------------------------------------------------------------------------
194 -- |-----------------------< clear_from_person_list >-------------------------|
195 -- ----------------------------------------------------------------------------
196 -- {Start Of Comments}
197 --
198 -- Description:
199 -- This support process clears all of a persons data from the per_person_list
200 -- table. This should be run to remove the access to a person from secure
201 -- users before re-populating the list with new settings.
202 --
203 -- Prerequisites:
204 -- A person record must have been entered in to per_all_people_f
205 --
206 -- In Parameters:
207 -- Name Reqd Type Description
208 -- p_person_id Yes NUMBER The person's id.
209 --
210 -- Post Success:
211 -- processing continues without commiting.
212 --
213 --
214 -- Post Failure:
215 -- If there are no existing records, no action is taken.
216 --
217 -- Access Status:
218 -- Internal Development Use Only.
219 --
220 -- {End Of Comments}
221 --
222 procedure clear_from_person_list
223 (p_person_id in number);
224 --
225 -- ----------------------------------------------------------------------------
226 -- |--------------------------< add_to_person_list >--------------------------|
227 -- ----------------------------------------------------------------------------
228 -- {Start Of Comments}
229 --
230 -- Description:
231 -- This support process inserts a person in to the per_person_list table for the
232 -- security profiles that match the assignment. This should be run when an
233 -- employee's or applicant's assignment is changed.
234 -- The person is not deleted from the old list, so no access is removed.
235 --
236 -- Prerequisites:
237 -- A person record must have been entered in to per_all_people_f
238 --
239 -- In Parameters:
240 -- Name Reqd Type Description
241 -- p_effective_date Yes DATE The date of the assignment details
242 -- p_assignment_id Yes NUMBER The person's assignment id.
243 -- p_business_group_id No NUMBER The BG ID if we are doing
244 -- profiles in a BG
245 -- p_generation_scope No VARCAHR2 Scope of generation process.
246 --
247 -- Post Success:
248 -- processing continues without commiting.
249 --
250 --
251 -- Post Failure:
252 -- If the person is already in the list, or no appropriate security profiles
253 -- exist, no action is taken.
254 --
255 -- Access Status:
256 -- Internal Development Use Only.
257 --
258 -- {End Of Comments}
259 --
260 procedure add_to_person_list
261 (p_effective_date in date
262 ,p_assignment_id in number
263 ,p_business_group_id in number default null
264 ,p_generation_scope in varchar2 default 'ALL_PROFILES');
265 --
266 -- ----------------------------------------------------------------------------
267 -- |--------------------< clear_from_person_list_changes >--------------------|
268 -- ----------------------------------------------------------------------------
269 -- {Start Of Comments}
270 --
271 -- Description:
272 -- This support process clears all of a persons data from the per_person_list_changes
273 -- table. This should be run when an ex-employee or ex-applicant become a current
274 -- employee or applicant so that the security lists are based on the new assignments.
275 --
276 -- Prerequisites:
277 -- A person record must have been entered in to per_all_people_f
278 --
279 -- In Parameters:
280 -- Name Reqd Type Description
281 -- p_person_id Yes NUMBER The person's id.
282 --
283 -- Post Success:
284 -- processing continues without commiting.
285 --
286 --
287 -- Post Failure:
288 -- If there are no existing records, no action is taken.
289 --
290 -- Access Status:
291 -- Internal Development Use Only.
292 --
293 -- {End Of Comments}
294 --
295 procedure clear_from_person_list_changes
296 (p_person_id in number);
297 --
298 -- ----------------------------------------------------------------------------
299 -- |---------------------< re_enter_person_list_changes >---------------------|
300 -- ----------------------------------------------------------------------------
301 -- {Start Of Comments}
302 --
303 -- Description:
304 -- This support process inserts a person in to the per_person_list_changes table
305 -- for the security profiles that match the their last employee or applicant
306 -- assignment. This should be run when a re-hire or re-application is canceled so
307 -- that the ex-employee or ex-applicant is visible as of their old details.
308 -- The person is not deleted from per_person_list, so this should be done seperatly.
309 --
310 -- Prerequisites:
311 -- A person record must have been entered in to per_all_people_f
312 --
313 -- In Parameters:
314 -- Name Reqd Type Description
315 -- p_person_id Yes NUMBER The person's id.
