1 Package Body HR_SECURITY_INTERNAL as
2 /* $Header: pesecbsi.pkb 120.24.12020000.4 2013/03/05 06:33:05 swrajapa ship $ */
3
4 --
5 -- Stores details of what security permission have been cached for a
6 -- particular person.
7 --
8 TYPE g_access_known_r IS RECORD
9 (person_id NUMBER
10 ,user_id NUMBER
11 ,effective_date DATE
12 ,security_profile_id NUMBER
13 ,org BOOLEAN DEFAULT FALSE
14 ,pos BOOLEAN DEFAULT FALSE
15 ,pay BOOLEAN DEFAULT FALSE
16 ,per BOOLEAN DEFAULT FALSE);
17
18 --
19 -- Package Private Constants
20 --
21 g_PACKAGE CONSTANT VARCHAR2(23) := 'hr_security_internal.';
22
23 --
24 -- Package Private Variables
25 --
26 g_access_known_rec g_access_known_r;
27 g_assignments_tbl g_assignments_t;
28 g_debug BOOLEAN := hr_utility.debug_enabled;
29 g_session_context NUMBER;
30
31 --
32 -- Proprietory debugging. Allows for concurrent request output, etc.
33 -- (see procedures "op").
34 --
35 g_dbg_type NUMBER := g_NO_DEBUG;
36 g_dbg BOOLEAN := g_debug;
37
38 --
39 -- ----------------------------------------------------------------------------
40 -- |------------------------< populate_new_payroll >--------------------------|
41 -- ----------------------------------------------------------------------------
42 --
43 procedure populate_new_payroll
44 (p_business_group_id in number
45 ,p_payroll_id in number) is
46 --
47 l_proc varchar2(72) := g_package||'populate_new_payroll';
48 --
49 begin
50 hr_utility.set_location('Entering:'|| l_proc, 10);
51 --
52 -- Insert new payroll into all payroll lists for all profiles which
53 -- Restrict access to payrolls.
54 --
55 insert into pay_payroll_list (payroll_id, security_profile_id)
56 select p_payroll_id, psp.security_profile_id
57 from per_security_profiles psp
58 where psp.view_all_flag <> 'Y'
59 and (( psp.view_all_payrolls_flag <> 'Y'
60 and business_group_id = p_business_group_id)
61 or ( psp.view_all_payrolls_flag <> 'Y'
62 and business_group_id is null))
63 and not exists
64 (select 1
65 from pay_payroll_list ppl
66 where ppl.security_profile_id = psp.security_profile_id
67 and ppl.payroll_id = p_payroll_id);
68
69 hr_utility.set_location('Leaving:'|| l_proc, 30);
70 end;
71 --
72 -- ----------------------------------------------------------------------------
73 -- |-------------------------< populate_new_contact>--------------------------|
74 -- ----------------------------------------------------------------------------
75 --
76 procedure populate_new_contact(
77 p_business_group_id in number
78 ,p_person_id in number
79 ) is
80 --
81 l_proc varchar2(72) := g_package||'populate_new_contact';
82 l_prog_id number(15) := fnd_profile.value('CONC_PROGRAM_ID');
83 l_req_id number(15) := fnd_profile.value('CONC_REQUEST_ID');
84 l_appl_id number(15) := fnd_profile.value('CONC_PROGRAM_APPLICATION_ID');
85 l_upd_date date := trunc(sysdate);
86 --
87 begin
88 --
89 hr_utility.set_location('Entering:'|| l_proc, 10);
90 --
91 -- Insert new contact into all person lists for all profiles which:
92 -- a) Restrict access to contacts
93 -- b) No restriction for contacts but candidates are restricted.
94 insert into per_person_list(person_id, security_profile_id, request_id
95 ,program_application_id, program_id
96 ,program_update_date)
97 select p_person_id, psp.security_profile_id, l_req_id, l_appl_id,
98 l_prog_id, l_upd_date
99 from per_security_profiles psp
100 where psp.view_all_flag <> 'Y'
101 and (((psp.view_all_contacts_flag <> 'Y' or
102 (psp.view_all_contacts_flag = 'Y' and
103 psp.view_all_candidates_flag = 'X')) and
104 business_group_id = p_business_group_id) or
105 ((psp.view_all_contacts_flag <> 'Y' or
106 (psp.view_all_contacts_flag = 'Y' and
107 psp.view_all_candidates_flag = 'X')) and
108 business_group_id is null))
109 and not exists
110 (select 1
111 from per_person_list ppl
112 where ppl.security_profile_id = psp.security_profile_id
113 and ppl.person_id = p_person_id);
114 --
115 hr_utility.set_location(l_proc, 20);
116 --
117 hr_security.add_person(p_person_id);
118 --
119 hr_utility.set_location('Leaving:'|| l_proc, 30);
120 --
121 end;
122 --
123 -- ----------------------------------------------------------------------------
124 -- |-------------------------< populate_new_person >--------------------------|
125 -- ----------------------------------------------------------------------------
126 --
127 procedure populate_new_person
128 (p_business_group_id in number
129 ,p_person_id in number) is
130 --
131 l_proc varchar2(72) := g_package||'populate_new_person';
132 l_program_id number(15) := fnd_profile.value('CONC_PROGRAM_ID');
133 l_request_id number(15) := fnd_profile.value('CONC_REQUEST_ID');
134 l_program_application_id number(15) := fnd_profile.value('CONC_PROGRAM_APPLICATION_ID');
135 l_update_date date := trunc(sysdate);
136 --
137 begin
138 hr_utility.set_location('Entering:'|| l_proc, 10);
139 --
140 -- insert the new person in to all person lists for all profiles
141 -- for the business group and all global profiles which are restricted
142 -- in someway but not if there are user-based restrictions because in this
143 -- case there are no static lists maintained.
144 --
145 -- This is a change in behaviour arising from bug 2237407. Previously we only
146 -- gave access to profiles which could see the business group. This caused
147 -- problems where :
148 -- a) profile is restrict by payroll but view all orgs(no records in org
149 -- list so no match on the BG in the org list although that does not
150 -- mean the BG is not visible)
151 -- b) profile explicitly does not have access to BG(record goes out of scope
152 -- immediately without giving the creator a chance to move person
153 -- to correct org. This one is in the twilight zone, as the person will go
154 -- invisible to the current user at the next LISTGEN run anyway)
155 --
156 INSERT INTO PER_PERSON_LIST
157 (PERSON_ID
158 ,SECURITY_PROFILE_ID
159 ,REQUEST_ID
160 ,PROGRAM_APPLICATION_ID
161 ,PROGRAM_ID
162 ,PROGRAM_UPDATE_DATE)
163 select p_person_id, psp.security_profile_id, l_request_id,
164 l_program_application_id, l_program_id, l_update_date
165 from per_security_profiles psp
166 where psp.view_all_flag <> 'Y'
167 and ((
168 ( (psp.view_all_organizations_flag <> 'Y' and
169 nvl(psp.top_organization_method, 'S') <> 'U')
170 or psp.view_all_payrolls_flag <> 'Y'
171 or (psp.view_all_positions_flag <> 'Y' and
172 nvl(psp.top_position_method, 'S') <> 'U')
173 or nvl(psp.custom_restriction_flag, 'N') = 'Y')
174 and business_group_id = p_business_group_id)
175 or
176 ( ( psp.view_all_organizations_flag <> 'Y'
177 or NVL(psp.custom_restriction_flag, 'N') = 'Y')
178 and business_group_id is null))
179 and not exists
180 (select 1
181 from per_person_list ppl
182 where ppl.security_profile_id = psp.security_profile_id
183 and ppl.granted_user_id is null
184 and ppl.person_id = p_person_id);
185 --
186 hr_utility.set_location(l_proc, 20);
187 --
188 hr_security.add_person(p_person_id);
189 --
190 hr_utility.set_location(' Leaving:'||l_proc, 30);
191 exception
192 when NO_DATA_FOUND then
193 hr_utility.set_location(l_proc, 30);
194 end populate_new_person;
195
196 -- ----------------------------------------------------------------------------
197 -- |-----------------------< clear_from_person_list >-------------------------|
198 -- ----------------------------------------------------------------------------
199 --
200 procedure clear_from_person_list
201 (p_person_id in number) is
202 --
203 l_proc varchar2(72) := g_package||'clear_person_list';
204 --
205 begin
206 hr_utility.set_location('Entering:'|| l_proc, 10);
207 -- remove the person from the list
208 delete from per_person_list
209 where person_id=p_person_id
210 and security_profile_id is not null;
211 --
212 hr_utility.set_location(l_proc, 20);
213 --
214 hr_security.remove_person(p_person_id);
215 --
216 hr_utility.set_location(' Leaving:'||l_proc, 30);
217 exception
218 when NO_DATA_FOUND then
219 hr_utility.set_location(l_proc, 30);
220 end clear_from_person_list;
221 --
222 -- ----------------------------------------------------------------------------
223 -- |---------------------------< evaluate_custom >----------------------------|
224 -- ----------------------------------------------------------------------------
225 --
226 function evaluate_custom
227 (p_assignment_id in number,
228 p_restriction_text in varchar2,
229 p_effective_date in date) return varchar2
230 is
231 TYPE seccurtyp IS REF CURSOR;
232 cursor_cv seccurtyp;
233 l_execution_stmt varchar2(5000);
234 l_exec_str_print varchar2(5000);
235 l_dummy number;
236 --
237 l_proc varchar2(72) := g_package||'evaluate_custom';
238 --
239 begin
240 --
241 --
242 l_execution_stmt :=
243 'select 1
244 from per_all_assignments_f ASSIGNMENT,
245 per_all_people_f PERSON,
246 per_person_type_usages_f PERSON_TYPE
247 where ASSIGNMENT.assignment_id = :asg_id
248 and to_date(:asg_eff_date,''dd-mon-yyyy'')
249 between ASSIGNMENT.effective_start_date
250 and ASSIGNMENT.effective_end_date
251 and PERSON.person_id = ASSIGNMENT.person_id
252 and to_date(:per_eff_date,''dd-mon-yyyy'')
253 between PERSON.effective_start_date
254 and PERSON.effective_end_date
255 and PERSON.person_id = PERSON_TYPE.person_id
256 and to_date(:ptu_eff_date,''dd-mon-yyyy'')
257 between PERSON_TYPE.effective_start_date
258 and PERSON_TYPE.effective_end_date';
259 --
260 -- Added as part of fix for bug 2506541
261 --
262 IF p_restriction_text IS NOT NULL THEN
263 --
264 --
265 l_execution_stmt := l_execution_stmt||' and '||p_restriction_text;
266 hr_utility.trace('Custom security is in use.');
267 --
268 END IF;
269 --
270 if g_debug then
271 hr_utility.trace(P_restriction_text);
272 l_exec_str_print:=l_execution_stmt;
273 while length(l_exec_str_print)>0 loop
274 hr_utility.trace(substr(l_exec_str_print,1,70));
275 l_exec_str_print:=substr(l_exec_str_print,71);
276 end loop;
277 end if;
278
279 open cursor_cv for l_execution_stmt
280 using p_assignment_id, to_char(p_effective_date,'dd-mon-yyyy'),
281 to_char(p_effective_date,'dd-mon-yyyy'),
282 to_char(p_effective_date,'dd-mon-yyyy');
283 fetch cursor_cv into l_dummy;
284 if cursor_cv%notfound then
285 close cursor_cv;
286 return 'FALSE';
287 end if;
288 close cursor_cv;
289 --
290 return 'TRUE';
291 end;
292 --
293 -- ----------------------------------------------------------------------------
294 -- |--------------------------< add_to_person_list > --OVERLOAD---------------|
295 -- ----------------------------------------------------------------------------
296 --
297 procedure add_to_person_list(
298 p_effective_date in date
299 ,p_assignment_id in number
300 ) is
301 --
302 begin
303 --
304 -- Call main version of routine to define access for all profiles.
305 add_to_person_list(p_effective_date => p_effective_date,
306 p_assignment_id => p_assignment_id,
307 p_business_group_id => null,
308 p_generation_scope => 'ALL_PROFILES');
309 --
310 end;
311 --
312 -- ----------------------------------------------------------------------------
313 -- |--------------------------< add_to_person_list >--------------------------|
314 -- ----------------------------------------------------------------------------
315 --
316 procedure add_to_person_list(
317 p_effective_date in date
318 ,p_assignment_id in number
319 ,p_business_group_id in number default null
320 ,p_generation_scope in varchar2 default 'ALL_PROFILES') is
321 --
322 cursor asg_details is
323 select paf.person_id,
324 paf.organization_id,
325 paf.position_id,
326 paf.payroll_id,
327 paf.business_group_id,
328 paf.assignment_type,
329 ppf.current_employee_flag,
330 ppf.current_npw_flag
331 from per_all_assignments_f paf,
332 per_all_people_f ppf
333 where paf.assignment_id = p_assignment_id
334 and p_effective_date between paf.effective_start_date
335 and paf.effective_end_date
336 and paf.person_id = ppf.person_id
337 and p_effective_date between ppf.effective_start_date
338 and ppf.effective_end_date;
339 --
340 l_person_id per_all_assignments_f.person_id%type;
341 l_organization_id per_all_assignments_f.organization_id%type;
342 l_position_id per_all_assignments_f.position_id%type;
343 l_payroll_id per_all_assignments_f.payroll_id%type;
344 l_business_group_id per_all_assignments_f.business_group_id%type;
345 l_assignment_type per_all_assignments_f.assignment_type%type;
346 l_current_employee_flag per_all_people_f.current_employee_flag%type;
347 l_current_npw_flag per_all_people_f.current_npw_flag%type;
348 --
349 l_program_id number(15) := fnd_profile.value('CONC_PROGRAM_ID');
350 l_request_id number(15) := fnd_profile.value('CONC_REQUEST_ID');
351 l_prog_appl_id number(15) := fnd_profile.value('CONC_PROGRAM_APPLICATION_ID');
352 l_update_date date := trunc(sysdate);
353 --
354 l_proc varchar2(72) := g_package||'add_to_person_list';
355 --
356 l_bggr_str varchar2(1000);
357 l_asgt_str varchar2(2000);
358 l_from_str varchar2(2000);
359 l_inst_str varchar2(3000);
360 l_comm_str varchar2(5000);
361 l_cond_str varchar2(5000);
362 l_exec_str varchar2(18000);
363 l_exec_str_print varchar2(18000);
364 -- Declare the variables for the literal( for performance bug 5580144)
365 l_all varchar2(1) := 'Y';
366 l_Restrict varchar2(1) := 'N';
367 l_none varchar2(1) := 'X';
368 l_U varchar2(1) := 'U';
369 l_S varchar2(1) := 'S';
370 l_true varchar2(4) := 'TRUE';
371 l_false varchar2(5) := 'FALSE';
372 --
373 l_collection_index number:=0;
374
375 -- This is used as a temp variable to collect the values for each Select Sql.
376 TYPE l_security_profie_type_temp IS TABLE OF per_security_profiles.security_profile_id%TYPE INDEX BY BINARY_INTEGER;
377 l_security_profie_table_temp l_security_profie_type_temp;
378
379 -- This is used to store all the Records which need to be inserted after the
380 -- completion of the bulk select.
381 TYPE l_security_profie_type IS TABLE OF per_security_profiles.security_profile_id%TYPE INDEX BY BINARY_INTEGER;
382 l_security_profie_table l_security_profie_type;
383
384 -- This procedure is used to populate the final copy of the PL/Sql table
385 -- before inserting the records in the table.
386
387 PROCEDURE add_to_cache IS
388 l_proc varchar2(100):= 'add_to_person_list.add_to_cache';
389 Begin
390 if g_debug then
391 hr_utility.set_location('Entering '||l_proc, 10);
392 End if;
393 If l_security_profie_table_temp.count > 0 then
394 if g_debug then
395 hr_utility.set_location(l_proc, 20);
396 End if;
397 for I in l_security_profie_table_temp.first .. l_security_profie_table_temp.last
398 loop
399 -- l_security_profie_table.extend;
400 l_security_profie_table(l_collection_index + i):= l_security_profie_table_temp(i);
401 end loop;
402 l_collection_index := l_security_profie_table.last;
403 End if;
404 if g_debug then
405 hr_utility.set_location('Leaveing '||l_proc, 30);
406 End if;
407 End;
408
409
410 PROCEDURE INSERT_CACHE_TO_LIST IS
411 errors Number;
412 l_cnt Number;
413 dml_errors EXCEPTION;
414 PRAGMA exception_init(dml_errors, -24381);
415 l_proc varchar2(100):= 'add_to_person_list.insert_cache_to_list';
416 Begin
417 if g_debug then
418 hr_utility.set_location('Entering '||l_proc, 10);
419 End if;
420 If l_security_profie_table.count > 0 then
421 if g_debug then
422 hr_utility.set_location(l_proc, 20);
423 End if;
424 forall per_rec in l_security_profie_table.first .. l_security_profie_table.last
425 SAVE EXCEPTIONS
426 Insert into per_person_list(security_profile_id,
427 person_id,request_id,
428 program_application_id,
429 program_id,
430 program_update_date)
431 values(l_security_profie_table(per_rec),
432 l_person_id,
433 nvl(l_request_id, ''),
434 nvl(l_prog_appl_id, ''),
435 nvl(l_program_id, ''),
436 to_date(to_char(l_update_date,'dd/mm/yyyy'), 'dd/mm/yyyy')
437 );
438 End if;
439 if g_debug then
440 hr_utility.set_location('Leaveing '||l_proc, 30);
441 End if;
442 Exception
443 WHEN dml_errors THEN
444 errors := SQL%BULK_EXCEPTIONS.COUNT;
445 l_cnt := l_cnt + errors;
446 FOR i IN 1..errors LOOP
447 If g_debug then
448 hr_utility.trace ('Error occurred during iteration ' ||
449 SQL%BULK_EXCEPTIONS(i).ERROR_INDEX ||' Oracle error is ' ||
450 SQL%BULK_EXCEPTIONS(i).ERROR_CODE );
451 End if;
452 If SQL%BULK_EXCEPTIONS(i).ERROR_CODE <> 1 then
453 raise;
454 End if;
455 End loop;
456 WHEN OTHERS THEN
457 raise;
458 End;
459
460 Begin
461 --
462 if g_debug then
463 hr_utility.set_location('Entering:'|| l_proc, 10);
464 end if;
465 --
466 open asg_details;
467 fetch asg_details into
468 l_person_id,
469 l_organization_id,
470 l_position_id,
471 l_payroll_id,
472 l_business_group_id,
473 l_assignment_type,
474 l_current_employee_flag,
475 l_current_npw_flag;
476 --
477 if g_debug then
478 hr_utility.set_location(l_proc, 30);
479 hr_utility.set_location('Program ID '|| to_char(l_program_id), 35);
480 end if;
481 --
482 if(asg_details%found) then
483 --
484 close asg_details;
485 --
486 if p_generation_scope = 'ALL_BUS_GRP' then
487 hr_utility.set_location(l_proc, 31);
488 l_bggr_str := ' sec.business_group_id = :l_business_group_id and ';
489 end if;
490 if p_generation_scope = 'ALL_GLOBAL' then
491 hr_utility.set_location(l_proc, 32);
492 l_bggr_str := ' sec.business_group_id is null and ';
493 end if;
494 if p_generation_scope = 'ALL_PROFILES' then
495 hr_utility.set_location(l_proc, 33);
496 l_bggr_str := ' (sec.business_group_id = :l_business_group_id
497 or sec.business_group_id is null) and ';
498 end if;
499 --
500 if l_assignment_type = 'E' then
501 hr_utility.set_location(l_proc, 34);
502 l_asgt_str := ' (sec.view_all_employees_flag = :l_Restrict or
503 (sec.view_all_employees_flag = :l_all and
504 (sec.view_all_contacts_flag = :l_Restrict or
505 (sec.view_all_contacts_flag = :l_all and
506 sec.view_all_candidates_flag = :l_None)))) and ';
507 end if;
508 if l_assignment_type = 'C' then
509 hr_utility.set_location(l_proc, 35);
510 l_asgt_str := ' (sec.view_all_cwk_flag = :l_Restrict or
511 (sec.view_all_cwk_flag = :l_all and
512 (sec.view_all_contacts_flag = :l_Restrict or
513 (sec.view_all_contacts_flag = :l_all and
514 sec.view_all_candidates_flag = :l_None)))) and ';
515 end if;
516 if l_assignment_type = 'A' then
517 hr_utility.set_location(l_proc, 36);
518 l_asgt_str := ' (sec.view_all_applicants_flag = :l_Restrict or
519 (sec.view_all_applicants_flag = :l_all and
520 (sec.view_all_contacts_flag = :l_Restrict or
521 (sec.view_all_contacts_flag = :l_all and
522 sec.view_all_candidates_flag = :l_None)))) and ';
523 end if;
524 --
525 l_inst_str := ' select sec.security_profile_id '; --
526 l_comm_str := ' decode(sec.custom_restriction_flag,:l_Restrict,:l_true,:l_U,:l_FALSE,
527 null,:l_true,hr_security_internal.evaluate_custom(
528 :p_assignment_id , sec.restriction_text,
529 to_date(to_char(:p_effective_date, ''dd/mm/yyyy'')
530 , ''dd/mm/yyyy''))) = :l_true and not exists (
531 select 1 from per_person_list ppl
532 where ppl.person_id = :l_person_id
533 and ppl.granted_user_id is null
534 and ppl.security_profile_id = sec.security_profile_id) ';
535 -- if position is null
536 if l_position_id is null then
537 -- if position and payroll are null
538 if l_payroll_id is null then
539 --
540 -- add to all lists with matching organization id - A
541 --
542 -- The basic structure of all the select's in this procedure
543 -- is indentical. The following comments apply to all statements.
544 begin
545 --
546 if g_debug then
547 hr_utility.set_location(l_proc, 40);
548 end if;
549 --
550 l_from_str := ' from per_security_profiles sec,
551 per_organization_list org ';
552 --
553 -- Modified for bug 11737636
554 l_cond_str := ' org.security_profile_id = sec.security_profile_id
555 and org.organization_id = :l_organization_id
556 and sec.view_all_organizations_flag = :l_Restrict
557 and nvl(sec.top_organization_method, :l_S) <> :l_U
558 and sec.VIEW_ALL_PAYROLLS_FLAG <> :l_Restrict
559 and sec.VIEW_ALL_POSITIONS_FLAG <> :l_Restrict
560 and ';
561 --
562 l_exec_str := l_inst_str||l_from_str||' where '||
563 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
564
565 if g_debug then
566 l_exec_str_print:= l_exec_str;
567 while length(l_exec_str_print)>0 loop
568 hr_utility.trace(substr(l_exec_str_print,1,70));
569 l_exec_str_print:=substr(l_exec_str_print,71);
570 end loop;
571 End if;
572 if p_generation_scope = 'ALL_GLOBAL' then
573 execute immediate l_exec_str
574 bulk collect into l_security_profie_table_temp
575 using
576 l_Restrict, --l_asgt_str
577 l_all, --l_asgt_str
578 l_Restrict, --l_asgt_str
579 l_all, --l_asgt_str
580 l_None, --l_asgt_str
581 l_organization_id, --l_cond_str
582 l_Restrict, --l_cond_str
583 l_S, --l_cond_str
584 l_U, --l_cond_str
585 l_Restrict, --l_cond_str -- added for bug 11737636
586 l_Restrict, --l_cond_str -- added for bug 11737636
587 l_Restrict, --l_comm_str
588 l_true, --l_comm_str
589 l_U, --l_comm_str
590 l_FALSE, --l_comm_str
591 l_true, --l_comm_str
592 p_assignment_id, --l_comm_str
593 p_effective_date, --l_comm_str
594 l_true, --l_comm_str
595 l_person_id; --l_comm_str
596 else
597 execute immediate l_exec_str
598 bulk collect into l_security_profie_table_temp
599 using
600 l_business_group_id,--l_bggr_str
601 l_Restrict, --l_asgt_str
602 l_all, --l_asgt_str
603 l_Restrict, --l_asgt_str
604 l_all, --l_asgt_str
605 l_None, --l_asgt_str
606 l_organization_id, --l_cond_str
607 l_Restrict, --l_cond_str
608 l_S, --l_cond_str
609 l_U, --l_cond_str
610 l_Restrict, --l_cond_str -- added for bug 11737636
611 l_Restrict, --l_cond_str -- added for bug 11737636
612 l_Restrict, --l_comm_str
613 l_true, --l_comm_str
614 l_U, --l_comm_str
615 l_FALSE, --l_comm_str
616 l_true, --l_comm_str
617 p_assignment_id, --l_comm_str
618 p_effective_date, --l_comm_str
619 l_true, --l_comm_str
620 l_person_id; --l_comm_str
621 end if;
622 add_to_cache;
623 exception
624 --
625 -- If no data found handle exception so that other
626 -- inserts can go ahead.
627 --
628 when no_data_found then
629 if g_debug then
630 hr_utility.set_location(l_proc, 50);
631 end if;
632 null;
633 when others then
634 if g_debug then
635 hr_utility.set_location(l_proc||sqlerrm, 60);
636 hr_utility.set_location(l_proc, 60);
637 end if;
638 raise;
639 end;
640 --
641 -- add to all lists which don't care about organization - B
642 -- but do have restrictions on Position or Payroll
643 begin
644 --
645 if g_debug then
646 hr_utility.set_location(l_proc, 70);
647 end if;
648 --
649 l_from_str := ' from per_security_profiles sec ';
650 --
651 -- Changed for bug 11737636
652 l_cond_str := ' sec.view_all_organizations_flag = :l_all
653 and ((sec.view_all_positions_flag = :l_Restrict
654 and nvl(sec.top_position_method, :l_S) <> :l_U)
655 or sec.view_all_payrolls_flag <> :l_Restrict)
656 and sec.view_all_flag = :l_Restrict and ';
657 --
658 l_exec_str := l_inst_str||l_from_str||' where '||
659 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
660 --
661 if g_debug then
662 l_exec_str_print:= l_exec_str;
663 while length(l_exec_str_print)>0 loop
664 hr_utility.trace(substr(l_exec_str_print,1,70));
665 l_exec_str_print:=substr(l_exec_str_print,71);
666 end loop;
667 End if;
668 -- execute immediate l_exec_str;
669 if p_generation_scope = 'ALL_GLOBAL' then
670 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
671 using
672 l_Restrict, --l_asgt_str
673 l_all, --l_asgt_str
674 l_Restrict, --l_asgt_str
675 l_all, --l_asgt_str
676 l_None, --l_asgt_str
677 l_all, --l_cond_str
678 l_Restrict, --l_cond_str
679 l_S, --l_cond_str
680 l_U, --l_cond_str
681 l_Restrict, --l_cond_str
682 l_Restrict, --l_cond_str
683 l_Restrict, --l_comm_str
684 l_true, --l_comm_str
685 l_U, --l_comm_str
686 l_FALSE, --l_comm_str
687 l_true, --l_comm_str
688 p_assignment_id, --l_comm_str
689 p_effective_date, --l_comm_str
690 l_true, --l_comm_str
691 l_person_id; --l_comm_str
692 else
693 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
694 using
695 l_business_group_id,--l_bggr_str
696 l_Restrict, --l_asgt_str
697 l_all, --l_asgt_str
698 l_Restrict, --l_asgt_str
699 l_all, --l_asgt_str
700 l_None, --l_asgt_str
701 l_all, --l_cond_str
702 l_Restrict, --l_cond_str
703 l_S, --l_cond_str
704 l_U, --l_cond_str
705 l_Restrict, --l_cond_str
706 l_Restrict, --l_cond_str
707 l_Restrict, --l_comm_str
708 l_true, --l_comm_str
709 l_U, --l_comm_str
710 l_FALSE, --l_comm_str
711 l_true, --l_comm_str
712 p_assignment_id, --l_comm_str
713 p_effective_date, --l_comm_str
714 l_true, --l_comm_str
715 l_person_id; --l_comm_str
716 end if;
717 add_to_cache;
718 --
719 exception
720 --
721 -- If no data found handle exception so that other
722 -- inserts can go ahead.
723 --
724 when no_data_found then
725 if g_debug then
726 hr_utility.set_location(l_proc, 80);
727 end if;
728 null;
729 when others then
730 if g_debug then
731 hr_utility.set_location(l_proc||sqlerrm, 90);
732 hr_utility.set_location(l_proc, 90);
733 end if;
734 raise;
735 end;
736 --
737 -- add to all lists which don't care about organization, - B1
738 -- Position or Payroll but which do have a custom restriction.
739 begin
740 --
741 if g_debug then
742 hr_utility.set_location(l_proc, 100);
743 end if;
744 --
745 l_from_str := ' from per_security_profiles sec ';
746 --
747 l_cond_str := ' sec.view_all_organizations_flag = :l_all
748 and sec.view_all_positions_flag = :l_all
749 and sec.view_all_payrolls_flag = :l_all
750 and sec.custom_restriction_flag = :l_all
751 and sec.view_all_flag = :l_Restrict and ';
752 --
753 l_exec_str := l_inst_str||l_from_str||' where '||
754 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
755 --
756 if g_debug then
757 l_exec_str_print:= l_exec_str;
758 while length(l_exec_str_print)>0 loop
759 hr_utility.trace(substr(l_exec_str_print,1,70));
760 l_exec_str_print:=substr(l_exec_str_print,71);
761 end loop;
762 End if;
763 if p_generation_scope = 'ALL_GLOBAL' then
764 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
765 using
766 l_Restrict, --l_asgt_str
767 l_all, --l_asgt_str
768 l_Restrict, --l_asgt_str
769 l_all, --l_asgt_str
770 l_None, --l_asgt_str
771 l_all, --l_cond_str
772 l_all, --l_cond_str
773 l_all, --l_cond_str
774 l_all, --l_cond_str
775 l_Restrict, --l_cond_str
776 l_Restrict, --l_comm_str
777 l_true, --l_comm_str
778 l_U, --l_comm_str
779 l_FALSE, --l_comm_str
780 l_true, --l_comm_str
781 p_assignment_id, --l_comm_str
782 p_effective_date, --l_comm_str
783 l_true, --l_comm_str
784 l_person_id; --l_comm_str
785 else
786 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
787 using
788 l_business_group_id, --l_bggr_str
789 l_Restrict, --l_asgt_str
790 l_all, --l_asgt_str
791 l_Restrict, --l_asgt_str
792 l_all, --l_asgt_str
793 l_None, --l_asgt_str
794 l_all, --l_cond_str
795 l_all, --l_cond_str
796 l_all, --l_cond_str
797 l_all, --l_cond_str
798 l_Restrict, --l_cond_str
799 l_Restrict, --l_comm_str
800 l_true, --l_comm_str
801 l_U, --l_comm_str
802 l_FALSE, --l_comm_str
803 l_true, --l_comm_str
804 p_assignment_id, --l_comm_str
805 p_effective_date, --l_comm_str
806 l_true, --l_comm_str
807 l_person_id; --l_comm_str
808 end if;
809 add_to_cache;
810 --
811 exception
812 --
813 -- If no data found handle exception so that other
814 -- inserts can go ahead.
815 --
816 when no_data_found then
817 if g_debug then
818 hr_utility.set_location(l_proc, 110);
819 end if;
820 null;
821 when others then
822 if g_debug then
823 hr_utility.set_location(l_proc||sqlerrm, 120);
824 hr_utility.set_location(l_proc, 120);
825 end if;
826 raise;
827 end;
828 --
829 else -- position is null but payroll is not
830 --
831 -- add to all lists which have a matching org and payroll - C
832 -- regardless of position restriction.
833 --
834 begin
835 --
836 if g_debug then
837 hr_utility.set_location(l_proc, 130);
838 end if;
839 --
840 l_from_str := ' from per_security_profiles sec,
841 pay_payroll_list pay,
842 per_organization_list org ';
843 --
844 l_cond_str := ' org.security_profile_id = sec.security_profile_id
845 and pay.security_profile_id = sec.security_profile_id
846 and pay.security_profile_id = org.security_profile_id
847 and org.organization_id = :l_organization_id
848 and pay.payroll_id = :l_payroll_id
849 and sec.view_all_organizations_flag = :l_Restrict
850 and nvl(sec.top_organization_method, :l_S) <> :l_U
851 and sec.view_all_payrolls_flag = :l_Restrict and ';
852 --
853 l_exec_str := l_inst_str||l_from_str||' where '||
854 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
855 --
856 if g_debug then
857 l_exec_str_print:= l_exec_str;
858 while length(l_exec_str_print)>0 loop
859 hr_utility.trace(substr(l_exec_str_print,1,70));
860 l_exec_str_print:=substr(l_exec_str_print,71);
861 end loop;
862 End if;
863 if p_generation_scope = 'ALL_GLOBAL' then
864 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
865 using
866 l_Restrict, --l_asgt_str
867 l_all, --l_asgt_str
868 l_Restrict, --l_asgt_str
869 l_all, --l_asgt_str
870 l_None, --l_asgt_str
871 l_organization_id, --l_cond_str
872 l_payroll_id, --l_cond_str
873 l_Restrict, --l_cond_str
874 l_S, --l_cond_str
875 l_U, --l_cond_str
876 l_Restrict, --l_cond_str
877 l_Restrict, --l_comm_str
878 l_true, --l_comm_str
879 l_U, --l_comm_str
880 l_FALSE, --l_comm_str
881 l_true, --l_comm_str
882 p_assignment_id, --l_comm_str
883 p_effective_date, --l_comm_str
884 l_true, --l_comm_str
885 l_person_id; --l_comm_str
886 else
887 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
888 using
889 l_business_group_id, --l_bggr_str
890 l_Restrict, --l_asgt_str
891 l_all, --l_asgt_str
892 l_Restrict, --l_asgt_str
893 l_all, --l_asgt_str
894 l_None, --l_asgt_str
895 l_organization_id, --l_cond_str
896 l_payroll_id, --l_cond_str
897 l_Restrict, --l_cond_str
898 l_S, --l_cond_str
899 l_U, --l_cond_str
900 l_Restrict, --l_cond_str
901 l_Restrict, --l_comm_str
902 l_true, --l_comm_str
903 l_U, --l_comm_str
904 l_FALSE, --l_comm_str
905 l_true, --l_comm_str
906 p_assignment_id, --l_comm_str
907 p_effective_date, --l_comm_str
908 l_true, --l_comm_str
909 l_person_id; --l_comm_str
910 end if;
911 add_to_cache;
912 --
913 exception
914 --
915 -- If no data found handle exception so that other
916 -- inserts can go ahead.
917 --
918 when no_data_found then
919 if g_debug then
920 hr_utility.set_location(l_proc, 140);
921 end if;
922 null;
923 when others then
924 if g_debug then
925 hr_utility.set_location(l_proc||sqlerrm, 150);
926 hr_utility.set_location(l_proc, 150);
927 end if;
928 raise;
929 end;
930 --
931 -- add to lists which restrict by org and view all - D
932 -- payroll regardless of position restriction
933 begin
934 --
935 if g_debug then
936 hr_utility.set_location(l_proc, 160);
937 end if;
938 --
939 l_from_str := ' from per_security_profiles sec,
940 per_organization_list org ';
941 --
942 l_cond_str := ' org.security_profile_id = sec.security_profile_id
943 and org.organization_id = :l_organization_id
944 and sec.view_all_organizations_flag = :l_Restrict
945 and nvl(sec.top_organization_method, :l_S) <> :l_U
946 and sec.view_all_payrolls_flag = :l_all and ';
947 --
948 l_exec_str := l_inst_str||l_from_str||' where '||
949 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
950 --
951 if g_debug then
952 l_exec_str_print:= l_exec_str;
953 while length(l_exec_str_print)>0 loop
954 hr_utility.trace(substr(l_exec_str_print,1,70));
955 l_exec_str_print:=substr(l_exec_str_print,71);
956 end loop;
957 End if;
958 if p_generation_scope = 'ALL_GLOBAL' then
959 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
960 using
961 l_Restrict, --l_asgt_str
962 l_all, --l_asgt_str
963 l_Restrict, --l_asgt_str
964 l_all, --l_asgt_str
965 l_None, --l_asgt_str
966 l_organization_id, --l_cond_str
967 l_Restrict, --l_cond_str
968 l_S, --l_cond_str
969 l_U, --l_cond_str
970 l_all, --l_cond_str
971 l_Restrict, --l_comm_str
972 l_true, --l_comm_str
973 l_U, --l_comm_str
974 l_FALSE, --l_comm_str
975 l_true, --l_comm_str
976 p_assignment_id, --l_comm_str
977 p_effective_date, --l_comm_str
978 l_true, --l_comm_str
979 l_person_id; --l_comm_str
980 else
981 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
982 using
983 l_business_group_id, --l_bggr_str
984 l_Restrict, --l_asgt_str
985 l_all, --l_asgt_str
986 l_Restrict, --l_asgt_str
987 l_all, --l_asgt_str
988 l_None, --l_asgt_str
989 l_organization_id, --l_cond_str
990 l_Restrict, --l_cond_str
991 l_S, --l_cond_str
992 l_U, --l_cond_str
993 l_all, --l_cond_str
994 l_Restrict, --l_comm_str
995 l_true, --l_comm_str
996 l_U, --l_comm_str
997 l_FALSE, --l_comm_str
998 l_true, --l_comm_str
999 p_assignment_id, --l_comm_str
1000 p_effective_date, --l_comm_str
1001 l_true, --l_comm_str
1002 l_person_id; --l_comm_str
1003 end if;
1004 add_to_cache;
1005 --
1006 exception
1007 --
1008 -- If no data found handle exception so that other
1009 -- inserts can go ahead.
1010 --
1011 when no_data_found then
1012 if g_debug then
1013 hr_utility.set_location(l_proc, 170);
1014 end if;
1015 null;
1016 when others then
1017 if g_debug then
1018 hr_utility.set_location(l_proc||sqlerrm, 180);
1019 hr_utility.set_location(l_proc, 180);
1020 end if;
1021 raise;
1022 end;
1023 --
1024 -- add to lists which restrict by payroll and view all - F
1025 -- org regardless of position.
1026 --
1027 begin
1028 --
1029 if g_debug then
1030 hr_utility.set_location(l_proc, 190);
1031 end if;
1032 --
1033 l_from_str := ' from per_security_profiles sec,
1034 pay_payroll_list pay ';
1035 --
1036 l_cond_str := ' pay.security_profile_id = sec.security_profile_id
1037 and pay.payroll_id = :l_payroll_id
1038 and sec.view_all_organizations_flag = :l_all
1039 and sec.view_all_payrolls_flag = :l_Restrict and ';
1040 --
1041 l_exec_str := l_inst_str||l_from_str||' where '||
1042 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
1043 --
1044 if g_debug then
1045 l_exec_str_print:= l_exec_str;
1046 while length(l_exec_str_print)>0 loop
1047 hr_utility.trace(substr(l_exec_str_print,1,70));
1048 l_exec_str_print:=substr(l_exec_str_print,71);
1049 end loop;
1050 End if;
1051 if p_generation_scope = 'ALL_GLOBAL' then
1052 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1053 using
1054 l_Restrict, --l_asgt_str
1055 l_all, --l_asgt_str
1056 l_Restrict, --l_asgt_str
1057 l_all, --l_asgt_str
1058 l_None, --l_asgt_str
1059 l_payroll_id, --l_cond_str
1060 l_all, --l_cond_str
1061 l_Restrict, --l_cond_str
1062 l_Restrict, --l_comm_str
1063 l_true, --l_comm_str
1064 l_U, --l_comm_str
1065 l_FALSE, --l_comm_str
1066 l_true, --l_comm_str
1067 p_assignment_id, --l_comm_str
1068 p_effective_date, --l_comm_str
1069 l_true, --l_comm_str
1070 l_person_id; --l_comm_str
1071 else
1072 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1073 using
1074 l_business_group_id, --l_bggr_str
1075 l_Restrict, --l_asgt_str
1076 l_all, --l_asgt_str
1077 l_Restrict, --l_asgt_str
1078 l_all, --l_asgt_str
1079 l_None, --l_asgt_str
1080 l_payroll_id, --l_cond_str
1081 l_all, --l_cond_str
1082 l_Restrict, --l_cond_str
1083 l_Restrict, --l_comm_str
1084 l_true, --l_comm_str
1085 l_U, --l_comm_str
1086 l_FALSE, --l_comm_str
1087 l_true, --l_comm_str
1088 p_assignment_id, --l_comm_str
1089 p_effective_date, --l_comm_str
1090 l_true, --l_comm_str
1091 l_person_id; --l_comm_str
1092 end if;
1093 add_to_cache;
1094 --
1095 exception
1096 --
1097 -- If no data found handle exception so that other
1098 -- inserts can go ahead.
1099 --
1100 when no_data_found then
1101 if g_debug then
1102 hr_utility.set_location(l_proc, 200);
1103 end if;
1104 null;
1105 when others then
1106 if g_debug then
1107 hr_utility.set_location(l_proc||sqlerrm, 210);
1108 hr_utility.set_location(l_proc, 210);
1109 end if;
1110 raise;
1111 end;
1112 --
1113 -- add to lists which view all organization or payroll - E
1114 -- and restrict by position
1115 begin
1116 --
1117 if g_debug then
1118 hr_utility.set_location(l_proc, 220);
1119 end if;
1120 --
1121 l_from_str := ' from per_security_profiles sec ';
1122 --
1123 l_cond_str := ' sec.view_all_organizations_flag = :l_all
1124 and sec.view_all_payrolls_flag = :l_all
1125 and sec.view_all_positions_flag = :l_Restrict
1126 and nvl(sec.top_position_method, :l_S) <> :l_U
1127 and sec.view_all_flag = :l_Restrict and ';
1128 --
1129 l_exec_str := l_inst_str||l_from_str||' where '||
1130 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
1131 --
1132 if g_debug then
1133 l_exec_str_print:= l_exec_str;
1134 while length(l_exec_str_print)>0 loop
1135 hr_utility.trace(substr(l_exec_str_print,1,70));
1136 l_exec_str_print:=substr(l_exec_str_print,71);
1137 end loop;
1138 End if;
1139 if p_generation_scope = 'ALL_GLOBAL' then
1140 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1141 using
1142 l_Restrict, --l_asgt_str
1143 l_all, --l_asgt_str
1144 l_Restrict, --l_asgt_str
1145 l_all, --l_asgt_str
1146 l_None, --l_asgt_str
1147
1148 l_all, --l_cond_str
1149 l_all, --l_cond_str
1150 l_Restrict, --l_cond_str
1151 l_S, --l_cond_str
1152 l_U, --l_cond_str
1153 l_Restrict, --l_comm_str
1154
1155 l_Restrict, --l_comm_str
1156 l_true, --l_comm_str
1157 l_U, --l_comm_str
1158 l_FALSE, --l_comm_str
1159 l_true, --l_comm_str
1160 p_assignment_id, --l_comm_str
1161 p_effective_date, --l_comm_str
1162 l_true, --l_comm_str
1163 l_person_id --l_comm_str
1164 ;
1165 else
1166 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1167 using
1168 l_business_group_id, --l_bggr_str
1169 l_Restrict, --l_asgt_str
1170 l_all, --l_asgt_str
1171 l_Restrict, --l_asgt_str
1172 l_all, --l_asgt_str
1173 l_None, --l_asgt_str
1174
1175 l_all, --l_cond_str
1176 l_all, --l_cond_str
1177 l_Restrict, --l_cond_str
1178 l_S, --l_cond_str
1179 l_U, --l_cond_str
1180 l_Restrict, --l_comm_str
1181
1182 l_Restrict, --l_comm_str
1183 l_true, --l_comm_str
1184 l_U, --l_comm_str
1185 l_FALSE, --l_comm_str
1186 l_true, --l_comm_str
1187 p_assignment_id, --l_comm_str
1188 p_effective_date, --l_comm_str
1189 l_true, --l_comm_str
1190 l_person_id --l_comm_str
1191 ;
1192 end if;
1193 add_to_cache;
1194
1195 --add_to_cache (l_exec_str => l_exec_str);
1196 --
1197 exception
1198 --
1199 -- If no data found handle exception so that other
1200 -- inserts can go ahead.
1201 --
1202 when no_data_found then
1203 if g_debug then
1204 hr_utility.set_location(l_proc, 230);
1205 end if;
1206 null;
1207 when others then
1208 if g_debug then
1209 hr_utility.set_location(l_proc||sqlerrm, 240);
1210 hr_utility.set_location(l_proc, 240);
1211 end if;
1212 raise;
1213 end;
1214 --
1215 end if;
1216 --
1217 -- add to all lists which don't care about organization, - E1
1218 -- Position or Payroll but which do have a custom restriction.