316 --
317 -- Post Success:
318 -- processing continues without commiting.
319 --
320 --
321 -- Post Failure:
322 -- If the person is already in the list, or no appropriate security profiles
323 -- exist, or they do not have an old assignment, no action is taken.
324 --
325 -- Access Status:
326 -- Internal Development Use Only.
327 --
328 -- {End Of Comments}
329 --
330 procedure re_enter_person_list_changes
331 (p_person_id in number);
332 ----
333 -- ----------------------------------------------------------------------------
334 -- |----------------------< copy_to_person_list_changes >---------------------|
335 -- ----------------------------------------------------------------------------
336 -- {Start Of Comments}
337 --
338 -- Description:
342 -- visible as of their last details.
339 -- This support process inserts a person in to the per_person_list_changes table
340 -- for every row in the per_person_list table. This should be run when employment
341 -- or an application is terminated so that the ex-employee or ex-applicant is
343 -- The person is not deleted from per_person_list.
344 --
345 -- Prerequisites:
346 -- A person record must have been entered in to per_all_people_f
347 --
348 -- In Parameters:
349 -- Name Reqd Type Description
350 -- p_person_id Yes NUMBER The person's id.
351 --
352 -- Post Success:
353 -- processing continues without commiting.
354 --
355 --
356 -- Post Failure:
357 -- If the person is already in the list, or there are no entries in per_person_list,
358 -- no action is taken.
359 --
360 -- Access Status:
361 -- Internal Development Use Only.
362 --
363 -- {End Of Comments}
364 --
365 procedure copy_to_person_list_changes
366 (p_person_id in number);
367 --
368 --
369 -- ----------------------------------------------------------------------------
370 -- |------------------------< grant_access_to_person >------------------------|
371 -- ----------------------------------------------------------------------------
372 -- {Start Of Comments}
373 --
374 -- Description:
375 -- This support process inserts a row in to the per_person_list table
376 -- to allow a grantee to see a person outside of their security profile.
377 --
378 -- Prerequisites:
379 -- A person record must have been entered in to per_all_people_f
380 -- The granted user must have the a security profile assigned to them in some
381 -- responsibility which allows granted users.
382 -- The security profile must allow granted users.
383 --
384 -- In Parameters:
385 -- Name Reqd Type Description
386 -- p_person_id Yes NUMBER The person's id.
387 -- p_granted_user_id Yes NUMBER The id of the user who is
388 -- granted access to the person
389 --
390 --
391 -- Post Success:
392 -- processing continues without commiting.
393 --
394 --
395 -- Post Failure:
396 -- If the user already has access then no action is taken.
397 -- If the person or granted user do not exist then an error
398 -- will be raised.
399 -- If the security profile does not exist for the grantee which allows
400 -- granted users then an error will be raised.
401 --
402 -- Access Status:
403 -- Internal Development Use Only.
404 --
405 -- {End Of Comments}
406 --
407 procedure grant_access_to_person
408 (p_person_id in number
409 ,p_granted_user_id in number);
410 --
411 -- ----------------------------------------------------------------------------
412 -- |----------------------< revoke_access_from_person >-----------------------|
413 -- ----------------------------------------------------------------------------
414 -- {Start Of Comments}
415 --
416 -- Description:
417 -- This support process deletes a row from the per_person_list table
418 -- to revoke access for a grantee to see a person outside of their security
419 -- profile. If no single grantee is explicitly identified then revoke access
420 -- for all grantees.
421 --
422 -- Prerequisites:
423 -- The grantee must have access to see the person
424 --
425 -- In Parameters:
426 -- Name Reqd Type Description
427 -- p_person_id Yes NUMBER The person's id.
428 -- p_granted_user_id Yes NUMBER The id of the user who is
429 -- granted access to the person
430 --
431 --
432 -- Post Success:
433 -- processing continues without commiting.
434 --
435 --
436 -- Post Failure:
437 -- If the granted_user did not have access to see the person then an error
438 -- will be raised.
439 --
440 -- Access Status:
441 -- Internal Development Use Only.