1219 begin
1220 --
1221 if g_debug then
1222 hr_utility.set_location(l_proc, 250);
1223 end if;
1224 --
1225 l_from_str := ' from per_security_profiles sec ';
1226 --
1227 l_cond_str := ' sec.view_all_organizations_flag = :l_all
1228 and sec.view_all_positions_flag = :l_all
1229 and sec.view_all_payrolls_flag = :l_all
1230 and sec.custom_restriction_flag = :l_all
1231 and sec.view_all_flag = :l_Restrict and ';
1232 --
1233 l_exec_str := l_inst_str||l_from_str||' where '||
1234 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
1235 --
1236 if g_debug then
1237 l_exec_str_print:= l_exec_str;
1238 while length(l_exec_str_print)>0 loop
1239 hr_utility.trace(substr(l_exec_str_print,1,70));
1240 l_exec_str_print:=substr(l_exec_str_print,71);
1241 end loop;
1242 End if;
1243 if p_generation_scope = 'ALL_GLOBAL' then
1244 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1245 using
1246 l_Restrict, --l_asgt_str
1247 l_all, --l_asgt_str
1248 l_Restrict, --l_asgt_str
1249 l_all, --l_asgt_str
1250 l_None, --l_asgt_str
1251
1252 l_all, --l_cond_str
1253 l_all, --l_cond_str
1254 l_all, --l_cond_str
1255 l_all, --l_cond_str
1256 l_Restrict, --l_cond_str
1257
1258 l_Restrict, --l_comm_str
1259 l_true, --l_comm_str
1260 l_U, --l_comm_str
1261 l_FALSE, --l_comm_str
1262 l_true, --l_comm_str
1263 p_assignment_id, --l_comm_str
1264 p_effective_date, --l_comm_str
1265 l_true, --l_comm_str
1266 l_person_id --l_comm_str
1267 ;
1268 else
1269 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1270 using
1271 l_business_group_id, --l_bggr_str
1272 l_Restrict, --l_asgt_str
1273 l_all, --l_asgt_str
1274 l_Restrict, --l_asgt_str
1275 l_all, --l_asgt_str
1276 l_None, --l_asgt_str
1277
1278 l_all, --l_cond_str
1279 l_all, --l_cond_str
1280 l_all, --l_cond_str
1281 l_all, --l_cond_str
1282 l_Restrict, --l_cond_str
1283
1284 l_Restrict, --l_comm_str
1285 l_true, --l_comm_str
1286 l_U, --l_comm_str
1287 l_FALSE, --l_comm_str
1288 l_true, --l_comm_str
1289 p_assignment_id, --l_comm_str
1290 p_effective_date, --l_comm_str
1291 l_true, --l_comm_str
1292 l_person_id --l_comm_str
1293 ;
1294 end if;
1295 add_to_cache;
1296 --
1297 exception
1298 --
1299 -- If no data found handle exception so that other
1300 -- inserts can go ahead.
1301 --
1302 when no_data_found then
1303 if g_debug then
1304 hr_utility.set_location(l_proc, 260);
1305 end if;
1306 null;
1307 when others then
1308 if g_debug then
1309 hr_utility.set_location(l_proc||sqlerrm, 270);
1310 hr_utility.set_location(l_proc, 270);
1311 end if;
1312 raise;
1313 end;
1314 --
1315 else -- position is not null
1316 --
1317 if l_payroll_id is null then
1318 -- position is not null but payroll is
1319 --
1320 -- add to lists which restrict by position and organization - G
1321 -- regardless of payroll restriction
1322 --
1323 begin
1324 --
1325 if g_debug then
1326 hr_utility.set_location(l_proc, 280);
1327 end if;
1328 --
1329 l_from_str := ' from per_security_profiles sec,
1330 per_position_list posl,
1331 per_organization_list org ';
1332 --
1333 -- Modified for bug 11737636
1334 l_cond_str := ' org.security_profile_id = sec.security_profile_id
1335 and posl.security_profile_id = sec.security_profile_id
1336 and posl.security_profile_id = org.security_profile_id
1337 and org.organization_id = :l_organization_id
1338 and posl.position_id = :l_position_id
1339 and sec.view_all_organizations_flag = :l_Restrict
1340 and nvl(sec.top_organization_method, :l_S) <> :l_U
1341 and sec.view_all_positions_flag = :l_Restrict
1342 and nvl(sec.top_position_method, :l_S) <> :l_U
1343 and sec.VIEW_ALL_PAYROLLS_FLAG <> :l_Restrict
1344 and ';
1345 --
1346 l_exec_str := l_inst_str||l_from_str||' where '||
1347 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
1348 --
1349 if g_debug then
1350 l_exec_str_print:= l_exec_str;
1351 while length(l_exec_str_print)>0 loop
1352 hr_utility.trace(substr(l_exec_str_print,1,70));
1353 l_exec_str_print:=substr(l_exec_str_print,71);
1354 end loop;
1355 End if;
1356 if p_generation_scope = 'ALL_GLOBAL' then
1357 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1358 using
1359 l_Restrict, --l_asgt_str
1360 l_all, --l_asgt_str
1361 l_Restrict, --l_asgt_str
1362 l_all, --l_asgt_str
1363 l_None, --l_asgt_str
1364
1365 l_organization_id, --l_cond_str
1366 l_position_id, --l_cond_str
1367 l_Restrict, --l_cond_str
1368 l_S, --l_cond_str
1369 l_U, --l_cond_str
1370 l_Restrict, --l_cond_str
1371 l_S, --l_cond_str
1372 l_U, --l_cond_str
1373 l_Restrict, --l_cond_str -- added for bug 11737636
1374
1375 l_Restrict, --l_comm_str
1376 l_true, --l_comm_str
1377 l_U, --l_comm_str
1378 l_FALSE, --l_comm_str
1379 l_true, --l_comm_str
1380 p_assignment_id, --l_comm_str
1381 p_effective_date, --l_comm_str
1382 l_true, --l_comm_str
1383 l_person_id --l_comm_str
1384 ;
1385 else
1386 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1387 using
1388 l_business_group_id, --l_bggr_str
1389 l_Restrict, --l_asgt_str
1390 l_all, --l_asgt_str
1391 l_Restrict, --l_asgt_str
1392 l_all, --l_asgt_str
1393 l_None, --l_asgt_str
1394
1395 l_organization_id, --l_cond_str
1396 l_position_id, --l_cond_str
1397 l_Restrict, --l_cond_str
1398 l_S, --l_cond_str
1399 l_U, --l_cond_str
1400 l_Restrict, --l_cond_str
1401 l_S, --l_cond_str
1402 l_U, --l_cond_str
1403 l_Restrict, --l_cond_str -- added for bug 11737636
1404
1405 l_Restrict, --l_comm_str
1406 l_true, --l_comm_str
1407 l_U, --l_comm_str
1408 l_FALSE, --l_comm_str
1409 l_true, --l_comm_str
1410 p_assignment_id, --l_comm_str
1411 p_effective_date, --l_comm_str
1412 l_true, --l_comm_str
1413 l_person_id --l_comm_str
1414 ;
1415 end if;
1416 add_to_cache;
1417 --
1418 exception
1419 --
1420 -- If no data found handle exception so that other
1421 -- inserts can go ahead.
1422 --
1423 when no_data_found then
1424 if g_debug then
1425 hr_utility.set_location(l_proc, 290);
1426 end if;
1427 null;
1428 when others then
1429 if g_debug then
1430 hr_utility.set_location(l_proc||sqlerrm, 300);
1431 hr_utility.set_location(l_proc, 300);
1432 end if;
1433 raise;
1434 end;
1435 --
1436 -- add to lists which restrict by org and view all - H
1437 -- pos regardless of payroll
1438 --
1439 begin
1440 --
1441 if g_debug then
1442 hr_utility.set_location(l_proc, 310);
1443 end if;
1444 --
1445 l_from_str := ' from per_security_profiles sec,
1446 per_organization_list org ';
1447 -- Changed for bug 11737636
1448 l_cond_str := ' org.security_profile_id = sec.security_profile_id
1449 and org.organization_id = :l_organization_id
1450 and sec.view_all_organizations_flag = :l_Restrict
1451 and nvl(sec.top_organization_method, :l_S) <> :l_U
1452 and sec.view_all_positions_flag = :l_all
1453 and sec.VIEW_ALL_PAYROLLS_FLAG <> :l_Restrict
1454 and ';
1455 --
1456 l_exec_str := l_inst_str||l_from_str||' where '||
1457 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
1458 --
1459 if g_debug then
1460 l_exec_str_print:= l_exec_str;
1461 while length(l_exec_str_print)>0 loop
1462 hr_utility.trace(substr(l_exec_str_print,1,70));
1463 l_exec_str_print:=substr(l_exec_str_print,71);
1464 end loop;
1465 End if;
1466 if p_generation_scope = 'ALL_GLOBAL' then
1467 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1468 using
1469 l_Restrict, --l_asgt_str
1470 l_all, --l_asgt_str
1471 l_Restrict, --l_asgt_str
1472 l_all, --l_asgt_str
1473 l_None, --l_asgt_str
1474
1475 l_organization_id, --l_cond_str
1476 l_Restrict, --l_cond_str
1477 l_S, --l_cond_str
1478 l_U, --l_cond_str
1479 l_all, ----l_cond_str
1480 l_Restrict, -- l_cond_str -- Added for bug 11737636
1481
1482 l_Restrict, --l_comm_str
1483 l_true, --l_comm_str
1484 l_U, --l_comm_str
1485 l_FALSE, --l_comm_str
1486 l_true, --l_comm_str
1487 p_assignment_id, --l_comm_str
1488 p_effective_date, --l_comm_str
1489 l_true, --l_comm_str
1490 l_person_id --l_comm_str
1491 ;
1492 else
1493 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1494 using
1495 l_business_group_id, --l_bggr_str
1496 l_Restrict, --l_asgt_str
1497 l_all, --l_asgt_str
1498 l_Restrict, --l_asgt_str
1499 l_all, --l_asgt_str
1500 l_None, --l_asgt_str
1501
1502 l_organization_id, --l_cond_str
1503 l_Restrict, --l_cond_str
1504 l_S, --l_cond_str
1505 l_U, --l_cond_str
1506 l_all, ----l_cond_str
1507 l_Restrict, -- l_cond_str -- Added for bug 11737636
1508
1509 l_Restrict, --l_comm_str
1510 l_true, --l_comm_str
1511 l_U, --l_comm_str
1512 l_FALSE, --l_comm_str
1513 l_true, --l_comm_str
1514 p_assignment_id, --l_comm_str
1515 p_effective_date, --l_comm_str
1516 l_true, --l_comm_str
1517 l_person_id --l_comm_str
1518 ;
1519 end if;
1520 add_to_cache;
1521 --
1522 exception
1523 --
1524 -- If no data found handle exception so that other
1525 -- inserts can go ahead.
1526 --
1527 when no_data_found then
1528 if g_debug then
1529 hr_utility.set_location(l_proc, 320);
1530 end if;
1531 null;
1532 when others then
1533 if g_debug then
1534 hr_utility.set_location(l_proc||sqlerrm, 330);
1535 hr_utility.set_location(l_proc, 330);
1536 end if;
1537 raise;
1538 end;
1539 --
1540 -- add to lists which view all org and view all - I
1541 -- pos and restrict by payroll
1542 begin
1543 --
1544 if g_debug then
1545 hr_utility.set_location(l_proc, 340);
1546 end if;
1547 --
1548 l_from_str := ' from per_security_profiles sec ';
1549 -- Changed for bug 11737636
1550 l_cond_str := ' sec.view_all_organizations_flag = :l_all
1551 and sec.view_all_positions_flag = :l_all
1552 and sec.view_all_payrolls_flag <> :l_Restrict and ';
1553 --
1554 l_exec_str := l_inst_str||l_from_str||' where '||
1555 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
1556 --
1557 if g_debug then
1558 l_exec_str_print:= l_exec_str;
1559 while length(l_exec_str_print)>0 loop
1560 hr_utility.trace(substr(l_exec_str_print,1,70));
1561 l_exec_str_print:=substr(l_exec_str_print,71);
1562 end loop;
1563 End if;
1564 if p_generation_scope = 'ALL_GLOBAL' then
1565 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1566 using
1567 l_Restrict, --l_asgt_str
1568 l_all, --l_asgt_str
1569 l_Restrict, --l_asgt_str
1570 l_all, --l_asgt_str
1571 l_None, --l_asgt_str
1572
1573 l_all, ----l_cond_str
1574 l_all, ----l_cond_str
1575 l_Restrict, --l_cond_str
1576
1577 l_Restrict, --l_comm_str
1578 l_true, --l_comm_str
1579 l_U, --l_comm_str
1580 l_FALSE, --l_comm_str
1581 l_true, --l_comm_str
1582 p_assignment_id, --l_comm_str
1583 p_effective_date, --l_comm_str
1584 l_true, --l_comm_str
1585 l_person_id --l_comm_str
1586 ;
1587 else
1588 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1589 using
1590 l_business_group_id, --l_bggr_str
1591 l_Restrict, --l_asgt_str
1592 l_all, --l_asgt_str
1593 l_Restrict, --l_asgt_str
1594 l_all, --l_asgt_str
1595 l_None, --l_asgt_str
1596
1597 l_all, ----l_cond_str
1598 l_all, ----l_cond_str
1599 l_Restrict, --l_cond_str
1600
1601 l_Restrict, --l_comm_str
1602 l_true, --l_comm_str
1603 l_U, --l_comm_str
1604 l_FALSE, --l_comm_str
1605 l_true, --l_comm_str
1606 p_assignment_id, --l_comm_str
1607 p_effective_date, --l_comm_str
1608 l_true, --l_comm_str
1609 l_person_id --l_comm_str
1610 ;
1611 end if;
1612 add_to_cache;
1613 --
1614 exception
1615 --
1616 -- If no data found handle exception so that other
1617 -- inserts can go ahead.
1618 --
1619 when no_data_found then
1620 if g_debug then
1621 hr_utility.set_location(l_proc, 350);
1622 end if;
1623 null;
1624 when others then
1625 if g_debug then
1626 hr_utility.set_location(l_proc||sqlerrm, 360);
1627 hr_utility.set_location(l_proc, 360);
1628 end if;
1629 raise;
1630 end;
1631 --
1632 -- add to lists which view all org, restrict by pos - J
1633 -- regardless of payroll
1634 begin
1635 --
1636 if g_debug then
1637 hr_utility.set_location(l_proc, 370);
1638 end if;
1639 --
1640 l_from_str := ' from per_security_profiles sec,
1641 per_position_list posl ';
1642 --
1643 l_cond_str := ' posl.security_profile_id = sec.security_profile_id
1644 and posl.position_id = :l_position_id
1645 and sec.view_all_organizations_flag = :l_all
1646 and sec.view_all_positions_flag = :l_Restrict
1647 and nvl(sec.top_position_method, :l_S) <> :l_U
1648 and sec.view_all_flag = :l_Restrict
1649 and sec.business_group_id = :l_business_group_id
1650 and sec.VIEW_ALL_PAYROLLS_FLAG <> :l_Restrict
1651 and ';
1652 --
1653 l_exec_str := l_inst_str||l_from_str||' where '||
1654 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
1655 --
1656 if g_debug then
1657 l_exec_str_print:= l_exec_str;
1658 while length(l_exec_str_print)>0 loop
1659 hr_utility.trace(substr(l_exec_str_print,1,70));
1660 l_exec_str_print:=substr(l_exec_str_print,71);
1661 end loop;
1662 End if;
1663 if p_generation_scope = 'ALL_GLOBAL' then
1664 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1665 using
1666 l_Restrict, --l_asgt_str
1667 l_all, --l_asgt_str
1668 l_Restrict, --l_asgt_str
1669 l_all, --l_asgt_str
1670 l_None, --l_asgt_str
1671
1672 l_position_id, ----l_cond_str
1673 l_all, ----l_cond_str
1674 l_Restrict, --l_cond_str
1675 l_S, --l_cond_str
1676 l_U, --l_cond_str
1677 l_Restrict, --l_cond_str
1678 l_business_group_id, --l_cond_str
1679 l_Restrict, -- l_cond_str -- Added for bug 11737636
1680
1681 l_Restrict, --l_comm_str
1682 l_true, --l_comm_str
1683 l_U, --l_comm_str
1684 l_FALSE, --l_comm_str
1685 l_true, --l_comm_str
1686 p_assignment_id, --l_comm_str
1687 p_effective_date, --l_comm_str
1688 l_true, --l_comm_str
1689 l_person_id --l_comm_str
1690 ;
1691 else
1692 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1693 using
1694 l_business_group_id, --l_bggr_str
1695 l_Restrict, --l_asgt_str
1696 l_all, --l_asgt_str
1697 l_Restrict, --l_asgt_str
1698 l_all, --l_asgt_str
1699 l_None, --l_asgt_str
1700
1701 l_position_id, ----l_cond_str
1702 l_all, ----l_cond_str
1703 l_Restrict, --l_cond_str
1704 l_S, --l_cond_str
1705 l_U, --l_cond_str
1706 l_Restrict, --l_cond_str
1707 l_business_group_id, --l_cond_str
1708 l_Restrict, -- l_cond_str -- Added for bug 11737636
1709
1710 l_Restrict, --l_comm_str
1711 l_true, --l_comm_str
1712 l_U, --l_comm_str
1713 l_FALSE, --l_comm_str
1714 l_true, --l_comm_str
1715 p_assignment_id, --l_comm_str
1716 p_effective_date, --l_comm_str
1717 l_true, --l_comm_str
1718 l_person_id --l_comm_str
1719 ;
1720 end if;
1721 add_to_cache;
1722 --
1723 exception
1724 --
1725 -- If no data found handle exception so that other
1726 -- inserts can go ahead.
1727 --
1728 when no_data_found then
1729 if g_debug then
1730 hr_utility.set_location(l_proc, 380);
1731 end if;
1732 null;
1733 when others then
1734 if g_debug then
1735 hr_utility.set_location(l_proc||sqlerrm, 390);
1736 hr_utility.set_location(l_proc, 390);
1737 end if;
1738 raise;
1739 end;
1740 --
1741 -- add to all lists which don't care about organization, - J1
1742 -- Position or Payroll but which do have a custom restriction.
1743 begin
1744 --
1745 if g_debug then
1746 hr_utility.set_location(l_proc, 400);
1747 end if;
1748 --
1749 l_from_str := ' from per_security_profiles sec ';
1750 --
1751 l_cond_str := ' sec.view_all_organizations_flag = :l_all
1752 and sec.view_all_positions_flag = :l_all
1753 and sec.view_all_payrolls_flag = :l_all
1754 and sec.custom_restriction_flag = :l_all
1755 and sec.view_all_flag = :l_Restrict and ';
1756 --
1757 l_exec_str := l_inst_str||l_from_str||' where '||
1758 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
1759 --
1760 if g_debug then
1761 l_exec_str_print:= l_exec_str;
1762 while length(l_exec_str_print)>0 loop
1763 hr_utility.trace(substr(l_exec_str_print,1,70));
1764 l_exec_str_print:=substr(l_exec_str_print,71);
1765 end loop;
1766 End if;
1767 if p_generation_scope = 'ALL_GLOBAL' then
1768 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1769 using
1770 l_Restrict, --l_asgt_str
1771 l_all, --l_asgt_str
1772 l_Restrict, --l_asgt_str
1773 l_all, --l_asgt_str
1774 l_None, --l_asgt_str
1775
1776 l_all, ----l_cond_str
1777 l_all, ----l_cond_str
1778 l_all, ----l_cond_str
1779 l_all, ----l_cond_str
1780 l_Restrict, --l_cond_str
1781
1782 l_Restrict, --l_comm_str
1783 l_true, --l_comm_str
1784 l_U, --l_comm_str
1785 l_FALSE, --l_comm_str
1786 l_true, --l_comm_str
1787 p_assignment_id, --l_comm_str
1788 p_effective_date, --l_comm_str
1789 l_true, --l_comm_str
1790 l_person_id --l_comm_str
1791 ;
1792 else
1793 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1794 using
1795 l_business_group_id, --l_bggr_str
1796 l_Restrict, --l_asgt_str
1797 l_all, --l_asgt_str
1798 l_Restrict, --l_asgt_str
1799 l_all, --l_asgt_str
1800 l_None, --l_asgt_str
1801
1802 l_all, ----l_cond_str
1803 l_all, ----l_cond_str
1804 l_all, ----l_cond_str
1805 l_all, ----l_cond_str
1806 l_Restrict, --l_cond_str
1807
1808 l_Restrict, --l_comm_str
1809 l_true, --l_comm_str
1810 l_U, --l_comm_str
1811 l_FALSE, --l_comm_str
1812 l_true, --l_comm_str
1813 p_assignment_id, --l_comm_str
1814 p_effective_date, --l_comm_str
1815 l_true, --l_comm_str
1816 l_person_id --l_comm_str
1817 ;
1818 end if;
1819 add_to_cache;
1820 --
1821 exception
1822 --
1823 -- If no data found handle exception so that other
1824 -- inserts can go ahead.
1825 --
1826 when no_data_found then
1827 if g_debug then
1828 hr_utility.set_location(l_proc, 410);
1829 end if;
1830 null;
1831 when others then
1832 if g_debug then
1833 hr_utility.set_location(l_proc||sqlerrm, 420);
1834 hr_utility.set_location(l_proc, 420);
1835 end if;
1836 raise;
1837 end;
1838 --
1839 else -- position and payroll are not null
1840 --
1841 -- add to lists which restrict by Org, Pos and Payroll - K
1842 --
1843 begin
1844 --
1845 if g_debug then
1846 hr_utility.set_location(l_proc, 430);
1847 end if;
1848 --
1849 l_from_str := ' from per_security_profiles sec,
1850 pay_payroll_list pay,
1851 per_position_list posl,
1852 per_organization_list org ';
1853 --
1854 l_cond_str := ' org.security_profile_id = sec.security_profile_id
1855 and posl.security_profile_id = sec.security_profile_id
1856 and pay.security_profile_id = sec.security_profile_id
1857 and pay.security_profile_id = posl.security_profile_id
1858 and pay.security_profile_id = org.security_profile_id
1859 and org.security_profile_id = posl.security_profile_id
1860 and org.organization_id = :l_organization_id
1861 and posl.position_id = :l_position_id
1862 and pay.payroll_id = :l_payroll_id
1863 and sec.view_all_organizations_flag = :l_Restrict
1864 and nvl(sec.top_organization_method, :l_S) <> :l_U
1865 and sec.view_all_positions_flag = :l_Restrict
1866 and nvl(sec.top_position_method, :l_S) <> :l_U
1867 and sec.view_all_payrolls_flag = :l_Restrict and ';
1868 --
1869 l_exec_str := l_inst_str||l_from_str||' where '||
1870 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
1871 --
1872 if g_debug then
1873 l_exec_str_print:= l_exec_str;
1874 while length(l_exec_str_print)>0 loop
1875 hr_utility.trace(substr(l_exec_str_print,1,70));
1876 l_exec_str_print:=substr(l_exec_str_print,71);
1877 end loop;
1878 End if;
1879 if p_generation_scope = 'ALL_GLOBAL' then
1880 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1881 using
1882 l_Restrict, --l_asgt_str
1883 l_all, --l_asgt_str
1884 l_Restrict, --l_asgt_str
1885 l_all, --l_asgt_str
1886 l_None, --l_asgt_str
1887
1888 l_organization_id, ----l_cond_str
1889 l_position_id, ----l_cond_str
1890 l_payroll_id, ----l_cond_str
1891 l_Restrict, ----l_cond_str
1892 l_S, --l_cond_str
1893 l_U, --l_cond_str
1894 l_Restrict,
1895 l_S, --l_cond_str
1896 l_U, --l_cond_str
1897 l_Restrict, --l_cond_str
1898
1899 l_Restrict, --l_comm_str
1900 l_true, --l_comm_str
1901 l_U, --l_comm_str
1902 l_FALSE, --l_comm_str
1903 l_true, --l_comm_str
1904 p_assignment_id, --l_comm_str
1905 p_effective_date, --l_comm_str
1906 l_true, --l_comm_str
1907 l_person_id --l_comm_str
1908 ;
1909 else
1910 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1911 using
1912 l_business_group_id, --l_bggr_str
1913 l_Restrict, --l_asgt_str
1914 l_all, --l_asgt_str
1915 l_Restrict, --l_asgt_str
1916 l_all, --l_asgt_str
1917 l_None, --l_asgt_str
1918
1919 l_organization_id, ----l_cond_str
1920 l_position_id, ----l_cond_str
1921 l_payroll_id, ----l_cond_str
1922 l_Restrict, ----l_cond_str
1923 l_S, --l_cond_str
1924 l_U, --l_cond_str
1925 l_Restrict,
1926 l_S, --l_cond_str
1927 l_U, --l_cond_str
1928 l_Restrict, --l_cond_str
1929
1930 l_Restrict, --l_comm_str
1931 l_true, --l_comm_str
1932 l_U, --l_comm_str
1933 l_FALSE, --l_comm_str
1934 l_true, --l_comm_str
1935 p_assignment_id, --l_comm_str
1936 p_effective_date, --l_comm_str
1937 l_true, --l_comm_str
1938 l_person_id --l_comm_str
1939 ;
1940 end if;
1941 add_to_cache;
1942 --
1943 exception
1944 --
1945 -- If no data found handle exception so that other
1946 -- inserts can go ahead.