442 --
443 -- {End Of Comments}
444 --
445 procedure revoke_access_from_person
446 (p_person_id in number
447 ,p_granted_user_id in number default null);
448 --
449 -- ----------------------------------------------------------------------------
450 -- |----------------------< op >----------------------------------------------|
451 -- ----------------------------------------------------------------------------
452 -- {Start Of Comments}
453 --
454 -- Description:
455 -- This is a wrapper debug utility for hr_utility.trace and concurrent
456 -- request logging. PYUPIP can not easily be enabled for concurrent
457 -- requests because each thread uses a different SQL session ID; this
458 -- wrapper utility writes output to concurrent request logs making
459 -- debugging easier.
460 --
461 -- Prerequisites:
462 -- If using PYUPIP, it must be enabled.
463 --
464 -- In Parameters:
465 -- Name Reqd Type Description
466 -- p_msg Yes VARCHAR2 The debug output.
467 --
468 -- Post Success:
469 -- Processing continues without commiting.
470 --
471 -- Post Failure:
472 -- This procedure should not fail.
473 --
474 -- Access Status:
475 -- Internal Development Use Only.
476 --
477 -- {End Of Comments}
478 --
479 PROCEDURE op
480 (p_msg IN VARCHAR2);
481 --
482 -- ----------------------------------------------------------------------------
483 -- |----------------------< op >----------------------------------------------|
487 -- Description:
484 -- ----------------------------------------------------------------------------
485 -- {Start Of Comments}
486 --
488 -- This is an overloaded version of the above procedure. This takes
489 -- one additional parameter that specifies the location of the code.
490 --
491 -- Prerequisites:
492 -- If using PYUPIP, it must be enabled.
493 --
494 -- In Parameters:
495 -- Name Reqd Type Description
496 -- p_msg Yes VARCHAR2 The debug output.
497 -- p_location Yes NUMBER Location of code.
498 --
499 -- Post Success:
500 -- Processing continues without commiting.
501 --
502 -- Post Failure:
503 -- This procedure should not fail.
504 --
505 -- Access Status:
506 -- Internal Development Use Only.
507 --
508 -- {End Of Comments}
509 --
510 PROCEDURE op
511 (p_msg IN VARCHAR2
512 ,p_location IN NUMBER);
513 --
514 -- ----------------------------------------------------------------------------
515 -- |----------------------< get_assignments >---------------------------------|
516 -- ----------------------------------------------------------------------------
517 -- {Start Of Comments}
518 --
519 -- Description:
520 -- Given a person, this function returns a PL/SQL table of records
521 -- detailing the person's employee and contingent worker assignments.
522 -- The assignment details are cached to prevent unncessary queries.
523 --
524 -- Prerequisites:
525 -- None.
526 --
527 -- In Parameters:
528 -- Name Reqd Type Description
529 -- p_person_id Yes NUMBER ID of person.
530 -- p_effective_date Yes DATE Effective date on which
531 -- to get the assignments.
532 --
533 -- Post Success:
534 -- Processing continues without commiting.
535 --
536 -- Post Failure:
537 -- The function returns a null PL/SQL table; no error is raised.
538 --
539 -- Access Status:
540 -- Internal Development Use Only.
541 --
542 -- {End Of Comments}
543 --
544 FUNCTION get_assignments
545 (p_person_id IN NUMBER
546 ,p_effective_date IN DATE)
547 RETURN g_assignments_t;
548 --
549 -- ----------------------------------------------------------------------------
550 -- |----------------------< org_access_known >--------------------------------|
551 -- ----------------------------------------------------------------------------
552 -- {Start Of Comments}
553 --
554 -- Description:
555 -- Returns a boolean to indicate whether the organization security
556 -- permissions for the user concerned have already been evaluated
557 -- and cached.
558 --
559 -- Prerequisites:
560 -- None.
561 --
562 -- In Parameters:
563 -- None.
564 --
565 -- Post Success:
566 -- Processing continues without commiting.
567 --
568 -- Post Failure:
569 -- The function should not fail.
570 --
571 -- Access Status:
572 -- Internal Development Use Only.
573 --
574 -- {End Of Comments}
575 --
576 FUNCTION org_access_known
577 RETURN BOOLEAN;
578 --
579 -- ----------------------------------------------------------------------------
580 -- |----------------------< pos_access_known >--------------------------------|
581 -- ----------------------------------------------------------------------------
582 -- {Start Of Comments}
583 --
584 -- Description:
585 -- Returns a boolean to indicate whether the position security
586 -- permissions for the user concerned have already been evaluated
587 -- and cached.
588 --
589 -- Prerequisites:
590 -- None.