1947 --
1948 when no_data_found then
1949 if g_debug then
1950 hr_utility.set_location(l_proc, 440);
1951 end if;
1952 null;
1953 when others then
1954 if g_debug then
1955 hr_utility.set_location(l_proc||sqlerrm, 450);
1956 hr_utility.set_location(l_proc, 450);
1957 end if;
1958 raise;
1959 end;
1960 --
1961 -- add to lists which restrict by Org and Pos and view all - L
1962 -- payroll
1963 --
1964 begin
1965 --
1966 if g_debug then
1967 hr_utility.set_location(l_proc, 460);
1968 end if;
1969 --
1970 l_from_str := ' from per_security_profiles sec,
1971 per_position_list posl,
1972 per_organization_list org ';
1973 --
1974 l_cond_str := ' org.security_profile_id = sec.security_profile_id
1975 and posl.security_profile_id = sec.security_profile_id
1976 and posl.security_profile_id = org.security_profile_id
1977 and org.organization_id = :l_organization_id
1978 and posl.position_id = :l_position_id
1979 and sec.view_all_organizations_flag = :l_Restrict
1980 and nvl(sec.top_organization_method, :l_S) <> :l_U
1981 and sec.view_all_positions_flag = :l_Restrict
1982 and nvl(sec.top_position_method, :l_S) <> :l_U
1983 and sec.view_all_payrolls_flag = :l_all and ';
1984 --
1985 l_exec_str := l_inst_str||l_from_str||' where '||
1986 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
1987 --
1988 if g_debug then
1989 l_exec_str_print:= l_exec_str;
1990 while length(l_exec_str_print)>0 loop
1991 hr_utility.trace(substr(l_exec_str_print,1,70));
1992 l_exec_str_print:=substr(l_exec_str_print,71);
1993 end loop;
1994 End if;
1995 if p_generation_scope = 'ALL_GLOBAL' then
1996 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
1997 using
1998 l_Restrict, --l_asgt_str
1999 l_all, --l_asgt_str
2000 l_Restrict, --l_asgt_str
2001 l_all, --l_asgt_str
2002 l_None, --l_asgt_str
2003
2004 l_organization_id, ----l_cond_str
2005 l_position_id, ----l_cond_str
2006 l_Restrict, ----l_cond_str
2007 l_S, --l_cond_str
2008 l_U, --l_cond_str
2009 l_Restrict,
2010 l_S, --l_cond_str
2011 l_U, --l_cond_str
2012 l_all, --l_cond_str
2013
2014 l_Restrict, --l_comm_str
2015 l_true, --l_comm_str
2016 l_U, --l_comm_str
2017 l_FALSE, --l_comm_str
2018 l_true, --l_comm_str
2019 p_assignment_id, --l_comm_str
2020 p_effective_date, --l_comm_str
2021 l_true, --l_comm_str
2022 l_person_id --l_comm_str
2023 ;
2024 else
2025 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2026 using
2027 l_business_group_id, --l_bggr_str
2028 l_Restrict, --l_asgt_str
2029 l_all, --l_asgt_str
2030 l_Restrict, --l_asgt_str
2031 l_all, --l_asgt_str
2032 l_None, --l_asgt_str
2033
2034 l_organization_id, ----l_cond_str
2035 l_position_id, ----l_cond_str
2036 l_Restrict, ----l_cond_str
2037 l_S, --l_cond_str
2038 l_U, --l_cond_str
2039 l_Restrict,
2040 l_S, --l_cond_str
2041 l_U, --l_cond_str
2042 l_all, --l_cond_str
2043
2044 l_Restrict, --l_comm_str
2045 l_true, --l_comm_str
2046 l_U, --l_comm_str
2047 l_FALSE, --l_comm_str
2048 l_true, --l_comm_str
2049 p_assignment_id, --l_comm_str
2050 p_effective_date, --l_comm_str
2051 l_true, --l_comm_str
2052 l_person_id --l_comm_str
2053 ;
2054 end if;
2055 add_to_cache;
2056 --
2057 exception
2058 --
2059 -- If no data found handle exception so that other
2060 -- inserts can go ahead.
2061 --
2062 when no_data_found then
2063 if g_debug then
2064 hr_utility.set_location(l_proc, 470);
2065 end if;
2066 null;
2067 when others then
2068 if g_debug then
2069 hr_utility.set_location(l_proc||sqlerrm, 480);
2070 hr_utility.set_location(l_proc, 480);
2071 end if;
2072 raise;
2073 end;
2074 --
2075 -- add to lists which restrict by org and payroll and view all - M
2076 -- positions
2077 --
2078 begin
2079 --
2080 if g_debug then
2081 hr_utility.set_location(l_proc, 490);
2082 end if;
2083 --
2084 l_from_str := ' from per_security_profiles sec,
2085 pay_payroll_list pay,
2086 per_organization_list org ';
2087 --
2088 l_cond_str := ' org.security_profile_id = sec.security_profile_id
2089 and pay.security_profile_id = sec.security_profile_id
2090 and org.organization_id = :l_organization_id
2091 and pay.payroll_id = :l_payroll_id
2092 and sec.view_all_organizations_flag = :l_Restrict
2093 and nvl(sec.top_organization_method, :l_S) <> :l_U
2094 and sec.view_all_positions_flag = :l_all
2095 and sec.view_all_payrolls_flag = :l_Restrict and ';
2096 --
2097 l_exec_str := l_inst_str||l_from_str||' where '||
2098 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
2099 --
2100 if g_debug then
2101 l_exec_str_print:= l_exec_str;
2102 while length(l_exec_str_print)>0 loop
2103 hr_utility.trace(substr(l_exec_str_print,1,70));
2104 l_exec_str_print:=substr(l_exec_str_print,71);
2105 end loop;
2106 End if;
2107 if p_generation_scope = 'ALL_GLOBAL' then
2108 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2109 using
2110 l_Restrict, --l_asgt_str
2111 l_all, --l_asgt_str
2112 l_Restrict, --l_asgt_str
2113 l_all, --l_asgt_str
2114 l_None, --l_asgt_str
2115
2116 l_organization_id, ----l_cond_str
2117 l_payroll_id, ----l_cond_str
2118 l_Restrict, ----l_cond_str
2119 l_S, --l_cond_str
2120 l_U, --l_cond_str
2121 l_all,
2122 l_Restrict, --l_cond_str
2123
2124 l_Restrict, --l_comm_str
2125 l_true, --l_comm_str
2126 l_U, --l_comm_str
2127 l_FALSE, --l_comm_str
2128 l_true, --l_comm_str
2129 p_assignment_id, --l_comm_str
2130 p_effective_date, --l_comm_str
2131 l_true, --l_comm_str
2132 l_person_id --l_comm_str
2133 ;
2134 else
2135 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2136 using
2137 l_business_group_id, --l_bggr_str
2138 l_Restrict, --l_asgt_str
2139 l_all, --l_asgt_str
2140 l_Restrict, --l_asgt_str
2141 l_all, --l_asgt_str
2142 l_None, --l_asgt_str
2143
2144 l_organization_id, ----l_cond_str
2145 l_payroll_id, ----l_cond_str
2146 l_Restrict, ----l_cond_str
2147 l_S, --l_cond_str
2148 l_U, --l_cond_str
2149 l_all,
2150 l_Restrict, --l_cond_str
2151
2152 l_Restrict, --l_comm_str
2153 l_true, --l_comm_str
2154 l_U, --l_comm_str
2155 l_FALSE, --l_comm_str
2156 l_true, --l_comm_str
2157 p_assignment_id, --l_comm_str
2158 p_effective_date, --l_comm_str
2159 l_true, --l_comm_str
2160 l_person_id --l_comm_str
2161 ;
2162 end if;
2163 add_to_cache;
2164 --
2165 exception
2166 --
2167 -- If no data found handle exception so that other
2168 -- inserts can go ahead.
2169 --
2170 when no_data_found then
2171 if g_debug then
2172 hr_utility.set_location(l_proc, 500);
2173 end if;
2174 null;
2175 when others then
2176 if g_debug then
2177 hr_utility.set_location(l_proc||sqlerrm, 510);
2178 hr_utility.set_location(l_proc, 510);
2179 end if;
2180 raise;
2181 end;
2182 --
2183 -- add to lists which restrict by pos and pay and view all - O
2184 -- org
2185 --
2186 begin
2187 --
2188 if g_debug then
2189 hr_utility.set_location(l_proc, 520);
2190 end if;
2191 --
2192 l_from_str := ' from per_security_profiles sec,
2193 pay_payroll_list pay,
2194 per_position_list posl ';
2195 --
2196 l_cond_str := ' posl.security_profile_id = sec.security_profile_id
2197 and pay.security_profile_id = sec.security_profile_id
2198 and pay.security_profile_id = posl.security_profile_id
2199 and posl.position_id = :l_position_id
2200 and pay.payroll_id = :l_payroll_id
2201 and sec.view_all_organizations_flag = :l_all
2202 and sec.view_all_positions_flag = :l_Restrict
2203 and nvl(sec.top_position_method, :l_S) <> :l_U
2204 and sec.view_all_payrolls_flag = :l_Restrict and ';
2205 --
2206 l_exec_str := l_inst_str||l_from_str||' where '||
2207 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
2208 --
2209 if g_debug then
2210 l_exec_str_print:= l_exec_str;
2211 while length(l_exec_str_print)>0 loop
2212 hr_utility.trace(substr(l_exec_str_print,1,70));
2213 l_exec_str_print:=substr(l_exec_str_print,71);
2214 end loop;
2215 End if;
2216 if p_generation_scope = 'ALL_GLOBAL' then
2217 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2218 using
2219 l_Restrict, --l_asgt_str
2220 l_all, --l_asgt_str
2221 l_Restrict, --l_asgt_str
2222 l_all, --l_asgt_str
2223 l_None, --l_asgt_str
2224
2225 l_position_id, ----l_cond_str
2226 l_payroll_id, ----l_cond_str
2227 l_all,
2228 l_Restrict, ----l_cond_str
2229 l_S, --l_cond_str
2230 l_U, --l_cond_str
2231 l_Restrict, --l_cond_str
2232
2233 l_Restrict, --l_comm_str
2234 l_true, --l_comm_str
2235 l_U, --l_comm_str
2236 l_FALSE, --l_comm_str
2237 l_true, --l_comm_str
2238 p_assignment_id, --l_comm_str
2239 p_effective_date, --l_comm_str
2240 l_true, --l_comm_str
2241 l_person_id --l_comm_str
2242 ;
2243 else
2244 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2245 using
2246 l_business_group_id, --l_bggr_str
2247 l_Restrict, --l_asgt_str
2248 l_all, --l_asgt_str
2249 l_Restrict, --l_asgt_str
2250 l_all, --l_asgt_str
2251 l_None, --l_asgt_str
2252
2253 l_position_id, ----l_cond_str
2254 l_payroll_id, ----l_cond_str
2255 l_all,
2256 l_Restrict, ----l_cond_str
2257 l_S, --l_cond_str
2258 l_U, --l_cond_str
2259 l_Restrict, --l_cond_str
2260
2261 l_Restrict, --l_comm_str
2262 l_true, --l_comm_str
2263 l_U, --l_comm_str
2264 l_FALSE, --l_comm_str
2265 l_true, --l_comm_str
2266 p_assignment_id, --l_comm_str
2267 p_effective_date, --l_comm_str
2268 l_true, --l_comm_str
2269 l_person_id --l_comm_str
2270 ;
2271 end if;
2272 add_to_cache;
2273 --
2274 exception
2275 --
2276 -- If no data found handle exception so that other
2277 -- inserts can go ahead.
2278 --
2279 when no_data_found then
2280 if g_debug then
2281 hr_utility.set_location(l_proc, 530);
2282 end if;
2283 null;
2284 when others then
2285 if g_debug then
2286 hr_utility.set_location(l_proc||sqlerrm, 540);
2287 hr_utility.set_location(l_proc, 540);
2288 end if;
2289 raise;
2290 end;
2291 --
2292 -- add to lists which restrict by org and view all - P
2293 -- position or payroll
2294 --
2295 begin
2296 --
2297 if g_debug then
2298 hr_utility.set_location(l_proc, 550);
2299 end if;
2300 --
2301 l_from_str := ' from per_security_profiles sec,
2302 per_organization_list org ';
2303 --
2304 l_cond_str := ' org.security_profile_id = sec.security_profile_id
2305 and org.organization_id = :l_organization_id
2306 and sec.view_all_organizations_flag = :l_Restrict
2307 and nvl(sec.top_organization_method, :l_S) <> :l_U
2308 and sec.view_all_positions_flag = :l_all
2309 and sec.view_all_payrolls_flag = :l_all and ';
2310 --
2311 l_exec_str := l_inst_str||l_from_str||' where '||
2312 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
2313 --
2314 if g_debug then
2315 l_exec_str_print:= l_exec_str;
2316 while length(l_exec_str_print)>0 loop
2317 hr_utility.trace(substr(l_exec_str_print,1,70));
2318 l_exec_str_print:=substr(l_exec_str_print,71);
2319 end loop;
2320 End if;
2321 if p_generation_scope = 'ALL_GLOBAL' then
2322 -- execute immediate l_exec_str
2323 execute immediate l_exec_str bulk collect into l_security_profie_table_temp -- 6368698
2324 using
2325 l_Restrict, --l_asgt_str
2326 l_all, --l_asgt_str
2327 l_Restrict, --l_asgt_str
2328 l_all, --l_asgt_str
2329 l_None, --l_asgt_str
2330
2331 l_organization_id, ----l_cond_str
2332 l_Restrict, ----l_cond_str
2333 l_S, --l_cond_str
2334 l_U, --l_cond_str
2335 l_all, --l_cond_str
2336 l_all, --l_cond_str
2337
2338
2339 l_Restrict, --l_comm_str
2340 l_true, --l_comm_str
2341 l_U, --l_comm_str
2342 l_FALSE, --l_comm_str
2343 l_true, --l_comm_str
2344 p_assignment_id, --l_comm_str
2345 p_effective_date, --l_comm_str
2346 l_true, --l_comm_str
2347 l_person_id --l_comm_str
2348 ;
2349 else
2350 execute immediate l_exec_str bulk collect into l_security_profie_table_temp -- 6368698
2351 using
2352 l_business_group_id, --l_bggr_str
2353 l_Restrict, --l_asgt_str
2354 l_all, --l_asgt_str
2355 l_Restrict, --l_asgt_str
2356 l_all, --l_asgt_str
2357 l_None, --l_asgt_str
2358
2359 l_organization_id, ----l_cond_str
2360 l_Restrict, ----l_cond_str
2361 l_S, --l_cond_str
2362 l_U, --l_cond_str
2363 l_all, --l_cond_str
2364 l_all, --l_cond_str
2365
2366 l_Restrict, --l_comm_str
2367 l_true, --l_comm_str
2368 l_U, --l_comm_str
2369 l_FALSE, --l_comm_str
2370 l_true, --l_comm_str
2371 p_assignment_id, --l_comm_str
2372 p_effective_date, --l_comm_str
2373 l_true, --l_comm_str
2374 l_person_id --l_comm_str
2375 ;
2376 end if;
2377 add_to_cache;
2378 --
2379 exception
2380 --
2381 -- If no data found handle exception so that other
2382 -- inserts can go ahead.
2383 --
2384 when no_data_found then
2385 if g_debug then
2386 hr_utility.set_location(l_proc, 560);
2387 end if;
2388 null;
2389 when others then
2390 if g_debug then
2391 hr_utility.set_location(l_proc||sqlerrm, 570);
2392 hr_utility.set_location(l_proc, 570);
2393 end if;
2394 raise;
2395 end;
2396 --
2397 -- add to lists which restrict by pos and view all - Q
2398 -- organization and payroll
2399 begin
2400 --
2401 if g_debug then
2402 hr_utility.set_location(l_proc, 580);
2403 end if;
2404 --
2405 l_from_str := ' from per_security_profiles sec,
2406 per_position_list posl ';
2407 --
2408 l_cond_str := ' posl.security_profile_id = sec.security_profile_id
2409 and posl.position_id = :l_position_id
2410 and sec.view_all_organizations_flag = :l_all
2411 and sec.view_all_positions_flag = :l_Restrict
2412 and nvl(sec.top_position_method, :l_S) <> :l_U
2413 and sec.view_all_payrolls_flag = :l_all and ';
2414 --
2415 l_exec_str := l_inst_str||l_from_str||' where '||
2416 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
2417 --
2418 if g_debug then
2419 l_exec_str_print:= l_exec_str;
2420 while length(l_exec_str_print)>0 loop
2421 hr_utility.trace(substr(l_exec_str_print,1,70));
2422 l_exec_str_print:=substr(l_exec_str_print,71);
2423 end loop;
2424 End if;
2425 if p_generation_scope = 'ALL_GLOBAL' then
2426 execute immediate l_exec_str bulk collect into l_security_profie_table_temp -- 6368698
2427 using
2428 l_Restrict, --l_asgt_str
2429 l_all, --l_asgt_str
2430 l_Restrict, --l_asgt_str
2431 l_all, --l_asgt_str
2432 l_None, --l_asgt_str
2433
2434 l_position_id, ----l_cond_str
2435 l_all, --l_cond_str
2436 l_Restrict, ----l_cond_str
2437 l_S, --l_cond_str
2438 l_U, --l_cond_str
2439 l_all, --l_cond_str
2440
2441 l_Restrict, --l_comm_str
2442 l_true, --l_comm_str
2443 l_U, --l_comm_str
2444 l_FALSE, --l_comm_str
2445 l_true, --l_comm_str
2446 p_assignment_id, --l_comm_str
2447 p_effective_date, --l_comm_str
2448 l_true, --l_comm_str
2449 l_person_id --l_comm_str
2450 ;
2451 else
2452 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2453 using
2454 l_business_group_id, --l_bggr_str
2455 l_Restrict, --l_asgt_str
2456 l_all, --l_asgt_str
2457 l_Restrict, --l_asgt_str
2458 l_all, --l_asgt_str
2459 l_None, --l_asgt_str
2460
2461 l_position_id, ----l_cond_str
2462 l_all, --l_cond_str
2463 l_Restrict, ----l_cond_str
2464 l_S, --l_cond_str
2465 l_U, --l_cond_str
2466 l_all, --l_cond_str
2467
2468 l_Restrict, --l_comm_str
2469 l_true, --l_comm_str
2470 l_U, --l_comm_str
2471 l_FALSE, --l_comm_str
2472 l_true, --l_comm_str
2473 p_assignment_id, --l_comm_str
2474 p_effective_date, --l_comm_str
2475 l_true, --l_comm_str
2476 l_person_id --l_comm_str
2477 ;
2478 end if;
2479 add_to_cache;
2480 --
2481 exception
2482 --
2483 -- If no data found handle exception so that other
2484 -- inserts can go ahead.
2485 --
2486 when no_data_found then
2487 if g_debug then
2488 hr_utility.set_location(l_proc, 590);
2489 end if;
2490 null;
2491 when others then
2492 if g_debug then
2493 hr_utility.set_location(l_proc||sqlerrm, 600);
2494 hr_utility.set_location(l_proc, 600);
2495 end if;
2496 raise;
2497 end;
2498 --
2499 -- add to lists which restrict bypayroll and view all - R
2500 -- organization and position
2501 --
2502 begin
2503 --
2504 if g_debug then
2505 hr_utility.set_location(l_proc, 610);
2506 end if;
2507 --
2508 l_from_str := ' from per_security_profiles sec,
2509 pay_payroll_list pay ';
2510 --
2511 l_cond_str := ' pay.security_profile_id = sec.security_profile_id
2512 and pay.payroll_id = :l_payroll_id
2513 and sec.view_all_organizations_flag = :l_all
2514 and sec.view_all_positions_flag = :l_all
2515 and sec.view_all_payrolls_flag = :l_Restrict and ';
2516 --
2517 l_exec_str := l_inst_str||l_from_str||' where '||
2518 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
2519 --
2520 if g_debug then
2521 l_exec_str_print:= l_exec_str;
2522 while length(l_exec_str_print)>0 loop
2523 hr_utility.trace(substr(l_exec_str_print,1,70));
2524 l_exec_str_print:=substr(l_exec_str_print,71);
2525 end loop;
2526 End if;
2527 if p_generation_scope = 'ALL_GLOBAL' then
2528 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2529 using
2530 l_Restrict, --l_asgt_str
2531 l_all, --l_asgt_str
2532 l_Restrict, --l_asgt_str
2533 l_all, --l_asgt_str
2534 l_None, --l_asgt_str
2535
2536 l_payroll_id, ----l_cond_str
2537 l_all, --l_cond_str
2538 l_all, --l_cond_str
2539 l_Restrict, ----l_cond_str
2540
2541 l_Restrict, --l_comm_str
2542 l_true, --l_comm_str
2543 l_U, --l_comm_str
2544 l_FALSE, --l_comm_str
2545 l_true, --l_comm_str
2546 p_assignment_id, --l_comm_str
2547 p_effective_date, --l_comm_str
2548 l_true, --l_comm_str
2549 l_person_id --l_comm_str
2550 ;
2551 else
2552 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2553 using
2554 l_business_group_id, --l_bggr_str
2555 l_Restrict, --l_asgt_str
2556 l_all, --l_asgt_str
2557 l_Restrict, --l_asgt_str
2558 l_all, --l_asgt_str
2559 l_None, --l_asgt_str
2560
2561 l_payroll_id, ----l_cond_str
2562 l_all, --l_cond_str
2563 l_all, --l_cond_str
2564 l_Restrict, ----l_cond_str
2565
2566 l_Restrict, --l_comm_str
2567 l_true, --l_comm_str
2568 l_U, --l_comm_str
2569 l_FALSE, --l_comm_str
2570 l_true, --l_comm_str
2571 p_assignment_id, --l_comm_str
2572 p_effective_date, --l_comm_str
2573 l_true, --l_comm_str
2574 l_person_id --l_comm_str
2575 ;
2576 end if;
2577 add_to_cache;
2578 --
2579 exception
2580 --
2581 -- If no data found handle exception so that other
2582 -- inserts can go ahead.