591 --
592 -- In Parameters:
593 -- None.
594 --
595 -- Post Success:
596 -- Processing continues without commiting.
597 --
598 -- Post Failure:
599 -- The function should not fail.
600 --
601 -- Access Status:
602 -- Internal Development Use Only.
603 --
604 -- {End Of Comments}
605 --
606 FUNCTION pos_access_known
607 RETURN BOOLEAN;
608 --
609 -- ----------------------------------------------------------------------------
610 -- |----------------------< pay_access_known >--------------------------------|
611 -- ----------------------------------------------------------------------------
612 -- {Start Of Comments}
613 --
614 -- Description:
615 -- Returns a boolean to indicate whether the payroll security
616 -- permissions for the user concerned have already been evaluated
617 -- and cached.
618 --
619 -- Prerequisites:
620 -- None.
621 --
622 -- In Parameters:
623 -- None.
624 --
625 -- Post Success:
626 -- Processing continues without commiting.
627 --
628 -- Post Failure:
629 -- The function should not fail.
630 --
631 -- Access Status:
632 -- Internal Development Use Only.
633 --
634 -- {End Of Comments}
635 --
636 FUNCTION pay_access_known
637 RETURN BOOLEAN;
638 --
639 -- ----------------------------------------------------------------------------
640 -- |----------------------< per_access_known >--------------------------------|
641 -- ----------------------------------------------------------------------------
642 -- {Start Of Comments}
643 --
644 -- Description:
645 -- Returns a boolean to indicate whether the person security
646 -- permissions for the user concerned have already been evaluated
647 -- and cached.
648 --
649 -- Prerequisites:
650 -- None.
651 --
652 -- In Parameters:
653 -- None.
654 --
658 -- Post Failure:
655 -- Post Success:
656 -- Processing continues without commiting.
657 --
659 -- The function should not fail.
660 --
661 -- Access Status:
662 -- Internal Development Use Only.
663 --
664 -- {End Of Comments}
665 --
666 FUNCTION per_access_known
667 RETURN BOOLEAN;
668 --
669 -- ----------------------------------------------------------------------------
670 -- |----------------------< show_organization >-------------------------------|
671 -- ----------------------------------------------------------------------------
672 -- {Start Of Comments}
673 --
674 -- Description:
675 -- Returns a TRUE/FALSE VARCHAR2 that determines whether the specified
676 -- organization can be seen for the given security profile cache. This
677 -- function simply checks the cached org table and so if the profile is
678 -- "view all orgs" no organizations will exist in the table. Before using
679 -- this function, check whether the profile restricts by organization first.
680 --
681 -- Prerequisites:
682 -- Verify that the profile restricts by organization prior to calling this
683 -- procedure: it will return FALSE if called with a View All or View All
684 -- Orgs profile context.
685 --
686 -- In Parameters:
687 -- p_organization_id: uniquely identifies the organization for which access
688 -- is being checked.
689 --
690 -- Post Success:
691 -- The function returns 'TRUE' or 'FALSE'.
692 --
693 -- Post Failure:
694 -- The function should not fail.
695 --
696 -- Access Status:
697 -- Internal Development Use Only.
698 --
699 -- {End Of Comments}
700 --
701 FUNCTION show_organization
702 (p_organization_id IN NUMBER)
703 RETURN VARCHAR2;
704 --
705 -- ----------------------------------------------------------------------------
706 -- |----------------------< show_position >-----------------------------------|
707 -- ----------------------------------------------------------------------------
708 -- {Start Of Comments}
709 --
710 -- Description:
711 -- Returns a TRUE/FALSE VARCHAR2 that determines whether the specified
712 -- position can be seen for the given security profile cache. This
713 -- function simply checks the cached pos table and so if the profile is
714 -- "view all pos" no positions will exist in the table. Before using
715 -- this function, check whether the profile restricts by position first.
716 --
717 -- Prerequisites:
718 -- Verify that the profile restricts by position prior to calling this
719 -- procedure: it will return FALSE if called with a View All or View All
720 -- Pos profile context.
721 --
722 -- In Parameters:
723 -- p_position_id: uniquely identifies the position for which access
724 -- is being checked.
725 --
726 -- Post Success:
727 -- The function returns 'TRUE' or 'FALSE'.
728 --
729 -- Post Failure:
730 -- The function should not fail.