2583 --
2584 when no_data_found then
2585 if g_debug then
2586 hr_utility.set_location(l_proc, 620);
2587 end if;
2588 null;
2589 when others then
2590 if g_debug then
2591 hr_utility.set_location(l_proc||sqlerrm, 630);
2592 hr_utility.set_location(l_proc, 630);
2593 end if;
2594 raise;
2595 end;
2596 --
2597 -- add to any profiles which don't care about org/pos/pay and
2598 -- which have a custom restriction. - N
2599 --
2600 -- Those view alls without a custom restriction are handled
2601 -- by the secure view and so don't need a person list. This with
2602 -- a custom restriction do however need person list data
2603 --
2604 begin
2605 --
2606 if g_debug then
2607 hr_utility.set_location(l_proc, 640);
2608 end if;
2609 --
2610 l_from_str := ' from per_security_profiles sec ';
2611 --
2612 l_cond_str := ' sec.view_all_organizations_flag = :l_all
2613 and sec.view_all_positions_flag = :l_all
2614 and sec.view_all_payrolls_flag = :l_all
2615 and sec.custom_restriction_flag = :l_all
2616 and sec.view_all_flag = :l_Restrict and ';
2617 --
2618 l_exec_str := l_inst_str||l_from_str||' where '||
2619 l_bggr_str||l_asgt_str||l_cond_str||
2620 ' hr_security_internal.evaluate_custom(
2621 :p_assignment_id,sec.restriction_text,
2622 to_date(to_char(:p_effective_date, ''dd/mm/yyyy'')
2623 , ''dd/mm/yyyy'')) = :l_true and not exists (
2624 select 1 from per_person_list ppl
2625 where ppl.person_id =:l_person_id
2626 and ppl.security_profile_id = sec.security_profile_id)';
2627 --
2628 if g_debug then
2629 l_exec_str_print:= l_exec_str;
2630 while length(l_exec_str_print)>0 loop
2631 hr_utility.trace(substr(l_exec_str_print,1,70));
2632 l_exec_str_print:=substr(l_exec_str_print,71);
2633 end loop;
2634 End if;
2635 if p_generation_scope = 'ALL_GLOBAL' then
2636 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2637 using
2638 l_Restrict, --l_asgt_str
2639 l_all, --l_asgt_str
2640 l_Restrict, --l_asgt_str
2641 l_all, --l_asgt_str
2642 l_None, --l_asgt_str
2643
2644 l_all, --l_cond_str
2645 l_all, --l_cond_str
2646 l_all, --l_cond_str
2647 l_all, --l_cond_str
2648 l_Restrict, ----l_cond_str
2649 p_assignment_id,
2650 p_effective_date,
2651 l_true,
2652 l_person_id
2653 ;
2654 else
2655 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2656 using
2657 l_business_group_id, --l_bggr_str
2658 l_Restrict, --l_asgt_str
2659 l_all, --l_asgt_str
2660 l_Restrict, --l_asgt_str
2661 l_all, --l_asgt_str
2662 l_None, --l_asgt_str
2663
2664 l_all, --l_cond_str
2665 l_all, --l_cond_str
2666 l_all, --l_cond_str
2667 l_all, --l_cond_str
2668 l_Restrict, ----l_cond_str
2669 p_assignment_id,
2670 p_effective_date,
2671 l_true,
2672 l_person_id
2673 ;
2674 end if;
2675 add_to_cache;
2676 --
2677 exception
2678 --
2679 -- If no data found handle exception so that other
2680 -- inserts can go ahead.
2681 --
2682 when no_data_found then
2683 if g_debug then
2684 hr_utility.set_location(l_proc, 650);
2685 end if;
2686 null;
2687 when others then
2688 if g_debug then
2689 hr_utility.set_location(l_proc||sqlerrm, 660);
2690 hr_utility.set_location(l_proc, 660);
2691 end if;
2692 raise;
2693 end;
2694 --
2695 -- add to all lists which don't care about organization, - N1
2696 -- Position or Payroll but which do have a custom restriction.
2697 begin
2698 --
2699 if g_debug then
2700 hr_utility.set_location(l_proc, 670);
2701 end if;
2702 --
2703 l_from_str := ' from per_security_profiles sec ';
2704 --
2705 l_cond_str := ' sec.view_all_organizations_flag = :l_all
2706 and sec.view_all_positions_flag = :l_all
2707 and sec.view_all_payrolls_flag = :l_all
2708 and sec.custom_restriction_flag = :l_all
2709 and sec.view_all_flag = :l_Restrict and ';
2710 --
2711 l_exec_str := l_inst_str||l_from_str||' where '||
2712 l_bggr_str||l_asgt_str||l_cond_str||l_comm_str;
2713 --
2714 if g_debug then
2715 l_exec_str_print:= l_exec_str;
2716 while length(l_exec_str_print)>0 loop
2717 hr_utility.trace(substr(l_exec_str_print,1,70));
2718 l_exec_str_print:=substr(l_exec_str_print,71);
2719 end loop;
2720 End if;
2721 if p_generation_scope = 'ALL_GLOBAL' then
2722 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2723 using
2724 l_Restrict, --l_asgt_str
2725 l_all, --l_asgt_str
2726 l_Restrict, --l_asgt_str
2727 l_all, --l_asgt_str
2728 l_None, --l_asgt_str
2729
2730 l_all, --l_cond_str
2731 l_all, --l_cond_str
2732 l_all, --l_cond_str
2733 l_all, --l_cond_str
2734 l_Restrict, ----l_cond_str
2735
2736 l_Restrict, --l_comm_str
2737 l_true, --l_comm_str
2738 l_U, --l_comm_str
2739 l_FALSE, --l_comm_str
2740 l_true, --l_comm_str
2741 p_assignment_id, --l_comm_str
2742 p_effective_date, --l_comm_str
2743 l_true, --l_comm_str
2744 l_person_id --l_comm_str
2745 ;
2746 else
2747 execute immediate l_exec_str bulk collect into l_security_profie_table_temp
2748 using
2749 l_business_group_id, --l_bggr_str
2750 l_Restrict, --l_asgt_str
2751 l_all, --l_asgt_str
2752 l_Restrict, --l_asgt_str
2753 l_all, --l_asgt_str
2754 l_None, --l_asgt_str
2755
2756 l_all, --l_cond_str
2757 l_all, --l_cond_str
2758 l_all, --l_cond_str
2759 l_all, --l_cond_str
2760 l_Restrict, ----l_cond_str
2761
2762 l_Restrict, --l_comm_str
2763 l_true, --l_comm_str
2764 l_U, --l_comm_str
2765 l_FALSE, --l_comm_str
2766 l_true, --l_comm_str
2767 p_assignment_id, --l_comm_str
2768 p_effective_date, --l_comm_str
2769 l_true, --l_comm_str
2770 l_person_id --l_comm_str
2771 ;
2772 end if;
2773 add_to_cache;
2774 --
2775 exception
2776 --
2777 -- If no data found handle exception so that other
2778 -- inserts can go ahead.
2779 --
2780 when no_data_found then
2781 if g_debug then
2782 hr_utility.set_location(l_proc, 680);
2783 end if;
2784 null;
2785 when others then
2786 if g_debug then
2787 hr_utility.set_location(l_proc||sqlerrm, 690);
2788 hr_utility.set_location(l_proc, 690);
2789 end if;
2790 raise;
2791 end;
2792 --
2793 end if;
2794 --
2795 end if;
2796 --
2797 if g_debug then
2798 hr_utility.set_location(l_proc, 700);
2799 end if;
2800 --
2801 else
2802 close asg_details;
2803 end if;
2804
2805 if g_debug then
2806 hr_utility.set_location(l_proc, 705);
2807 end if;
2808 insert_cache_to_list;
2809 --
2810 if g_debug then
2811 hr_utility.set_location(l_proc, 710);
2812 end if;
2813 --
2814 hr_security.add_person(l_person_id);
2815 --
2816 if g_debug then
2817 hr_utility.set_location(' Leaving:'||l_proc, 720);
2818 end if;
2819 --
2820 exception
2821 when no_data_found then
2822 if g_debug then
2823 hr_utility.set_location(l_proc, 730);
2824 end if;
2825 --
2826 end add_to_person_list;
2827 --
2828 --
2829 -- ----------------------------------------------------------------------------
2830 -- |--------------------< clear_from_person_list_changes >--------------------|
2831 -- ----------------------------------------------------------------------------
2832 --
2833 procedure clear_from_person_list_changes
2834 (p_person_id in number) is
2835 --
2836 l_proc varchar2(72) := g_package||'clear_from_person_list_changes';
2837 begin
2838 hr_utility.set_location('Entering:'|| l_proc, 10);
2839 --
2840 -- Stubbed out as part of Ex-Person security enhancements.
2841 --
2842 hr_utility.set_location(' Leaving:'||l_proc, 20);
2843 end clear_from_person_list_changes;
2844 --
2845 -- ----------------------------------------------------------------------------
2846 -- |-------------------< re_enter_person_list_changes >-----------------------|
2847 -- ----------------------------------------------------------------------------
2848 --
2849 procedure re_enter_person_list_changes
2850 (p_person_id in number) is
2851 --
2852 l_proc varchar2(72) := g_package||'re_enter_person_list_changes';
2853 --
2854 cursor asg_details is
2855 select asg.person_id
2856 , asg.organization_id
2857 , asg.position_id
2858 , asg.payroll_id
2859 , asg.business_group_id
2860 from per_all_assignments_f asg
2861 where asg.person_id=p_person_id
2862 and ( (asg.assignment_type='E'
2863 and asg.effective_end_date = (select max(p.actual_termination_date)
2864 from per_periods_of_service p
2865 where p.person_id = p_person_id)
2866 ) or
2867 (asg.assignment_type='A'
2868 and asg.effective_end_date = (select max(ap.date_end)
2869 from per_applications ap
2870 where ap.person_id = p_person_id)
2871 ) );
2872 --
2873 l_person_id per_assignments_f.person_id%TYPE;
2874 l_organization_id per_assignments_f.organization_id%TYPE;
2875 l_position_id per_assignments_f.position_id%TYPE;
2876 l_payroll_id per_assignments_f.payroll_id%TYPE;
2877 l_business_group_id per_assignments_f.business_group_id%TYPE;
2878 --
2879 begin
2880 hr_utility.set_location('Entering:'|| l_proc, 10);
2881 --
2882 -- Stubbed out as part of Ex-Person security enhancements.
2883 --
2884 hr_utility.set_location(' Leaving:'||l_proc, 20);
2885 --
2886 end re_enter_person_list_changes;
2887 --
2888 -- ----------------------------------------------------------------------------
2889 -- |----------------------< copy_to_person_list_changes >---------------------|
2890 -- ----------------------------------------------------------------------------
2891 --
2892 procedure copy_to_person_list_changes
2893 (p_person_id in number) is
2894 --
2895 l_proc varchar2(72) := g_package||'copy_to_person_list_changes';
2896 --
2897 begin
2898 hr_utility.set_location('Entering:'|| l_proc, 10);
2899 --
2900 --
2901 -- Stubbed out as part of Ex-Person security enhancements.
2902 --
2903 hr_utility.set_location(' Leaving:'||l_proc, 20);
2904 exception
2905 when NO_DATA_FOUND then
2906 hr_utility.set_location(l_proc, 30);
2907 end copy_to_person_list_changes;
2908 --
2909 -- ----------------------------------------------------------------------------
2910 -- |------------------------< grant_access_to_person >------------------------|
2911 -- ----------------------------------------------------------------------------
2912 --
2913 procedure grant_access_to_person
2914 (p_person_id in number
2915 ,p_granted_user_id in number) is
2916 --
2917 l_proc varchar2(72) := g_package||'grant_access_to_person';
2918 --
2919 cursor chk_person_id is
2920 select 1
2921 from per_all_people_f
2922 where person_id=p_person_id;
2923 --
2924 cursor chk_user_id is
2925 select 1
2926 from fnd_user
2927 where user_id=p_granted_user_id;
2928 --
2929 -- Bug 3770018
2930 -- Now that user based security profiles use the granted_user_id
2931 -- column, the security_profile_id value should be checked.
2932 -- Interestingly revoke_access_from_person was taken care of
2933 -- presumably as part of the user based security changes.
2934 --
2935 cursor chk_person_list is
2936 select 1
2937 from per_person_list
2938 where person_id = p_person_id
2939 and granted_user_id = p_granted_user_id
2940 and security_profile_id is null;
2941 --
2942 l_dummy number;
2943 --
2944 begin
2945 hr_utility.set_location('Entering:'|| l_proc, 10);
2946 --
2947 open chk_person_id;
2948 fetch chk_person_id into l_dummy;
2949 if chk_person_id%notfound then
2950 close chk_person_id;
2951 hr_utility.set_message(800, 'PER_52656_INVALID_PERSON_ID');
2952 hr_utility.raise_error;
2953 else
2954 close chk_person_id;
2955 end if;
2956 --
2957 hr_utility.set_location(l_proc, 20);
2958 --
2959 open chk_user_id;
2960 fetch chk_user_id into l_dummy;
2961 if chk_user_id%notfound then
2962 close chk_user_id;
2963 hr_utility.set_message(800, 'PER_52672_INVALID_USER_ID');
2964 hr_utility.raise_error;
2965 else
2966 close chk_user_id;
2967 end if;
2968 --
2969 hr_utility.set_location(l_proc, 30);
2970 --
2971 -- Bug fix 1680524
2972 --
2973 open chk_person_list;
2974 fetch chk_person_list into l_dummy;
2975 if chk_person_list%notfound then
2976 close chk_person_list;
2977 INSERT INTO PER_PERSON_LIST
2978 (PERSON_ID
2979 ,GRANTED_USER_ID)
2980 values
2981 (p_person_id
2982 ,p_granted_user_id);
2983 else
2984 close chk_person_list;
2985 end if;
2986 --
2987 hr_utility.set_location('Leaving: '||l_proc, 40);
2988 --
2989 end grant_access_to_person;
2990 --
2991 -- ----------------------------------------------------------------------------
2992 -- |----------------------< revoke_access_from_person >-----------------------|
2993 -- ----------------------------------------------------------------------------
2994 --
2995 procedure revoke_access_from_person
2996 (p_person_id in number
2997 ,p_granted_user_id in number default NULL) is
2998 --
2999 l_proc varchar2(72) := g_package||'revoke_access_from_person';
3000 --
3001 begin
3002 hr_utility.set_location('Entering:'|| l_proc, 10);
3003
3004 if p_granted_user_id is not null
3005 then
3006 --
3007 -- If a user id is passed then revoke access for just that user
3008 --
3009 delete from per_person_list
3010 where person_id=p_person_id
3011 and granted_user_id =p_granted_user_id
3012 and security_profile_id is null;
3013 else
3014 --
3015 -- else revoke access for all users.
3016 --
3017 delete from per_person_list
3018 where person_id = p_person_id
3019 and granted_user_id is not null
3020 and security_profile_id is null;
3021 end if;
3022 --
3023 hr_utility.set_location(' Leaving:'||l_proc, 20);
3024 --
3025 end revoke_access_from_person;
3026 --
3027 -- ----------------------------------------------------------------------------
3028 -- |----------------------< op >----------------------------------------------|
3029 -- ----------------------------------------------------------------------------
3030 --
3031 PROCEDURE op
3032 (p_msg IN VARCHAR2)
3033 IS
3034
3035 l_msg VARCHAR2(32000) := p_msg;
3036
3037 BEGIN
3038
3039 IF g_dbg_type IS NOT NULL AND l_msg IS NOT NULL THEN
3040
3041 --
3042 -- Break the output into chunks of 70 characters.
3043 --
3044 WHILE LENGTH(l_msg) > 0 LOOP
3045
3046 IF g_dbg_type = g_PIPE OR g_debug THEN
3047 hr_utility.trace(SUBSTR(l_msg, 1, 70));
3048 ELSIF g_dbg_type = g_FND_LOG THEN
3049 fnd_file.put_line(FND_FILE.log, SUBSTR(l_msg, 1, 70));
3050 END IF;
3051
3052 l_msg := SUBSTR(l_msg, 71);
3053
3054 END LOOP;
3055
3056 END IF;
3057
3058 END op;
3059 --
3060 -- ----------------------------------------------------------------------------
3061 -- |----------------------< op >----------------------------------------------|
3062 -- ----------------------------------------------------------------------------
3063 --
3064 PROCEDURE op
3065 (p_msg IN VARCHAR2
3066 ,p_location IN NUMBER)
3067 IS
3068
3069 l_msg VARCHAR2(32000) := p_msg;
3070
3071 BEGIN
3072
3073 IF g_dbg_type IS NOT NULL AND p_msg IS NOT NULL AND
3074 p_location IS NOT NULL THEN
3075 --
3076 -- Break the output into chunks of 70 characters.
3077 --
3078 WHILE LENGTH(l_msg) > 0 LOOP
3079
3080 IF g_dbg_type = g_PIPE OR g_debug THEN
3081 hr_utility.set_location(SUBSTR(l_msg, 1, 70), p_location);
3082 ELSIF g_dbg_type = g_FND_LOG THEN
3083 fnd_file.put_line(FND_FILE.log, SUBSTR(l_msg, 1, 70)
3084 ||', '||to_char(p_location));
3085 END IF;
3086
3087 l_msg := SUBSTR(l_msg, 71);
3088
3089 END LOOP;
3090
3091 END IF;
3092
3093 END op;
3094 --
3095 -- ----------------------------------------------------------------------------
3096 -- |----------------------< session_context_changed >-------------------------|
3097 -- ----------------------------------------------------------------------------
3098 --
3099 FUNCTION session_context_changed
3100 RETURN BOOLEAN IS
3101
3102 BEGIN
3103
3104 --
3105 -- Check whether the local cached version of the session context
3106 -- differs to the AOL session context.
3107 -- This is the most aggressive form of session change identification
3108 -- as the session_context should increment for each
3109 -- fnd_global.apps_initialise call.
3110 --
3111 -- This procedure is used primarily for ADF applications, where database
3112 -- sessions (and therefore cached PL/SQL values) are pooled and can
3113 -- be reused by a user that may have entirely different security permissions
3114 -- and contexts (such as fnd profile options).
3115 --
3116 -- This is not relevant for PUI applications and new database sessions are
3117 -- always created, not reused.
3118 --
3119 -- No debug output is added here because this is called in each
3120 -- iteration of the secure view.
3121 --
3122 IF g_session_context IS NULL OR
3123 fnd_global.session_context IS NULL OR
3124 g_session_context <> fnd_global.session_context THEN
3125 RETURN TRUE;
3126 ELSE
3127 RETURN FALSE;
3128 END IF;
3129
3130 END session_context_changed;
3131 --
3132 -- ----------------------------------------------------------------------------
3133 -- |----------------------< sync_session_context >----------------------------|
3134 -- ----------------------------------------------------------------------------
3135 --
3136 PROCEDURE sync_session_context
3137 IS
3138
3139 BEGIN
3140
3141 --
3142 -- Cache the AOL session context locally.
3143 --
3144 g_session_context := fnd_global.session_context;
3145
3146 END sync_session_context;
3147 --
3148 -- ----------------------------------------------------------------------------
3149 -- |----------------------< restricted_orgs >---------------------------------|
3150 -- ----------------------------------------------------------------------------
3151 --
3152 FUNCTION restricted_orgs
3153 (p_sec_prof_rec IN g_sec_prof_r)
3154 RETURN BOOLEAN IS
3155
3156 BEGIN
3157
3158 --
3159 -- Protect against null parameters.
3160 --
3161 IF p_sec_prof_rec.security_profile_id IS NOT NULL THEN
3162
3163 IF p_sec_prof_rec.view_all_flag = 'N' AND
3164 p_sec_prof_rec.view_all_organizations_flag = 'N' AND
3165 p_sec_prof_rec.org_security_mode = 'HIER' THEN
3166 RETURN TRUE;
3167 END IF;
3168
3169 END IF;
3170
3171 RETURN FALSE;
3172
3173 END restricted_orgs;
3174 --
3175 -- ----------------------------------------------------------------------------
3176 -- |----------------------< restricted_pos >----------------------------------|
3177 -- ----------------------------------------------------------------------------
3178 --
3179 FUNCTION restricted_pos
3180 (p_sec_prof_rec IN g_sec_prof_r)
3181 RETURN BOOLEAN IS
3182
3183 BEGIN
3184
3185 --
3186 -- Protect against null parameters.
3187 --
3188 IF p_sec_prof_rec.security_profile_id IS NOT NULL THEN
3189
3190 IF p_sec_prof_rec.view_all_flag = 'N' AND
3191 p_sec_prof_rec.view_all_positions_flag = 'N' THEN
3192 RETURN TRUE;
3193 END IF;
3194
3195 END IF;
3196
3197 RETURN FALSE;
3198
3199 END restricted_pos;
3200 --
3201 -- ----------------------------------------------------------------------------
3202 -- |----------------------< restricted_pays >---------------------------------|
3203 -- ----------------------------------------------------------------------------
3204 --
3205 FUNCTION restricted_pays
3206 (p_sec_prof_rec IN g_sec_prof_r)
3207 RETURN BOOLEAN IS
3208
3209 BEGIN
3210
3211 --
3212 -- Protect against null parameters.
3213 --
3214 IF p_sec_prof_rec.security_profile_id IS NOT NULL THEN
3215
3216 IF p_sec_prof_rec.view_all_flag = 'N' AND
3217 p_sec_prof_rec.view_all_payrolls_flag = 'N' THEN
3218 RETURN TRUE;
3219 END IF;
3220
3221 END IF;
3222
3223 RETURN FALSE;
3224
3225 END restricted_pays;
3226 --
3227 -- ----------------------------------------------------------------------------
3228 -- |----------------------< restricted_pers >---------------------------------|
3229 -- ----------------------------------------------------------------------------
3230 --
3231 function restricted_pers(p_sec_prof_rec in g_sec_prof_r)
3232 return boolean is
3233 --
3234 begin
3235 -- Protect against null parameters.
3236 if p_sec_prof_rec.security_profile_id is not null then
3237 -- Determine whether this security profile can see everyone
3238 -- without needing to evaluate permissions person by person.
3239 if p_sec_prof_rec.view_all_flag = 'N' and
3240 (p_sec_prof_rec.view_all_employees_flag <> 'Y' or
3241 p_sec_prof_rec.view_all_cwk_flag <> 'Y' or
3242 p_sec_prof_rec.view_all_applicants_flag <> 'Y' or
3243 p_sec_prof_rec.view_all_contacts_flag <> 'Y' or
3244 p_sec_prof_rec.view_all_candidates_flag <> 'Y') and
3245 (restricted_orgs(p_sec_prof_rec) or
3246 restricted_pos (p_sec_prof_rec) or
3247 restricted_pays(p_sec_prof_rec) or
3248 p_sec_prof_rec.restrict_by_supervisor_flag <> 'N' or
3249 p_sec_prof_rec.custom_restriction_flag <> 'N' or
3250 p_sec_prof_rec.exclude_person_flag <> 'N' or
3251 p_sec_prof_rec.named_person_id is not null) then
3252 --
3253 return true;
3254 --
3255 end if;
3256 --
3257 end if;
3258 --
3259 return false;
3260 --
3261 end restricted_pers;
3262 --
3263 -- ----------------------------------------------------------------------------
3264 -- |----------------------< show_organization >-------------------------------|
3265 -- ----------------------------------------------------------------------------
3266 --
3267 FUNCTION show_organization
3268 (p_organization_id IN NUMBER)
3269 RETURN VARCHAR2 IS
3270
3271 BEGIN
3272
3273 --
3274 -- Protect against incorrect passed parameters.
3275 --
3276 IF p_organization_id IS NOT NULL THEN
3277 --
3278 -- Check the org is in the cache. Note that this function assumes
3279 -- that this is a restricted profile and assumes the relevant
3280 -- view all flags have been checked as a pre-requisite.
3281 --
3282 IF g_org_tbl.EXISTS(p_organization_id) THEN
3283 RETURN 'TRUE';
3284 END IF;
3285 END IF;
3286
3287 RETURN 'FALSE';
3288
3289 END show_organization;
3290 --
3291 -- ----------------------------------------------------------------------------
3292 -- |----------------------< show_position >-----------------------------------|
3293 -- ----------------------------------------------------------------------------
3294 --
3295 FUNCTION show_position
3296 (p_position_id IN NUMBER)
3297 RETURN VARCHAR2 IS
3298
3299 BEGIN
3300
3301 --
3302 -- Protect against incorrect passed parameters.
3303 --
3304 IF p_position_id IS NOT NULL THEN
3305 --
3306 -- Check the pos is in the cache. Note that this function assumes
3307 -- that this is a restricted profile and assumes the relevant
3308 -- view all flags have been checked as a pre-requisite.
3309 --
3310 IF g_pos_tbl.EXISTS(p_position_id) THEN
3311 RETURN 'TRUE';
3312 END IF;
3313 END IF;
3314
3315 RETURN 'FALSE';
3316
3317 END show_position;
3318 --
3319 -- ----------------------------------------------------------------------------
3320 -- |----------------------< show_payroll >------------------------------------|
3321 -- ----------------------------------------------------------------------------
3322 --
3323 FUNCTION show_payroll
3324 (p_payroll_id IN NUMBER)
3325 RETURN VARCHAR2 IS
3326
3327 BEGIN
3328
3329 --
3330 -- Protect against incorrect passed parameters.
3331 --
3332 IF p_payroll_id IS NOT NULL THEN
3333 --
3334 -- Check the pay is in the cache. Note that this function assumes
3335 -- that this is a restricted profile and assumes the relevant
3336 -- view all flags have been checked as a pre-requisite.
3337 --
3338 IF g_pay_tbl.EXISTS(p_payroll_id) THEN
3339 RETURN 'TRUE';
3340 END IF;
3341 END IF;
3342
3343 RETURN 'FALSE';
3344
3345 END show_payroll;
3346 --
3347 -- ----------------------------------------------------------------------------
3348 -- |----------------------< get_assignments >---------------------------------|
3349 -- ----------------------------------------------------------------------------
3350 --
3351 FUNCTION get_assignments
3352 (p_person_id IN NUMBER
3353 ,p_effective_date IN DATE)
3354 RETURN g_assignments_t IS
3355
3356 --
3357 -- Local variable declarations.
3358 --
3359 l_assignments_tbl g_assignments_t;
3360 l_already_cached BOOLEAN := FALSE;
3361 l_proc VARCHAR2(72) := g_package||'get_assignments';
3362 j NUMBER := 1;
3363
3364 --
3365 -- Fetches the assignments for the given person.
3366 -- Applicant and Benefits assignments are excluded
3367 -- as these types of assignments do not have any
3368 -- user permissions.
3369 --
3370 CURSOR csr_assignments_for_per IS
3371 SELECT *
3372 FROM per_all_assignments_f paaf
3373 WHERE paaf.person_id = p_person_id
3374 AND p_effective_date BETWEEN
3375 paaf.effective_start_date AND paaf.effective_end_date
3376 AND paaf.assignment_type NOT IN ('A','B');
3377
3378 BEGIN
3379
3380 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
3381
3382 --
3383 -- Protect against the in parameters being null.
3384 --
3385 IF p_person_id IS NOT NULL AND p_effective_date IS NOT NULL THEN
3386 --
3387 -- Look for the person in the existing cache. If they exist
3388 -- get the assignment details from the cache, otherwise
3389 -- fetch the details and cache them.
3390 --
3391 IF g_dbg THEN op(l_proc, 20); END IF;
3392
3393 IF g_assignments_tbl.COUNT > 0 THEN
3394 --
3395 -- Enumerate through the varray to see if this person's
3396 -- details are already cached.
3397 --
3398 -- An Oracle 9i feature that could be used here (but cannot
3399 -- at the time of writing this because 8i is supported in 11i)
3400 -- is nested PL/SQL collections: nesting a table of assignments
3401 -- within a table of people. This would enhance performance
3402 -- if the index was the assignment_id for the assignment
3403 -- collection and the person_id for the person collection
3404 -- because the person_id is known, so it would be possible
3405 -- to directly access all assignments for a person without
3406 -- running through the table of people.
3407 --
3408 IF g_dbg THEN op(l_proc, 30); END IF;
3409
3410 FOR i IN g_assignments_tbl.FIRST..g_assignments_tbl.LAST LOOP
3411 IF p_person_id = g_assignments_tbl(i).person_id THEN
3412 l_assignments_tbl(j) := g_assignments_tbl(i);
3413 j := j + 1;
3414 l_already_cached := TRUE;
3415 END IF;
3416 END LOOP;
3417 END IF;
3418
3419 IF g_dbg THEN op(l_proc, 40); END IF;
3420
3421 IF NOT l_already_cached THEN
3422 --
3423 -- Fetch the assignments. Bulk collect would not perform better
3424 -- considering the number of assignments a person will typically
3425 -- have: few. As Oracle 8i is still supported at the time of
3426 -- writing, it is not possible to bulk collect into a collection
3427 -- so instead it would be necessary to fetch into individual
3428 -- collections of scalars if bulk collect was to be used.
3429 --
3430 IF g_dbg THEN op(l_proc, 50); END IF;
3431 j := 1;
3432 FOR asg_rec IN csr_assignments_for_per LOOP
3433 l_assignments_tbl(j) := asg_rec;
3434 g_assignments_tbl(g_assignments_tbl.COUNT + 1) := asg_rec;
3435 j := j + 1;
3436 END LOOP;
3437 END IF;
3438 END IF;
3439
3440 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
3441
3442 RETURN l_assignments_tbl;
3443
3444 END get_assignments;
3445 --
3446 -- ----------------------------------------------------------------------------
3447 -- |----------------------< org_access_known >--------------------------------|
3448 -- ----------------------------------------------------------------------------
3449 --
3450 FUNCTION org_access_known
3451 RETURN BOOLEAN IS
3452
3453 BEGIN
3454
3455 --
3456 -- In a session pooling environment, database sessions are re-used and
3457 -- session cache is not necessarily flushed out of memory, so if the
3458 -- apps_initialise session has changed this should trigger a re-evaluation
3459 -- of security permissions and this should return FALSE.
3460 --
3461 IF session_context_changed THEN
3462 RETURN FALSE;
3463 END IF;
3464
3465 --
3466 -- The session is current, so return the global flag that indicates whether
3467 -- organization security permissions are known for the user currently cached
3468 -- in memory.
3469 --
3470 -- No debug output is added here because this is called in each
3471 -- iteration of the secure view.
3472 --
3473 RETURN g_access_known_rec.org;
3474
3475 END org_access_known;
3476 --
3477 -- ----------------------------------------------------------------------------
3478 -- |----------------------< pos_access_known >--------------------------------|
3479 -- ----------------------------------------------------------------------------
3480 --
3481 FUNCTION pos_access_known
3482 RETURN BOOLEAN IS
3483
3484 BEGIN
3485
3486 --
3487 -- In a session pooling environment, database sessions are re-used and
3488 -- session cache is not necessarily flushed out of memory, so if the
3489 -- apps_initialise session has changed this should trigger a re-evaluation
3490 -- of security permissions and this should return FALSE.
3491 --
3492 IF session_context_changed THEN
3493 RETURN FALSE;
3494 END IF;
3495
3496 --
3497 -- The session is current, so return the global flag that indicates
3498 -- whether position security permissions are known for the user
3499 -- currently cached in memory.
3500 --
3501 -- No debug output is added here because this is called in each
3502 -- iteration of the secure view.
3503 --
3504 RETURN g_access_known_rec.pos;
3505
3506 END pos_access_known;
3507 --
3508 -- ----------------------------------------------------------------------------
3509 -- |----------------------< pay_access_known >--------------------------------|
3510 -- ----------------------------------------------------------------------------
3511 --
3512 FUNCTION pay_access_known
3513 RETURN BOOLEAN IS
3514
3515 BEGIN
3516
3517 --
3518 -- In a session pooling environment, database sessions are re-used and
3519 -- session cache is not necessarily flushed out of memory, so if the
3520 -- apps_initialise session has changed this should trigger a re-evaluation
3521 -- of security permissions and this should return FALSE.
3522 --
3523 IF session_context_changed THEN
3524 RETURN FALSE;
3525 END IF;
3526
3527 --
3528 -- The session is current, so return the global flag that indicates
3529 -- whether payroll security permissions are known for the user
3530 -- currently cached in memory.
3531 --
3532 -- No debug output is added here because this is called in each
3533 -- iteration of the secure view.
3534 --
3535 RETURN g_access_known_rec.pay;
3536
3537 END pay_access_known;
3538 --
3539 -- ----------------------------------------------------------------------------
3540 -- |----------------------< per_access_known >--------------------------------|
3541 -- ----------------------------------------------------------------------------
3542 --
3543 FUNCTION per_access_known
3544 RETURN BOOLEAN IS
3545
3546 BEGIN
3547
3548 --
3549 -- In a session pooling environment, database sessions are re-used and
3550 -- session cache is not necessarily flushed out of memory, so if the
3551 -- apps_initialise session has changed this should trigger a re-evaluation
3552 -- of security permissions and this should return FALSE.
3553 --
3554 IF session_context_changed THEN
3555 RETURN FALSE;
3556 END IF;
3557
3558 --
3559 -- The session is current, so return the global flag that indicates whether
3560 -- person security permissions are known for the user currently cached
3561 -- in memory.
3562 --
3563 -- No debug output is added here because this is called in each
3564 -- iteration of the secure view.
3565 --
3566 RETURN g_access_known_rec.per;
3567
3568 END per_access_known;
3569 --
3570 -- ----------------------------------------------------------------------------
3571 -- |----------------------< get_org_structure_version >-----------------------|
3572 -- ----------------------------------------------------------------------------
3573 --
3574 FUNCTION get_org_structure_version
3575 (p_organization_structure_id IN NUMBER
3576 ,p_effective_date IN DATE)
3577 RETURN NUMBER IS
3578
3579 --
3580 -- Local variables.
3581 --
3582 l_org_structure_version_id NUMBER;
3583 l_proc VARCHAR2(72) := g_package||'get_org_structure_version';
3584
3585 --
3586 -- Get the effective hierarchy version for the given hierarchy
3587 -- structure.
3588 --
3589 CURSOR csr_get_hier_ver IS
3590 SELECT posv.org_structure_version_id
3591 FROM per_org_structure_versions posv
3592 WHERE posv.organization_structure_id = p_organization_structure_id
3593 AND p_effective_date BETWEEN
3594 posv.date_from AND NVL(posv.date_to, hr_general.end_of_time);
3595
3596 BEGIN
3597
3598 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
3599
3600 IF p_organization_structure_id IS NOT NULL AND
3601 p_effective_date IS NOT NULL THEN
3602 --
3603 -- Fetch the hierarchy version. This will not return a row
3604 -- if there is no effective hierarchy version.
3605 --
3606 IF g_dbg THEN op(l_proc, 20); END IF;
3607
3608 OPEN csr_get_hier_ver;
3609 FETCH csr_get_hier_ver INTO l_org_structure_version_id;
3610 CLOSE csr_get_hier_ver;
3611
3612 END IF;
3613
3614 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
3615
3616 RETURN l_org_structure_version_id;
3617
3618 END get_org_structure_version;
3619 --
3620 -- ----------------------------------------------------------------------------
3621 -- |----------------------< get_pos_structure_version >-----------------------|
3622 -- ----------------------------------------------------------------------------
3623 --
3624 FUNCTION get_pos_structure_version
3625 (p_position_structure_id IN NUMBER
3626 ,p_effective_date IN DATE)
3627 RETURN NUMBER IS
3628
3629 --
3630 -- Local variables.
3631 --
3632 l_pos_structure_version_id NUMBER;
3633 l_proc VARCHAR2(72) := g_package||'get_pos_structure_version';
3634
3635 --
3636 -- Get the effective hierarchy version for the given hierarchy
3637 -- structure.
3638 --
3639 CURSOR csr_get_hier_ver IS
3640 SELECT ppsv.pos_structure_version_id
3641 FROM per_pos_structure_versions ppsv
3642 WHERE ppsv.position_structure_id = p_position_structure_id
3643 AND p_effective_date BETWEEN
3644 ppsv.date_from AND NVL(ppsv.date_to, hr_general.end_of_time);
3645
3646 BEGIN
3647
3648 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
3649
3650 IF p_position_structure_id IS NOT NULL AND
3651 p_effective_date IS NOT NULL THEN
3652 --
3653 -- Fetch the hierarchy version. This will not return a row
3654 -- if there is no effective hierarchy version.
3655 --
3656 IF g_dbg THEN op(l_proc, 20); END IF;
3657
3658 OPEN csr_get_hier_ver;
3659 FETCH csr_get_hier_ver INTO l_pos_structure_version_id;
3660 CLOSE csr_get_hier_ver;
3661
3662 END IF;
3663
3664 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
3665
3666 RETURN l_pos_structure_version_id;
3667
3668 END get_pos_structure_version;
3669 --
3670 -- ----------------------------------------------------------------------------
3671 -- |----------------------< add_hier_orgs_to_cache >--------------------------|
3672 -- ----------------------------------------------------------------------------
3673 --
3674 PROCEDURE add_hier_orgs_to_cache
3675 (p_top_organization_id IN NUMBER
3676 ,p_org_structure_version_id IN NUMBER
3677 ,p_include_top_org_flag IN VARCHAR2)
3678 IS
3679
3680 --
3681 -- Local variables.
3682 --
3683 l_temp_org_tbl g_number_t;
3684 l_proc VARCHAR2(72) := g_package||'add_hier_orgs_to_cache';
3685 l_dummy NUMBER;
3686
3687 --
3688 -- Get all the organizations in the hierarchy given a top
3689 -- organization and a hierarchy version.
3690 --
3691 CURSOR csr_get_orgs_in_hier IS
3692 SELECT o.organization_id_child
3693 FROM per_org_structure_elements o
3694 CONNECT BY o.organization_id_parent = PRIOR o.organization_id_child
3695 AND o.org_structure_version_id = PRIOR o.org_structure_version_id
3696 START WITH o.organization_id_parent = p_top_organization_id
3697 AND o.org_structure_version_id = p_org_structure_version_id;
3698
3699 --
3700 -- Check if the top organization is in the hierarchy.
3701 --
3702 CURSOR csr_top_org_in_hier IS
3703 SELECT NULL
3704 FROM per_org_structure_elements o
3705 WHERE o.org_structure_version_id = p_org_structure_version_id
3706 AND o.organization_id_child = p_top_organization_id
3707 AND rownum = 1;
3708
3709 BEGIN
3710
3711 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
3712
3713 IF p_top_organization_id IS NOT NULL AND
3714 p_org_structure_version_id IS NOT NULL AND
3715 p_include_top_org_flag IS NOT NULL THEN
3716 --
3717 -- Traverse the organization hierarchy and fetch
3718 -- the orgs into a temporary collection.
3719 --
3720 IF g_dbg THEN op(l_proc, 20); END IF;
3721
3722 OPEN csr_get_orgs_in_hier;
3723 FETCH csr_get_orgs_in_hier BULK COLLECT INTO l_temp_org_tbl;
3724 CLOSE csr_get_orgs_in_hier;
3725
3726 IF g_dbg THEN op(l_proc, 30); END IF;
3727
3728 IF l_temp_org_tbl.COUNT > 0 THEN
3729 --
3730 -- Enumerate through the temporary table and re-order
3731 -- the list of orgs into the global cache so that the
3732 -- index is the org_id. This allows for direct index
3733 -- access.
3734 --
3735 IF g_dbg THEN op(l_proc, 40); END IF;
3736
3737 FOR i IN l_temp_org_tbl.FIRST..l_temp_org_tbl.LAST LOOP
3738 IF NOT g_org_tbl.EXISTS(l_temp_org_tbl(i)) THEN
3739 g_org_tbl(l_temp_org_tbl(i)) := TRUE;
3740 END IF;
3741 END LOOP;
3742 END IF;
3743
3744 IF g_dbg THEN op(l_proc, 50); END IF;
3745
3746 IF p_include_top_org_flag = 'Y' THEN
3747 --
3748 -- Add the top organization into the org cache.
3749 --
3750 -- The top organization should only be added when it
3751 -- does actually exist in the organization hierarchy.
3752 --
3753 -- If there are other orgs in the hierarchy (ie, if
3754 -- l_temp_org_tbl contains any rows) the top org
3755 -- can be added immediately to the cache.
3756 --
3757 -- If the top org does not have any subordinate orgs
3758 -- (ie, if l_temp_org_tbl contains no rows) it is
3759 -- necessary to verify that the top org does in fact
3760 -- exist in the hierarchy at all before adding it
3761 -- to the cache.
3762 --
3763 IF l_temp_org_tbl.COUNT > 0 THEN
3764 --
3765 -- The top org exists in the hierarchy so it is
3766 -- added straight into the cache.
3767 --
3768 IF g_dbg THEN op(l_proc, 60); END IF;
3769
3770 IF NOT g_org_tbl.EXISTS(p_top_organization_id) THEN
3771 g_org_tbl(p_top_organization_id) := TRUE;
3772 END IF;
3773
3774 ELSE
3775 --
3776 -- Verify that the top org exists in the hierarchy
3777 -- before adding it to the cache.
3778 --
3779 IF g_dbg THEN op(l_proc, 70); END IF;
3780
3781 OPEN csr_top_org_in_hier;
3782 FETCH csr_top_org_in_hier INTO l_dummy;
3783 IF csr_top_org_in_hier%FOUND THEN
3784 --
3785 -- The top org is in the hierarchy so add it
3786 -- to the cache.
3787 --
3788 IF g_dbg THEN op(l_proc, 80); END IF;
3789
3790 IF NOT g_org_tbl.EXISTS(p_top_organization_id) THEN
3791 g_org_tbl(p_top_organization_id) := TRUE;
3792 END IF;
3793 END IF;
3794 CLOSE csr_top_org_in_hier;
3795 END IF;
3796 END IF;
3797 END IF;
3798
3799 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
3800
3801 END add_hier_orgs_to_cache;
3802 --
3803 -- ----------------------------------------------------------------------------
3804 -- |----------------------< positions_org_visible >---------------------------|
3805 -- ----------------------------------------------------------------------------
3806 --
3807 FUNCTION positions_org_visible
3808 (p_position_id IN NUMBER
3809 ,p_effective_date IN DATE)
3810 RETURN BOOLEAN IS
3811
3812 --
3813 -- Local variables.
3814 --
3815 l_proc VARCHAR2(72) := g_package||'positions_org_visible';
3816 l_position_id NUMBER;
3817
3818 --
3819 -- Determines whether this position's organization is visible.
3820 --
3821 CURSOR csr_pos_org_visible IS
3822 SELECT hapf.position_id
3823 FROM hr_all_positions_f hapf
3824 WHERE hapf.position_id = p_position_id
3825 AND p_effective_date BETWEEN
3826 hapf.effective_start_date AND hapf.effective_end_date
3827 AND hr_security_internal.show_organization
3828 (hapf.organization_id) = 'TRUE';
3829
3830 BEGIN
3831
3832 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
3833
3834 IF p_position_id IS NOT NULL AND p_effective_date IS NOT NULL THEN
3835 OPEN csr_pos_org_visible;
3836 FETCH csr_pos_org_visible INTO l_position_id;
3837 CLOSE csr_pos_org_visible;
3838 END IF;
3839
3840 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
3841
3842 RETURN (l_position_id IS NOT NULL);
3843
3844 END positions_org_visible;
3845 --
3846 -- ----------------------------------------------------------------------------
3847 -- |----------------------< add_hier_pos_to_cache >---------------------------|
3848 -- ----------------------------------------------------------------------------
3849 --
3850 PROCEDURE add_hier_pos_to_cache
3851 (p_top_position_id IN NUMBER
3852 ,p_pos_structure_version_id IN NUMBER
3853 ,p_include_top_position_flag IN VARCHAR2
3854 ,p_effective_date IN DATE
3855 ,p_restricted_orgs IN BOOLEAN)
3856 IS
3857
3858 l_temp_pos_tbl g_number_t;
3859 l_proc VARCHAR2(72) := g_package||'add_hier_pos_to_cache';
3860 l_dummy NUMBER;
3861
3862 --
3863 -- Get the restricted positions in the hierarchy given a top
3864 -- position and a hierarchy version. This cursor uses
3865 -- organization security to only allow positions whose
3866 -- organization can be seen.
3867 --
3868 CURSOR csr_get_restricted_pos IS
3869 SELECT p.subordinate_position_id
3870 FROM per_pos_structure_elements p
3871 CONNECT BY p.parent_position_id = PRIOR p.subordinate_position_id
3872 AND p.pos_structure_version_id = PRIOR p.pos_structure_version_id
3873 START WITH p.parent_position_id = p_top_position_id
3874 AND p.pos_structure_version_id = p_pos_structure_version_id
3875 AND EXISTS
3876 (SELECT null
3877 FROM hr_all_positions_f hapf
3878 WHERE hapf.position_id = p.subordinate_position_id
3879 AND p_effective_date BETWEEN
3880 hapf.effective_start_date AND hapf.effective_end_date
3881 AND hr_security_internal.show_organization
3882 (hapf.organization_id) = 'TRUE');
3883
3884 --
3885 -- Get all the positions in the hierarchy given a top
3886 -- position and a hierarchy version. This cursor does
3887 -- not secure by organizations.
3888 --
3889 CURSOR csr_get_all_pos IS
3890 SELECT p.subordinate_position_id
3891 FROM per_pos_structure_elements p
3892 CONNECT BY p.parent_position_id = PRIOR p.subordinate_position_id
3893 AND p.pos_structure_version_id = PRIOR p.pos_structure_version_id
3894 START WITH p.parent_position_id = p_top_position_id
3895 AND p.pos_structure_version_id = p_pos_structure_version_id;
3896
3897 --
3898 -- Check if the top position is in the hierarchy.