731 --
732 -- Access Status:
733 -- Internal Development Use Only.
734 --
735 -- {End Of Comments}
736 --
737 FUNCTION show_position
738 (p_position_id IN NUMBER)
739 RETURN VARCHAR2;
740 --
741 -- ----------------------------------------------------------------------------
742 -- |----------------------< show_payroll >------------------------------------|
743 -- ----------------------------------------------------------------------------
744 -- {Start Of Comments}
745 --
746 -- Description:
747 -- Returns a TRUE/FALSE VARCHAR2 that determines whether the specified
748 -- payroll can be seen for the given security profile cache. This
749 -- function simply checks the cached pay table and so if the profile is
750 -- "view all pay" no payrolls will exist in the table. Before using
751 -- this function, check whether the profile restricts by payroll first.
752 --
753 -- Prerequisites:
754 -- Verify that the profile restricts by payroll prior to calling this
755 -- procedure: it will return FALSE if called with a View All or View All
756 -- Pay profile context.
757 --
758 -- In Parameters:
759 -- p_payroll_id: uniquely identifies the payroll for which access
760 -- is being checked.
761 --
762 -- Post Success:
763 -- The function returns 'TRUE' or 'FALSE'.
764 --
765 -- Post Failure:
766 -- The function should not fail.
767 --
768 -- Access Status:
769 -- Internal Development Use Only.
770 --
771 -- {End Of Comments}
772 --
773 FUNCTION show_payroll
774 (p_payroll_id IN NUMBER)
775 RETURN VARCHAR2;
776 --
777 -- ----------------------------------------------------------------------------
778 -- |----------------------< evaluate_access >---------------------------------|
779 -- ----------------------------------------------------------------------------
780 -- {Start Of Comments}
781 --
782 -- Description:
783 -- Evaluates security for a particular user and security profile pair.
784 -- The permissions are stored in cache and used by the secure views
785 -- for fast access.
786 --
787 -- Prerequisites:
788 -- When user-based security is used, the application contexts should be set,
789 -- for example, by virtue of starting an applications session or by
790 -- running fnd_global.apps_initialize.
791 --
792 -- In Parameters:
793 -- Name Reqd Type Description
794 -- p_person_id No Number ID of person.
795 -- p_user_id Yes Number ID of user; user's person
796 -- should match the ID
797 -- above.
798 -- p_effective_date Yes Date Effective date on which
802 -- security.
799 -- to evaluate security.
800 -- p_sec_prof_rec Yes Record PL/SQL record of security
801 -- profile, used to evaluate
803 -- p_what_to_evaluate No Number Indicates what security
804 -- should be assessed to
805 -- avoid unncessarily
806 -- evaluating security at
807 -- sign-on.
808 -- p_use_static_lists No Boolean If the static lists
809 -- are not used
810 -- (created using PERSLM)
811 -- permissions are
812 -- evaluated dynamically.
813 -- p_update_static_lists No Boolean Static lists can be
814 -- automatically updated
815 -- instead of updating through
816 -- PERSLM.
817 -- p_debug No Number Indicates the type of
818 -- debugging to use: PIPE
819 -- or concurrent request.
820 --
821 -- Post Success:
822 -- Permissions are cached; processing continues.
823 --
824 -- Post Failure:
825 -- Permissions are not cached; no error is raised.
826 --
827 -- Access Status:
828 -- Internal Development Use Only.
829 --
830 -- {End Of Comments}
831 --
832 PROCEDURE evaluate_access
833 (p_user_id IN NUMBER
834 ,p_effective_date IN DATE
835 ,p_sec_prof_rec IN g_sec_prof_r
836 ,p_person_id IN NUMBER DEFAULT NULL
837 ,p_what_to_evaluate IN NUMBER DEFAULT g_PER_SEC_ONLY
838 ,p_use_static_lists IN BOOLEAN DEFAULT TRUE
839 ,p_update_static_lists IN BOOLEAN DEFAULT FALSE
840 ,p_debug IN NUMBER DEFAULT g_NO_DEBUG);
841
842
843
844
845 --SSHR
846 PROCEDURE evaluate_access
847 (p_user_id IN NUMBER
848 ,p_effective_date IN DATE
849 ,p_sec_prof_rec IN g_sec_prof_r
850 ,p_person_id IN NUMBER DEFAULT NULL
851 ,p_what_to_evaluate IN NUMBER DEFAULT g_PER_SEC_ONLY
852 ,p_use_static_lists IN BOOLEAN DEFAULT TRUE
853 ,p_update_static_lists IN BOOLEAN DEFAULT FALSE
854 ,p_debug IN NUMBER DEFAULT g_NO_DEBUG
855 ,p_top_person_id IN NUMBER);
856
857 --SSHR
858
859 --
860 -- ----------------------------------------------------------------------------
861 -- |----------------------< user_in_static_lists >----------------------------|
862 -- ----------------------------------------------------------------------------
863 -- {Start Of Comments}
864 --
865 -- Description:
866 -- Returns a boolean to indicate whether the specified user has
867 -- permissions stored in any of the static lists.