3899 --
3900 CURSOR csr_top_pos_in_hier IS
3901 SELECT NULL
3902 FROM per_pos_structure_elements p
3903 WHERE p.pos_structure_version_id = p_pos_structure_version_id
3904 AND p.subordinate_position_id = p_top_position_id
3905 AND rownum = 1;
3906
3907 BEGIN
3908
3909 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
3910
3911 IF p_top_position_id IS NOT NULL AND
3912 p_pos_structure_version_id IS NOT NULL AND
3913 p_include_top_position_flag IS NOT NULL AND
3914 p_effective_date IS NOT NULL AND
3915 p_restricted_orgs IS NOT NULL THEN
3916 --
3917 -- Traverse the position hierarchy and fetch
3918 -- the positions into a temporary collection.
3919 -- If restricting on organizations, use a cursor
3920 -- that uses show_organization.
3921 --
3922 IF p_restricted_orgs THEN
3923 IF g_dbg THEN op(l_proc, 20); END IF;
3924 OPEN csr_get_restricted_pos;
3925 FETCH csr_get_restricted_pos BULK COLLECT INTO l_temp_pos_tbl;
3926 CLOSE csr_get_restricted_pos;
3927 ELSE
3928 IF g_dbg THEN op(l_proc, 30); END IF;
3929 OPEN csr_get_all_pos;
3930 FETCH csr_get_all_pos BULK COLLECT INTO l_temp_pos_tbl;
3931 CLOSE csr_get_all_pos;
3932 END IF;
3933
3934 IF g_dbg THEN op(l_proc, 40); END IF;
3935
3936 IF l_temp_pos_tbl.COUNT > 0 THEN
3937 --
3938 -- Enumerate through the temporary table and re-order
3939 -- the list of positions into the global cache so that the
3940 -- index is the pos_id. This allows for direct index
3941 -- access.
3942 --
3943 IF g_dbg THEN op(l_proc, 50); END IF;
3944
3945 FOR i IN l_temp_pos_tbl.FIRST..l_temp_pos_tbl.LAST LOOP
3946 IF NOT g_pos_tbl.EXISTS(l_temp_pos_tbl(i)) THEN
3947 g_pos_tbl(l_temp_pos_tbl(i)) := TRUE;
3948 END IF;
3949 END LOOP;
3950
3951 IF g_dbg THEN op(l_proc, 60); END IF;
3952
3953 IF p_include_top_position_flag = 'Y' AND
3954 ((NOT p_restricted_orgs) OR
3955 (p_restricted_orgs AND
3956 positions_org_visible(p_top_position_id, p_effective_date)))
3957 THEN
3958 --
3959 -- Add the top position into the cache.
3960 --
3961 IF g_dbg THEN op(l_proc, 70); END IF;
3962
3963 IF NOT g_pos_tbl.EXISTS(p_top_position_id) THEN
3964 g_pos_tbl(p_top_position_id) := TRUE;
3965 END IF;
3966 END IF;
3967 END IF;
3968
3969 IF g_dbg THEN op(l_proc, 60); END IF;
3970
3971 IF p_include_top_position_flag = 'Y' AND
3972 ((NOT p_restricted_orgs) OR
3973 (p_restricted_orgs AND
3974 positions_org_visible(p_top_position_id, p_effective_date)))
3975 THEN
3976 --
3977 -- Add the top position into the position cache.
3978 --
3979 -- The top position should only be added when it
3980 -- does actually exist in the position hierarchy
3981 -- and when the position's org is visible.
3982 --
3983 -- If there are other positions in the hierarchy (ie, if
3984 -- l_temp_pos_tbl contains any rows) the top position
3985 -- can be added immediately to the cache.
3986 --
3987 -- If the top pos does not have any subordinate positions
3988 -- (ie, if l_temp_pos_tbl contains no rows) it is
3989 -- necessary to verify that the top pos does in fact
3990 -- exist in the hierarchy at all before adding it
3991 -- to the cache.
3992 --
3993 IF l_temp_pos_tbl.COUNT > 0 THEN
3994 --
3995 -- The top pos exists in the hierarchy so it is
3996 -- added straight into the cache.
3997 --
3998 IF g_dbg THEN op(l_proc, 70); END IF;
3999
4000 IF NOT g_pos_tbl.EXISTS(p_top_position_id) THEN
4001 g_pos_tbl(p_top_position_id) := TRUE;
4002 END IF;
4003
4004 ELSE
4005 --
4006 -- Verify that the top pos exists in the hierarchy
4007 -- before adding it to the cache.
4008 --
4009 IF g_dbg THEN op(l_proc, 80); END IF;
4010
4011 OPEN csr_top_pos_in_hier;
4012 FETCH csr_top_pos_in_hier INTO l_dummy;
4013 IF csr_top_pos_in_hier%FOUND THEN
4014 --
4015 -- The top pos is in the hierarchy so add it
4016 -- to the cache.
4017 --
4018 IF g_dbg THEN op(l_proc, 90); END IF;
4019
4020 IF NOT g_pos_tbl.EXISTS(p_top_position_id) THEN
4021 g_pos_tbl(p_top_position_id) := TRUE;
4022 END IF;
4023 END IF;
4024 CLOSE csr_top_pos_in_hier;
4025 END IF;
4026 END IF;
4027 END IF;
4028
4029 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
4030
4031 END add_hier_pos_to_cache;
4032 --
4033 -- ----------------------------------------------------------------------------
4034 -- |----------------------< add_contacts_to_cache >---------------------------|
4035 -- ----------------------------------------------------------------------------
4036 --
4037 procedure add_contacts_to_cache(
4038 p_effective_date in date
4039 ,p_business_group_id in number
4040 ) is
4041 -- Local variables.
4042 l_proc varchar2(72) := g_package||'add_contacts_to_cache';
4043 l_temp_per_tbl g_number_t;
4044 l_temp_per_tbl2 g_boolean_t;
4045 i number;
4046 k number;
4047 -- Gets all the related contacts for a particular person.
4048 -- The contacts must not have any assignments because
4049 -- assignments are evaluated at an earlier point in the process.
4050 cursor csr_related_contacts(p_person_id in number) is
4051 select pcr.contact_person_id
4052 from per_contact_relationships pcr
4053 where pcr.person_id = p_person_id
4054 and p_effective_date between pcr.date_start
4055 and nvl(pcr.date_end, hr_api.g_eot)
4056 and not exists
4057 (select null
4058 from per_all_assignments_f paaf
4059 where paaf.person_id = pcr.contact_person_id
4060 and paaf.ASSIGNMENT_TYPE <> 'B'); -- Bug 4450149
4061 -- Gets all unrelated contacts (excluding the candidates - registered
4062 -- users from iRec) for the business group, or globally if using a global
4063 -- profile. The people cannot have any current or historical assignments.
4064 -- Here the numbers are checked instead of hitting per_all_assignments_f.
4065 cursor csr_unrelated_contacts is
4066 select distinct papf.person_id
4067 from per_all_people_f papf
4068 where (p_business_group_id is null or
4069 papf.business_group_id = p_business_group_id)
4070 and papf.employee_number is null
4071 and papf.npw_number is null
4072 and papf.applicant_number is null
4073 and not exists
4074 (select null
4075 from per_contact_relationships pcr
4076 where pcr.contact_person_id = papf.person_id)
4077 and not exists
4078 (select null
4079 from per_person_type_usages_f ptuf,
4080 per_person_types ppt
4081 where ppt.system_person_type = 'IRC_REG_USER'
4082 and ptuf.person_type_id = ppt.person_type_id
4083 and ptuf.person_id = papf.person_id);
4084 --
4085 begin
4086 --
4087 if g_dbg then op('Entering: '||l_proc, 1); end if;
4088 -- Only evaluate contact security if all the values are specified.
4089 if p_effective_date is not null then
4090 --
4091 if g_dbg then op(l_proc, 20); end if;
4092 --
4093 if g_per_tbl.count > 0 then
4094 -- Loop through all people already in the cache and
4095 -- add their related contacts to the list.
4096 i := g_per_tbl.first;
4097 --
4098 while i <= g_per_tbl.last loop
4099 --
4100 if g_dbg then op(l_proc||':'||to_char(i), 30); end if;
4101 --
4102 open csr_related_contacts(i);
4103 fetch csr_related_contacts bulk collect into l_temp_per_tbl;
4104 close csr_related_contacts;
4105 -- For any rows returned, restructure the results into a
4106 -- temporary table to avoid mutating the global table.
4107 -- The results are restructured so that the index is the person_id.
4108 if g_dbg then op(l_proc||':'||to_char(i), 40); end if;
4109 --
4110 if l_temp_per_tbl.count > 0 then
4111 --
4112 for j in l_temp_per_tbl.first..l_temp_per_tbl.last loop
4113 --
4114 if not l_temp_per_tbl2.exists(l_temp_per_tbl(j)) then
4115 l_temp_per_tbl2(l_temp_per_tbl(j)) := true;
4116 end if;
4117 --
4118 end loop;
4119 end if;
4120 -- Clear the table to free up memory before the next loop.
4121 if g_dbg then op(l_proc||':'||to_char(i), 50); end if;
4122 l_temp_per_tbl.delete;
4123 i := g_per_tbl.next(i);
4124 --
4125 end loop;
4126 --
4127 end if;
4128
4129 -- Fetch all unrelated contacts.
4130 if g_dbg then op(l_proc, 60); end if;
4131 open csr_unrelated_contacts;
4132 fetch csr_unrelated_contacts bulk collect into l_temp_per_tbl;
4133 close csr_unrelated_contacts;
4134 -- Add the related contacts to the cache.
4135 if g_dbg then op(l_proc, 70); end if;
4136 if l_temp_per_tbl2.count > 0 then
4137 -- Enumerate through the temporary table and add each
4138 -- person to the global cache.
4139 if g_dbg then op(l_proc, 80); end if;
4140 k := l_temp_per_tbl2.first;
4141 --
4142 while k <= l_temp_per_tbl2.last loop
4143 --
4144 if not g_per_tbl.exists(k) then
4145 g_per_tbl(k) := true;
4146 end if;
4147 k := l_temp_per_tbl2.next(k);
4148 --
4149 end loop;
4150 --
4151 end if;
4152
4153 -- Add the unrelated contacts to the cache.
4154 if g_dbg then op(l_proc, 90); end if;
4155 if l_temp_per_tbl.count > 0 then
4156 -- Enumerate through the temporary table and add in the list of
4157 -- unrelated contacts into the global cache cache so that the index
4158 -- is the per_id. This allows for direct index access.
4159 if g_dbg then op(l_proc, 100); end if;
4160 --
4161 for i in l_temp_per_tbl.first..l_temp_per_tbl.last loop
4162 --
4163 if not g_per_tbl.exists(l_temp_per_tbl(i)) then
4164 g_per_tbl(l_temp_per_tbl(i)) := true;
4165 end if;
4166 --
4167 end loop;
4168 --
4169 end if;
4170 --
4171 end if; -- End of effective date check
4172 --
4173 if g_dbg then op('Leaving: '||l_proc, 999); end if;
4174 --
4175 end add_contacts_to_cache;
4176 --
4177 -- ----------------------------------------------------------------------------
4178 -- |---------------------< add_candidates_to_cache >--------------------------|
4179 -- ----------------------------------------------------------------------------
4180 --
4181 procedure add_candidates_to_cache(
4182 p_effective_date in date
4183 ,p_business_group_id in number
4184 ) is
4185 -- Local variables.
4186 l_proc varchar2(72) := g_package||'add_candidates_to_cache';
4187 l_temp_per_tbl g_number_t;
4188 -- Get all candidates (registered through iRecruitment) and excluding
4189 -- related contacts if any.
4190 cursor csr_candidates is
4191 select ptuf.person_id
4192 from per_person_type_usages_f ptuf,
4193 per_person_types ppt
4194 where ppt.system_person_type = 'IRC_REG_USER'
4195 and ptuf.person_type_id = ppt.person_type_id
4196 and ppt.business_group_id + 0 = nvl(p_business_group_id,ppt.business_group_id)--fix for bug 5222441.
4197 and not exists
4198 (select null
4199 from per_all_assignments_f paaf
4200 where paaf.person_id = ptuf.person_id)
4201 and not exists
4202 (select null
4203 from per_contact_relationships pcr
4204 where pcr.contact_person_id = ptuf.person_id);
4205 --
4206 begin
4207 --
4208 if g_dbg then op('Entering: '||l_proc, 1); end if;
4209 -- Evaluate candidate security if all the values are specified.
4210 if p_effective_date is not null then
4211 --
4212 if g_dbg then op(l_proc, 20); end if;
4213 --
4214 open csr_candidates;
4215 fetch csr_candidates bulk collect into l_temp_per_tbl;
4216 close csr_candidates;
4217 --
4218 if l_temp_per_tbl.count > 0 then
4219 -- Enumerate through the temporary table and add in the list of
4220 -- candidates into the global cache, so that the index is the
4221 -- person_id. This allows for direct index access.
4222 if g_dbg then op(l_proc, 30); end if;
4223 --
4224 for i in l_temp_per_tbl.first..l_temp_per_tbl.last loop
4225 --
4226 if not g_per_tbl.exists(l_temp_per_tbl(i)) then
4227 g_per_tbl(l_temp_per_tbl(i)) := true;
4228 end if;
4229 --
4230 end loop;
4231 --
4232 end if;
4233 --
4234 if g_dbg then op(l_proc, 40); end if;
4235 --
4236 end if;
4237 --
4238 if g_dbg then op('Leaving: '||l_proc, 99); end if;
4239 --
4240 end add_candidates_to_cache;
4241
4242
4243
4244 procedure add_rtm_candidates_to_cache(
4245 p_sec_prof_rec IN g_sec_prof_r)
4246 is
4247 -- Local variables.
4248 l_proc varchar2(72) := g_package||'add_rtm_candidates_to_cache';
4249 l_temp_per_tbl g_number_t;
4250 l_temp_asg_tbl g_number_t;
4251 -- Get all applicants who applied to the vacancies of the logged in RTM
4252 --
4253 cursor csr_rtm_candidates(p_person_id number) is
4254 select paaf.person_id,paaf.assignment_id
4255 from per_all_people_f papf,
4256 per_all_assignments_f paaf,
4257 irc_rec_team_members irt
4258 where papf.person_id = paaf.person_id
4259 and nvl(paaf.vacancy_id,(select distinct vacancy_id from PER_VAC_LINKED_ASSIGNMENTS
4260 where tgt_apl_asg_id=paaf.assignment_id and rownum<2)) = irt.vacancy_id
4261 and sysdate between paaf.effective_start_date and paaf.effective_end_date
4262 and sysdate between papf.effective_start_date and papf.effective_end_date
4263 and paaf.assignment_type in('A','O')
4264 and irt.person_id = p_person_id;
4265 begin
4266 --
4267 if g_dbg then op('Entering: '||l_proc, 1); end if;
4268 --
4269 if g_dbg then op(l_proc, 20); end if;
4270 --
4271 open csr_rtm_candidates(hr_security.get_person_id);
4272 fetch csr_rtm_candidates bulk collect into l_temp_per_tbl,l_temp_asg_tbl;
4273 close csr_rtm_candidates;
4274 --
4275 if l_temp_per_tbl.count > 0 then
4276 -- Enumerate through the temporary table and add in the list of
4277 -- candidates into the global cache, so that the index is the
4278 -- person_id. This allows for direct index access.
4279 if g_dbg then op(l_proc, 30); end if;
4280 --
4281 for i in l_temp_per_tbl.first..l_temp_per_tbl.last loop
4282 --
4283 if not g_per_tbl.exists(l_temp_per_tbl(i)) then
4284 g_per_tbl(l_temp_per_tbl(i)) := true;
4285 end if;
4286 --
4287 IF p_sec_prof_rec.restrict_on_individual_asg = 'Y' and
4288 l_temp_asg_tbl.COUNT > 0 THEN
4289 -- Enumerate through the temporary table and re-order
4290 -- the list of asgs into the global cache so that the
4291 -- index is the asg_id. This allows for direct index access.
4292 FOR j IN l_temp_asg_tbl.FIRST..l_temp_asg_tbl.LAST LOOP
4293 IF NOT g_asg_tbl.EXISTS(l_temp_asg_tbl(j)) THEN
4294 g_asg_tbl(l_temp_asg_tbl(j)) := l_temp_per_tbl(i);
4295 END IF;
4296 END LOOP;
4297 END IF;
4298 --
4299 end loop;
4300 --
4301 end if;
4302 --
4303 if g_dbg then op(l_proc, 40); end if;
4304 --
4305 --
4306 if g_dbg then op('Leaving: '||l_proc, 99); end if;
4307 --
4308 end add_rtm_candidates_to_cache;
4309
4310 --
4311 -- ----------------------------------------------------------------------------
4312 -- |----------------------< add_remove_bgs_for_orgs >-------------------------|
4313 -- ----------------------------------------------------------------------------
4314 --
4315 PROCEDURE add_remove_bgs_for_orgs
4316 (p_exclude_business_groups_flag IN VARCHAR2
4317 ,p_business_group_id IN NUMBER)
4318 IS
4319
4320 --
4321 -- Local variables.
4322 --
4323 l_proc VARCHAR2(72) := g_package||'add_remove_bgs_for_orgs';
4324 l_bg_id NUMBER;
4325 i NUMBER;
4326 j NUMBER := 1;
4327 l_temp_org_tbl g_number_t;
4328
4329 --
4330 -- Get the business group given a particular organization.
4331 -- This is used in global hierarchies when business groups should
4332 -- be included or excluded.
4333 --
4334 CURSOR csr_get_bg_for_org
4335 (p_organization_id IN NUMBER)
4336 IS
4337 SELECT o.business_group_id
4338 FROM hr_all_organization_units o
4339 WHERE o.organization_id = p_organization_id;
4340
4341 BEGIN
4342
4343 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
4344
4345 IF p_business_group_id IS NOT NULL THEN
4346 --
4347 -- The profile is Business Group specific.
4348 --
4349 IF g_dbg THEN op(l_proc, 20); END IF;
4350
4351 IF NVL(p_exclude_business_groups_flag, 'N') = 'Y' THEN
4352 --
4353 -- The business groups should be excluded.
4354 --
4355 -- This is a local profile so at most there can only
4356 -- be one business group in the hierachy, and if it
4357 -- is in the hierarchy it is by definition the top org.
4358 -- When building the hierarchy, the top org is excluded
4359 -- unless "Include Top Organization" is ticked. In the
4360 -- case of local profiles, it makes no sense to tick
4361 -- both "Include Top Organization" and "Exclude Business
4362 -- Groups" because the two contradict each other.
4363 -- Nevertheless, we explicitly remove the BG in this case.
4364 --
4365 IF g_dbg THEN op(l_proc, 30); END IF;
4366
4367 IF g_org_tbl.EXISTS(p_business_group_id) THEN
4368 g_org_tbl.DELETE(p_business_group_id);
4369 END IF;
4370
4371 ELSIF NVL(p_exclude_business_groups_flag, 'N') = 'N' THEN
4372 --
4373 -- The business groups should not be excluded, which means
4374 -- they should be explicitly included.
4375 -- As this is a local profile, the BG of the profile can
4376 -- simply be added to the cache.
4377 --
4378 IF g_dbg THEN op(l_proc, 40); END IF;
4379
4380 IF NOT g_org_tbl.EXISTS(p_business_group_id) THEN
4381 g_org_tbl(p_business_group_id) := TRUE;
4382 END IF;
4383 END IF;
4384
4385 ELSIF p_business_group_id IS NULL THEN
4386 --
4387 -- The profile is global. The business group for each
4388 -- org in the hierarchy must be added or removed, depending
4389 -- on the exclude Business Groups flag.
4390 --
4391 -- Unfortunately, there is no quick way of finding out the
4392 -- BGs for the orgs in the cache without fetching the BG for
4393 -- each org. The BG could be retrieved in the hierarchy tree-
4394 -- walk by joining to hr_all_organization_units but this would
4395 -- be an unnecessary hit where global profiles are not used.
4396 -- Instead, the BG for each org is retrieved separately here.
4397 --
4398 IF g_dbg THEN op(l_proc, 50); END IF;
4399
4400 IF g_org_tbl.COUNT > 0 THEN
4401 --
4402 -- Loop through each org in the cache.
4403 --
4404 IF g_dbg THEN op(l_proc, 60); END IF;
4405
4406 i := g_org_tbl.FIRST;
4407
4408 WHILE i <= g_org_tbl.LAST LOOP
4409 --
4410 -- Fetch the business group for this org.
4411 --
4412 OPEN csr_get_bg_for_org (i);
4413 FETCH csr_get_bg_for_org INTO l_bg_id;
4414 CLOSE csr_get_bg_for_org;
4415
4416 IF g_dbg THEN op(l_proc||'('||to_char(i)||')', 70); END IF;
4417
4418 IF l_bg_id IS NOT NULL THEN
4419 --
4420 -- Store the business group in a temporary table to avoid
4421 -- mutating the global cache. l_bg_id should always be
4422 -- populated but this is wrapped in an IF statement to
4423 -- avoid data corruption issues.
4424 --
4425 l_temp_org_tbl(j) := l_bg_id;
4426 j := j + 1;
4427 END IF;
4428 i := g_org_tbl.NEXT(i);
4429 END LOOP;
4430 END IF;
4431
4432 IF g_dbg THEN op(l_proc, 80); END IF;
4433
4434 IF l_temp_org_tbl.COUNT > 0 THEN
4435 --
4436 -- Add / remove each business group from the global org cache.
4437 --
4438 IF g_dbg THEN op(l_proc, 90); END IF;
4439
4440 FOR i IN l_temp_org_tbl.FIRST..l_temp_org_tbl.LAST LOOP
4441 --
4442 -- For each business group...
4443 --
4444 IF NVL(p_exclude_business_groups_flag, 'N') = 'Y' THEN
4445 --
4446 -- The business group against this org should be
4447 -- excluded from the cache if it exists.
4448 --
4449 IF g_dbg THEN op(l_proc||'('||to_char(i)||')', 100); END IF;
4450
4451 IF g_org_tbl.EXISTS(l_temp_org_tbl(i)) THEN
4452 g_org_tbl.DELETE(l_temp_org_tbl(i));
4453 END IF;
4454
4455 ELSIF NVL(p_exclude_business_groups_flag, 'N') = 'N' THEN
4456 --
4457 -- The business group against this org should be
4458 -- added to the cache if it's not already there.
4459 --
4460 IF g_dbg THEN op(l_proc||'('||to_char(i)||')', 110); END IF;
4461
4462 IF NOT g_org_tbl.EXISTS(l_temp_org_tbl(i)) THEN
4463 g_org_tbl(l_temp_org_tbl(i)) := TRUE;
4464 END IF;
4465 END IF;
4466 END LOOP;
4467 END IF;
4468 END IF;
4469
4470 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
4471
4472 END add_remove_bgs_for_orgs;
4473 --
4474 -- ----------------------------------------------------------------------------
4475 -- |----------------------< add_incl_remove_excl_orgs >-----------------------|
4476 -- ----------------------------------------------------------------------------
4477 --
4478 PROCEDURE add_incl_remove_excl_orgs
4479 (p_security_profile_id IN NUMBER)
4480 IS
4481
4482 --
4483 -- Local variables.