868 --
869 -- Prerequisites:
870 -- None.
871 --
872 -- In Parameters:
873 -- Name Reqd Type Description
874 -- p_user_id Yes Number ID of user.
875 -- p_security_profile_id Yes Number ID of security profile.
876 --
877 -- Post Success:
878 -- A boolean is returned to indicate whether this user has any permissions
879 -- stored in static lists for this security profile.
880 --
881 -- Post Failure:
882 -- The boolean returns FALSE.
883 --
884 -- Access Status:
885 -- Internal Development Use Only.
886 --
887 -- {End Of Comments}
888 --
889 FUNCTION user_in_static_lists
890 (p_user_id IN NUMBER
891 ,p_security_profile_id IN NUMBER)
892 RETURN BOOLEAN;
893 --
894 -- ----------------------------------------------------------------------------
895 -- |----------------------< delete_static_lists_for_user >--------------------|
896 -- ----------------------------------------------------------------------------
897 -- {Start Of Comments}
898 --
899 -- Description:
900 -- Deletes the static lists for a specified user and specified security
901 -- profile. No commit is issued.
902 --
903 -- Prerequisites:
904 -- None.
905 --
906 -- In Parameters:
907 -- Name Reqd Type Description
908 -- p_user_id Yes Number ID of user.
909 -- p_security_profile_id Yes Number ID of security profile.
910 --
911 -- Post Success:
912 -- Static list permissions are deleted for the specified user and
913 -- security profile.
914 --
915 -- Post Failure:
916 -- The permissions are not deleted; no error is raised.
917 --
918 -- Access Status:
919 -- Internal Development Use Only.
920 --
921 PROCEDURE delete_static_lists_for_user
922 (p_user_id IN NUMBER
923 ,p_security_profile_id IN NUMBER);
924 --
925 -- ----------------------------------------------------------------------------
926 -- |----------------------< get_effective_date >------------------------------|
927 -- ----------------------------------------------------------------------------
928 -- {Start Of Comments}
929 --
930 -- Description:
931 -- Fetch the effective date used to assess security. This defaults
932 -- to the system date.
933 --
934 -- Prerequisites:
935 -- None.
936 --
937 -- In Parameters:
938 -- None
939 --
943 -- Post Failure:
940 -- Post Success:
941 -- Returns the effective date.
942 --
944 -- None.
945 --
946 -- Access Status:
947 -- Internal Development Use Only.
948 --
949 FUNCTION get_effective_date RETURN DATE;
950 --
951 -- ----------------------------------------------------------------------------
952 -- |----------------------< get_what_to_evaluate >----------------------------|
953 -- ----------------------------------------------------------------------------
954 -- {Start Of Comments}
955 --
956 -- Description:
957 -- Fetch the "what to evaluate" security type. This allows the assessment
958 -- of security permissions to be delayed from sign-on to on-demand.
959 -- Alternatively, it allows all permissions to be evaluated on the spot.
960 --
961 -- Prerequisites:
962 -- None.
963 --
964 -- In Parameters:
965 -- None
966 --
967 -- Post Success:
968 -- Returns the what to evaluate type.
969 --
970 -- Post Failure:
971 -- None.
972 --
973 -- Access Status:
974 -- Internal Development Use Only.
975 --
976 FUNCTION get_what_to_evaluate RETURN NUMBER;
977 --
978 -- ----------------------------------------------------------------------------
979 -- |----------------------< get_use_static_lists >----------------------------|
980 -- ----------------------------------------------------------------------------
981 -- {Start Of Comments}
982 --
983 -- Description:
984 -- Determines whether static lists should be used or not. This only
985 -- applies where appropriate, for example, user-based security does not
986 -- use static lists unless the user has had static lists built.
987 --
988 -- Prerequisites:
989 -- None.
990 --
991 -- In Parameters:
992 -- None
993 --
994 -- Post Success:
995 -- Returns a boolean indicating whether static lists should be used.
996 --
997 -- Post Failure:
998 -- None.
999 --
1000 -- Access Status:
1001 -- Internal Development Use Only.
1002 --
1003 FUNCTION get_use_static_lists RETURN BOOLEAN;
1004 --
1005
1006 --
1007 -- ----------------------------------------------------------------------------
1008 -- |-------------------< delete_security_list_for_bg >-------------------------|
1009 -- ----------------------------------------------------------------------------
1010 -- {Start Of Comments}
1011 --
1012 -- Description:
1013 -- Deletes all the entries for a given business group from the following
1014 -- security list tables:
1015 --
1016 -- pay_security_payrolls
1017 -- pay_payroll_list
1018 -- per_person_list
1019 -- per_position_list
1020 -- per_organization_list
1021 -- per_security_profiles
1022 --
1023 --
1024 -- Prerequisites:
1025 -- None.
1026 --
1027 -- In Parameters:
1028 -- Name Reqd Type Description
1029 -- p_business_group_id YES Number ID of Business Group.
1030
1031 --
1032 -- Post Success:
1033 -- All entries for a business group in the security list tables are removed.
1034 --
1035 -- Post Failure:
1036 -- None.
1037 --
1038 -- Access Status:
1039 -- Internal Development Use Only.
1040 --
1041 PROCEDURE delete_security_list_for_bg(p_business_group_id number);
1042 --
1043 --
1044 -- ----------------------------------------------------------------------------
1045 -- |------------------< delete_per_from_security_list >-----------------------|
1046 -- ----------------------------------------------------------------------------
1047 -- {Start Of Comments}
1048 --
1049 -- Description:
1050 -- Removes a person entries from static security list.
1051 --
1052 -- Prerequisites:
1053 -- None.
1054 --
1055 -- In Parameters:
1056 -- Name Reqd Type Description
1057 -- p_person_id YES Number ID of Person.
1058 --
1059 -- Post Success:
1060 -- A person entries are deleted from per_person_list table.
1061 --
1062 -- Post Failure:
1063 -- None.
1064 --
1065 -- Access Status:
1066 -- Internal Development Use Only.
1067 --
1068 PROCEDURE delete_per_from_security_list(p_person_id in number);
1069 --
1070 --
1071 -- ----------------------------------------------------------------------------
1072 -- |----------------------< add_org_to_security_list >------------------------|
1073 -- ----------------------------------------------------------------------------
1074 -- {Start Of Comments}
1075 --
1076 -- Description:
1077 -- Adds an organization entry for a security profile to static
1078 -- security list.
1079 --
1080 -- Prerequisites:
1081 -- None.
1082 --
1083 -- In Parameters:
1084 -- Name Reqd Type Description
1085 -- P_Security_Profile_Id YES Number ID of security Profile
1086 -- p_organization_id YES Number ID of Person.
1087 --
1088 -- Post Success:
1089 -- An organization entry is added for a security profile in the
1090 -- per_organization_list table.
1091 --
1092 -- Post Failure:
1093 -- None.
1094 --
1095 -- Access Status:
1096 -- Internal Development Use Only.
1097 --
1098 PROCEDURE add_org_to_security_list(p_security_profile_id in number,
1099 p_organization_id in number);
1100 --
1101 --
1102 -- ----------------------------------------------------------------------------
1103 -- |------------------< delete_org_from_security_list >-----------------------|
1104 -- ----------------------------------------------------------------------------
1105 -- {Start Of Comments}
1106 --
1107 -- Description:
1111 -- Prerequisites:
1108 -- Removes organization entries for specified organization from the static
1109 -- security list.
1110 --
1112 -- None.
1113 --
1114 -- In Parameters:
1115 -- Name Reqd Type Description
1116 -- p_organization_id YES Number ID of Person.
1117 --
1118 -- Post Success:
1119 -- An organization entries are deleted from per_organization_list table
1120 -- for a specified organization_id.
1121 --
1122 -- Post Failure:
1123 -- None.
1124 --
1125 -- Access Status:
1126 -- Internal Development Use Only.
1127 --
1128 PROCEDURE delete_org_from_security_list(p_organization_id in number);
1129 --
1130 --
1131 -- ----------------------------------------------------------------------------
1132 -- |--------------------< add_pos_to_security_list >------------------------|
1133 -- ----------------------------------------------------------------------------
1134 -- {Start Of Comments}
1135 --
1136 -- Description:
1137 -- Adds a position entry for a security profile to static
1138 -- security list.
1139 --
1140 -- Prerequisites:
1141 -- None.
1142 --
1143 -- In Parameters:
1144 -- Name Reqd Type Description
1145 -- P_Security_Profile_Id YES Number ID of security Profile
1146 -- p_position_id YES Number ID of Position
1147 --
1148 -- Post Success:
1149 -- An position entry is added for a security profile in the
1150 -- per_position_list table.
1151 --
1152 -- Post Failure:
1153 -- None.
1154 --
1155 -- Access Status:
1156 -- Internal Development Use Only.
1157 --
1158 PROCEDURE add_pos_to_security_list(p_security_profile_id in number,
1159 p_position_id in number);
1160 --
1161 --
1162 -- ----------------------------------------------------------------------------
1163 -- |------------------< delete_pos_from_security_list >-----------------------|
1164 -- ----------------------------------------------------------------------------
1165 -- {Start Of Comments}
1166 --
1167 -- Description:
1168 -- Removes position entries for specified position from the static
1169 -- security list.
1170 --
1171 -- Prerequisites:
1172 -- None.
1173 --
1174 -- In Parameters:
1175 -- Name Reqd Type Description
1176 -- p_position_id YES Number ID of Position.
1177 --
1178 -- Post Success:
1179 -- A position entries are deleted from per_position_list table
1180 -- for a specified position_id.
1181 --
1182 -- Post Failure:
1183 -- None.
1184 --
1185 -- Access Status:
1186 -- Internal Development Use Only.
1187 --
1188 PROCEDURE delete_pos_from_security_list(p_position_id in number);
1189 --
1190 --
1191 -- ----------------------------------------------------------------------------
1192 -- |----------------- delete_payroll_from_security_list >---------------------|
1193 -- ----------------------------------------------------------------------------
1194 -- {Start Of Comments}
1195 --
1196 -- Description:
1197 -- Removes payroll entries for specified payroll from the static
1198 -- security list.
1199 --
1200 -- Prerequisites:
1201 -- None.
1202 --
1203 -- In Parameters:
1204 -- Name Reqd Type Description
1205 -- p_payroll_id YES Number ID of Payroll.
1206 --
1207 -- Post Success:
1208 -- A payroll entries are deleted from pay_payroll_list table
1209 -- for a specified payroll_id.
1210 --
1211 -- Post Failure:
1212 -- None.
1213 --
1214 -- Access Status:
1215 -- Internal Development Use Only.
1216 --
1217 PROCEDURE delete_pay_from_security_list(p_payroll_id number);
1218 --
1219
1220 --
1221 -- ----------------------------------------------------------------------------
1222 -- |----------------------- populate_asg_perf_table >-------------------------|
1223 -- ----------------------------------------------------------------------------
1224 -- {Start Of Comments}
1225 --
1226 -- Description:
1227 -- Populate PER_ALL_ASSIGNMENTS_F_PERF with data from
1228 -- PER_ALL_ASSIGNMENTS_F table.
1229 --
1230 -- Prerequisites:
1231 -- None.
1232 --
1233 -- In Parameters:
1234 -- Name Reqd Type Description
1235 -- P_TABLE Yes Varchar2 Performance Table
1236 --
1237 -- Post Success:
1238 -- PER_ALL_ASSIGNMENTS_F_PERF populated with data from
1239 -- PER_ALL_ASSIGNMENTS_F table
1240 --
1241 -- Post Failure:
1242 -- None.
1243 --
1244 -- Access Status:
1245 -- Internal Development Use Only.
1246 --
1247 PROCEDURE populate_asg_perf_table(errbuf OUT NOCOPY VARCHAR2
1248 ,retcode OUT NOCOPY VARCHAR2
1249 ,p_table IN VARCHAR2);
1250 --
1251 END hr_security_internal;