4484 --
4485 l_proc VARCHAR2(72) := g_package||'add_incl_remove_excl_orgs';
4486
4487 --
4488 -- Gets the discrete list of orgs specified in the security profile.
4489 -- The parameter should always contain a value (i.e., be not null)
4490 -- but verify this anyway.
4491 -- Ordering is in descending order so that the include organizations
4492 -- come first and exclude orgs come second: this is the correct
4493 -- functional order, that is, if an org is both include and exclude
4494 -- it will be included and then removed so will not be visible.
4495 --
4496 CURSOR csr_get_discrete_orgs IS
4497 SELECT organization_id
4498 ,entry_type
4499 FROM per_security_organizations
4500 WHERE p_security_profile_id IS NOT NULL
4501 AND security_profile_id = p_security_profile_id
4502 ORDER BY entry_type DESC;
4503
4504 BEGIN
4505
4506 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
4507
4508 IF p_security_profile_id IS NOT NULL THEN
4509 --
4510 -- Add the include organizations. Here a bulk collect
4511 -- is not typically necessary because the volumes per
4512 -- security profile will not be significant.
4513 --
4514 IF g_dbg THEN op(l_proc, 20); END IF;
4515
4516 FOR org_rec IN csr_get_discrete_orgs LOOP
4517 --
4518 -- Add the "Include" organizations to the cached org
4519 -- list; remove the "Exclude" organizations from the
4520 -- cached list. All include orgs are added before any
4521 -- org is removed (see the ORDER BY in the cursor).
4522 --
4523 IF org_rec.entry_type = 'I' THEN
4524 IF g_dbg THEN op(l_proc||' I: ', org_rec.organization_id);
4525 END IF;
4526 IF NOT g_org_tbl.EXISTS(org_rec.organization_id) THEN
4527 g_org_tbl(org_rec.organization_id) := TRUE;
4528 END IF;
4529 ELSIF org_rec.entry_type = 'E' THEN
4530 IF g_dbg THEN op(l_proc||' E: ', org_rec.organization_id);
4531 END IF;
4532 IF g_org_tbl.EXISTS(org_rec.organization_id) THEN
4533 g_org_tbl.DELETE(org_rec.organization_id);
4534 END IF;
4535 END IF;
4536 END LOOP;
4537 END IF;
4538
4539 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
4540
4541 END add_incl_remove_excl_orgs;
4542 --
4543 -- ----------------------------------------------------------------------------
4544 -- |----------------------< and_clause >--------------------------------------|
4545 -- ----------------------------------------------------------------------------
4546 --
4547 FUNCTION and_clause(p_str IN VARCHAR2, p_append IN VARCHAR2) RETURN VARCHAR2 IS
4548
4549 BEGIN
4550
4551 --
4552 -- Private utility function, used to build an 'OR' predicate.
4553 --
4554 IF p_str IS null OR p_append IS null THEN
4555 RETURN(p_str || p_append);
4556 ELSE
4557 RETURN(p_str||' AND '||p_append);
4558 END IF;
4559
4560 END and_clause;
4561 --
4562 --
4563 -- ----------------------------------------------------------------------------
4564 -- |----------------------< or_clause >---------------------------------------|
4565 -- ----------------------------------------------------------------------------
4566 --
4567 FUNCTION or_clause(p_str IN VARCHAR2, p_append IN VARCHAR2) RETURN VARCHAR2 IS
4568
4569 BEGIN
4570
4571 --
4572 -- Private utility function, used to build an 'OR' predicate.
4573 --
4574 IF p_str IS null OR p_append IS null THEN
4575 RETURN(p_str || p_append);
4576 ELSE
4577 RETURN(p_str||' OR '||p_append);
4578 END IF;
4579
4580 END or_clause;
4581 --
4582 -- ----------------------------------------------------------------------------
4583 -- |----------------------< add_brackets >------------------------------------|
4584 -- ----------------------------------------------------------------------------
4585 --
4586 FUNCTION add_brackets(p_str IN VARCHAR2) RETURN VARCHAR2 IS
4587
4588 BEGIN
4589
4590 --
4591 -- Private utility function that wraps the passed in string in brackets.
4592 --
4593 IF p_str IS NOT null THEN
4594 RETURN('('||p_str||')');
4595 ELSE
4596 RETURN(p_str);
4597 END IF;
4598
4599 END add_brackets;
4600 --
4601 -- ----------------------------------------------------------------------------
4602 -- |----------------------< add_people_to_cache >-----------------------------|
4603 -- ----------------------------------------------------------------------------
4604 --
4605 PROCEDURE add_people_to_cache
4606 (p_top_person_id IN NUMBER
4607 ,p_effective_date IN DATE
4608 ,p_sec_prof_rec IN g_sec_prof_r
4609 ,p_use_static_lists IN BOOLEAN)
4610 IS
4611 -- Local type definitions.
4612 TYPE l_csr_type IS REF CURSOR;
4613 -- Exceptions.
4614 loop_in_user_data EXCEPTION;
4615 PRAGMA EXCEPTION_INIT(loop_in_user_data, -01436);
4616 -- Fix for bug#13430866
4617 invalid_column_name EXCEPTION;
4618 PRAGMA EXCEPTION_INIT(invalid_column_name,-00904);
4619 -- Fix for bug#13430866
4620
4621 -- Local variables.
4622 l_proc VARCHAR2(72) := g_package||'add_people_to_cache';
4623 l_org_restriction VARCHAR2(1) := 'N';
4624 l_pos_restriction VARCHAR2(1) := 'N';
4625 l_pay_restriction VARCHAR2(1) := 'N';
4626 l_custom_per per_security_profiles.custom_restriction_flag%TYPE;
4627 l_temp_asg_tbl g_number_t;
4628 l_temp_per_tbl g_number_t;
4629 l_ex_emp_security varchar2(1) := 'N';
4630 l_supervisor_levels NUMBER;
4631
4632 -- Added for Bug 8465433
4633 l_temp_vac_asg_tbl g_number_t;
4634 l_temp_vac_per_tbl g_number_t;
4635 l_vac_sql_str VARCHAR2(32767);
4636 l_vac_csr l_csr_type;
4637
4638 --
4639 -- Dynamic SQL variables.
4640 --
4641 l_custom_y_set BOOLEAN := FALSE;
4642 l_custom_u_set BOOLEAN := FALSE;
4643 l_sup_hier_set BOOLEAN := TRUE;
4644 l_sql_str VARCHAR2(32767);
4645 l_exec_str_print VARCHAR2(32767);
4646 l_select_from_clause VARCHAR2(1000);
4647 l_where_clause VARCHAR2(31567);
4648 l_temp_clause VARCHAR2(31567);
4649 l_connect_clause VARCHAR2(2000); -- bug 5105261
4650 l_asg_types_y_or_n VARCHAR2(200);
4651 l_asg_types_y VARCHAR2(200);
4652 l_asg_types_n VARCHAR2(200);
4653 l_cnt BINARY_INTEGER;
4654 l_csr l_csr_type;
4655 --
4656 -- Re-used Dynamic SQL strings
4657 --
4658 l_emp_str VARCHAR2(32) := 'hr_asg.assignment_type = ''E''';
4659 l_cwk_str VARCHAR2(32) := 'hr_asg.assignment_type = ''C''';
4660 l_apl_str VARCHAR2(32) := 'hr_asg.assignment_type = ''A''';
4661 l_org_str VARCHAR2(150) :=
4662 'hr_security_internal.show_organization(hr_asg.organization_id) = ''TRUE''';
4663 l_pos_str VARCHAR2(150) :=
4664 '(hr_asg.position_id IS NULL OR hr_security_internal.show_position(hr_asg.position_id) = ''TRUE'')';
4665 l_pay_str VARCHAR2(150) :=
4666 '(hr_security_internal.show_payroll(hr_asg.payroll_id) = ''TRUE'')';
4667 -- '(hr_asg.payroll_id IS NULL OR hr_security_internal.show_payroll(hr_asg.payroll_id) = ''TRUE'')'; -- Modified the statement for bug 11737636.
4668
4669 --- Bug # 12739699 ---
4670 l_paaf_name varchar2(30) := 'per_all_assignments_f';
4671 --- Bug # 12739699 ---
4672 BEGIN
4673
4674 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
4675
4676 --
4677 -- Only evaluate person security if all the values are specified.
4678 --
4679 IF p_effective_date IS NOT NULL
4680 AND p_sec_prof_rec.security_profile_id IS NOT NULL
4681 THEN
4682 -- Query for the Security Profile Option set for Ex-Employee.
4683 -- fnd_profile.get('PER_EX_SECURITY_PROFILE',l_ex_emp_security);
4684 fnd_profile.get(
4685 NAME => 'PER_EX_SECURITY_PROFILE'
4686 ,VAL => l_ex_emp_security);
4687 IF g_dbg THEN hr_utility.trace( 'Ex-Employee Profile Value= '||l_ex_emp_security); END IF;
4688
4689 IF g_dbg THEN op(l_proc, 10); END IF;
4690 --
4691 -- Set the restricted flags.
4692 --
4693 IF restricted_orgs(p_sec_prof_rec) THEN
4694 l_org_restriction := 'Y';
4695 END IF;
4696 IF restricted_pos(p_sec_prof_rec) THEN
4697 l_pos_restriction := 'Y';
4698 END IF;
4699 IF restricted_pays(p_sec_prof_rec) THEN
4700 l_pay_restriction := 'Y';
4701 END IF;
4702
4703 --
4704 -- Set the custom restriction flag.
4705 --
4706 l_custom_per := NVL(p_sec_prof_rec.custom_restriction_flag, 'N');
4707
4708 --
4709 -- Force custom security to be evaluated on the fly
4710 -- where appropriate.
4711 --
4712 IF l_custom_per = 'Y' AND
4713 (NOT p_use_static_lists
4714 OR (l_org_restriction = 'Y' AND
4715 NVL(p_sec_prof_rec.top_organization_method, 'N') = 'U')
4716 OR (l_pos_restriction = 'Y' AND
4717 NVL(p_sec_prof_rec.top_position_method, 'N') = 'U'))
4718 THEN
4719 --
4720 -- Although custom security is not user-based (it is static),
4721 -- the static list cannot be used because either:
4722 -- a) the profile option permits the use of static lists
4723 -- b) user-based org security is in use
4724 -- c) user-based pos security is in use.
4725 --
4726 -- In these circumstances, force custom security to be
4727 -- evaluated on the fly.
4728 --
4729 l_custom_per := 'U';
4730
4731 END IF;
4732
4733 IF g_dbg THEN op(l_proc, 20); END IF;
4734
4735 --
4736 -- Set the skeleton SELECT..FROM clause.
4737 --
4738 -- Fetch the visible people and assignments, applying the
4739 -- various different security restrictions before allowing
4740 -- them to be returned.
4741 -- This does not return ex-people (ex-employees, etc) and
4742 -- it does not return contacts.
4743 --
4744 -- Bug 3686545
4745 -- When restrict_on_individual_asg flag on security profile is set
4746 -- then custom security should be evaluated as user based because
4747 -- listgen currently does not maintain static assignment list.
4748 --
4749
4750 --- Bug # 12739699 ---
4751 if NVL(fnd_profile.value('PER_SECURITY_ENHANCER'),'N') = 'PERF_ASG' then
4752 l_paaf_name := 'per_all_assignments_f_perf';
4753 else
4754 l_paaf_name := 'per_all_assignments_f';
4755 end if;
4756 --- Bug # 12739699 ---
4757
4758 l_select_from_clause :=
4759 'SELECT hr_asg.assignment_id
4760 ,hr_asg.person_id
4761 FROM '||l_paaf_name||' hr_asg '; --Fix For Bug # 12739699
4762
4763 /*-- Check for the Supervisor Security --*/
4764 /* -- In the New enhancement we are ignoring the supervisor security from
4765 showing the Ex-Employee and Future Employee records (New enhancement)
4766 This If condition will check whether the Supervisor Security is
4767 Present or Not.
4768 If there is Supervisorvisor Security Present do not change any thing
4769 This is functioning as it was in previous.
4770 */
4771 IF nvl(p_sec_prof_rec.restrict_by_supervisor_flag, 'N') = 'Y'
4772 OR nvl(p_sec_prof_rec.restrict_by_supervisor_flag, 'N') = 'A' THEN
4773 l_sup_hier_set := TRUE;
4774 ELSE
4775 l_sup_hier_set := FALSE;
4776 END IF;
4777 --
4778 -- Only evaluate person security if all the values are specified.
4779 --
4780 IF NOT l_sup_hier_set and l_ex_emp_security= 'Y' THEN
4781
4782 /*--- Supervisor Security is not present ---*/
4783 IF g_dbg THEN hr_utility.trace( 'Supervisor Security is Not present'); END IF;
4784
4785 --
4786 -- Set the skeleton WHERE clause.
4787 --
4788 /* Where clause is modified for the enhancement
4789 In the where clause,
4790 1. To see the Ex-Employee`s
4791 2. To see the Future Employees. */
4792 l_where_clause :=
4793 ' WHERE /* Active Employee */
4794 (:effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date
4795 /* Ex-Employee */
4796 or (hr_asg.effective_end_date < :effective_date
4797 and not exists
4798 ( select null from '||l_paaf_name||' papf
4799 where papf.person_id = hr_asg.person_id
4800 and papf.assignment_type in (''A'',''C'',''E'')
4801 and papf.effective_end_date >= :effective_date )
4802 )
4803 /* End Ex-Employee */
4804 /* Future Employee */
4805 or ( hr_asg.effective_start_date > :effective_date
4806 and not exists
4807 ( select null from '||l_paaf_name||' papf
4808 where papf.person_id = hr_asg.person_id
4809 and papf.assignment_type in (''A'',''C'',''E'')
4810 and papf.effective_start_date < hr_asg.effective_start_date )
4811 )
4812 /* End Future Employee */
4813 )';
4814
4815 IF g_dbg THEN op(l_proc, 30); END IF;
4816
4817 --
4818 -- Build strings that can be used to select
4819 -- allowable assignment types.
4820 --
4821 IF p_sec_prof_rec.view_all_employees_flag = 'Y' THEN
4822 l_asg_types_y := or_clause(l_asg_types_y, l_emp_str);
4823 ELSIF p_sec_prof_rec.view_all_employees_flag = 'N' THEN
4824 l_asg_types_n := or_clause(l_asg_types_n, l_emp_str);
4825 END IF;
4826
4827 IF p_sec_prof_rec.view_all_cwk_flag = 'Y' THEN
4828 l_asg_types_y := or_clause(l_asg_types_y, l_cwk_str);
4829 ELSIF p_sec_prof_rec.view_all_cwk_flag = 'N' THEN
4830 l_asg_types_n := or_clause(l_asg_types_n, l_cwk_str);
4831 END IF;
4832
4833 IF p_sec_prof_rec.view_all_applicants_flag = 'Y' THEN
4834 l_asg_types_y := or_clause(l_asg_types_y, l_apl_str);
4835 ELSIF p_sec_prof_rec.view_all_applicants_flag = 'N' THEN
4836 l_asg_types_n := or_clause(l_asg_types_n, l_apl_str);
4837 END IF;
4838
4839 --
4840 -- Add brackets to the strings that have just been built.
4841 --
4842 l_asg_types_y_or_n := add_brackets(or_clause(l_asg_types_y, l_asg_types_n));
4843 l_asg_types_y := add_brackets(l_asg_types_y);
4844 l_asg_types_n := add_brackets(l_asg_types_n);
4845
4846 IF g_dbg THEN op(l_proc, 40); END IF;
4847
4848 --
4849 -- Allow all 'View All' and 'Restricted' assignment types
4850 -- but no 'View None' ('X') types.
4851 --
4852 IF l_asg_types_y_or_n IS NULL THEN
4853 --
4854 -- All assignment types must be 'X' so prevent
4855 -- any rows from being returned.
4856 --
4857 l_where_clause := and_clause(l_where_clause, 'rownum < 1');
4858 ELSE
4859 l_where_clause := and_clause(l_where_clause, l_asg_types_y_or_n);
4860 END IF;
4861
4862 IF g_dbg THEN op(l_proc, 50); END IF;
4863
4864 --
4865 -- Restrict to primary assignments only if set.
4866 --
4867 IF p_sec_prof_rec.exclude_secondary_asgs_flag = 'Y' THEN
4868 l_where_clause := and_clause(l_where_clause, 'hr_asg.primary_flag = ''Y''');
4869 END IF;
4870
4871 IF g_dbg THEN op(l_proc, 55); END IF;
4872
4873 --
4874 -- Restrict by business group if the profile is local.
4875 --
4876 -- Note: the business group restriction is only added when there
4877 -- is no supervisor restriction. Functionally, this is a bug
4878 -- because global profiles should be used instead of local profiles
4879 -- but security has always behaved like that so adding this restriction
4880 -- will cause havoc in customers' security profile setup.
4881 --
4882 IF p_sec_prof_rec.business_group_id IS NOT null AND
4883 NVL(p_sec_prof_rec.restrict_by_supervisor_flag, 'N') = 'N' THEN
4884 l_where_clause := and_clause (l_where_clause,
4885 'hr_asg.business_group_id = '||p_sec_prof_rec.business_group_id);
4886 END IF;
4887
4888 IF g_dbg THEN op(l_proc, 60); END IF;
4889
4890 --
4891 -- If there are any restrictions to org, pos, pay or custom then
4892 -- apply them here - but only to assignment types that are 'Restricted'.
4893 --
4894 IF l_asg_types_n IS NOT null AND
4895 (l_org_restriction = 'Y' OR l_pos_restriction = 'Y' OR
4896 l_pay_restriction = 'Y' OR l_custom_per = 'Y' OR l_custom_per = 'U')
4897 THEN
4898 IF g_dbg THEN op(l_proc, 65); END IF;
4899 --
4900 -- Restrict by organization.
4901 --
4902 IF g_dbg THEN op(l_proc, 70); END IF;
4903 IF l_org_restriction = 'Y' THEN
4904 l_temp_clause := and_clause(l_temp_clause, l_org_str);
4905 END IF;
4906 --
4907 -- Restrict by position.
4908 --
4909 IF g_dbg THEN op(l_proc, 75); END IF;
4910 IF l_pos_restriction = 'Y' THEN
4911 l_temp_clause := and_clause(l_temp_clause, l_pos_str);
4912 END IF;
4913 --
4914 -- Restrict by payroll.
4915 --
4916 IF g_dbg THEN op(l_proc, 80); END IF;
4917 IF l_pay_restriction = 'Y' THEN
4918 l_temp_clause := and_clause(l_temp_clause, l_pay_str);
4919 END IF;
4920 --
4921 -- Restrict by custom (static).
4922 --
4923 IF g_dbg THEN op(l_proc, 85); END IF;
4924 IF ((p_sec_prof_rec.restrict_on_individual_asg IS NULL OR
4925 p_sec_prof_rec.restrict_on_individual_asg = 'N') AND
4926 l_custom_per = 'Y') THEN
4927 l_temp_clause := and_clause(l_temp_clause,
4928 'EXISTS
4929 (SELECT null
4930 FROM per_person_list ppl
4931 WHERE ppl.security_profile_id = :security_profile_id
4932 AND ppl.person_id = hr_asg.person_id)');
4933 l_custom_y_set := TRUE;
4934 END IF;
4935 --
4936 -- Restrict by custom (user-based).
4937 --
4938 IF g_dbg THEN op(l_proc, 90); END IF;
4939 IF ((p_sec_prof_rec.restrict_on_individual_asg IS NOT NULL AND
4940 p_sec_prof_rec.restrict_on_individual_asg = 'Y') OR
4941 l_custom_per = 'U') AND
4942 p_sec_prof_rec.restriction_text IS NOT NULL THEN
4943 --
4944 -- Check if the custom restriction is using the PERSON or PERSON_TYPE
4945 -- table aliases. If they are, do the full sub-select otherwise
4946 -- substitute the ASSIGNMENT alias for asg and run the SQL as an
4947 -- in-line predicate.
4948 --
4949 IF instr(upper(p_sec_prof_rec.restriction_text), 'PERSON.') = 0 AND
4950 instr(upper(p_sec_prof_rec.restriction_text), 'PERSON_TYPE.') = 0
4951 THEN
4952 --
4953 -- Added upper() clause for bug 5048562.
4954 --
4955 l_temp_clause := and_clause(l_temp_clause
4956 ,replace(upper(p_sec_prof_rec.restriction_text)
4957 ,'ASSIGNMENT.', 'hr_asg.'));
4958 ELSE
4959 /* -- The l_temp_clause is changed for the enhancement */
4960 l_temp_clause := and_clause(l_temp_clause, and_clause(
4961 'EXISTS (SELECT NULL
4962 FROM '||l_paaf_name||' ASSIGNMENT,
4963 per_all_people_f PERSON,
4964 per_person_type_usages_f PERSON_TYPE
4965 WHERE ASSIGNMENT.rowid = hr_asg.rowid
4966 AND ASSIGNMENT.ASSIGNMENT_ID = hr_asg.assignment_id
4967 AND ASSIGNMENT.ASSIGNMENT_TYPE IN (''A'',''C'',''E'')
4968 /* For the bug 6196437 */
4969 AND PERSON.person_id = ASSIGNMENT.person_id
4970 AND (
4971 /* Active Employee */
4972 :effective_date
4973 BETWEEN PERSON.effective_start_date AND PERSON.effective_end_date
4974 or /* Future Employee */
4975 PERSON.effective_start_date > :effective_date)
4976 AND PERSON.person_id = PERSON_TYPE.person_id
4977 AND ( /* Active Employee */
4978 :effective_date BETWEEN
4979 PERSON_TYPE.effective_start_date AND PERSON_TYPE.effective_end_date
4980 or /* Future Employee */
4981 PERSON_TYPE.effective_start_date > :effective_date)',
4982 p_sec_prof_rec.restriction_text||')'));
4983 l_custom_u_set := TRUE;
4984 END IF;
4985 END IF;
4986
4987 IF g_dbg THEN op(l_proc, 95); END IF;
4988
4989 --
4990 -- Merge the above restrictions into l_where_clause.
4991 --
4992 IF l_asg_types_y IS NOT null THEN
4993 --
4994 -- For workers that are 'Y' include those rows without checking
4995 -- the restrictions.
4996 --
4997 IF g_dbg THEN op(l_proc, 100); END IF;
4998 l_where_clause := and_clause
4999 (l_where_clause, add_brackets
5000 (or_clause(l_asg_types_y, add_brackets(l_temp_clause))));
5001 ELSE
5002 --
5003 -- l_asg_types_y is null, which means asg types are either
5004 -- 'Restricted' (in which case the above conditions must run for
5005 -- all rows) or 'None' (which are filtered out earlier).
5006 --
5007 IF g_dbg THEN op(l_proc, 105); END IF;
5008 l_where_clause := and_clause (l_where_clause, l_temp_clause);
5009 END IF;
5010 IF g_dbg THEN op(l_proc, 110); END IF;
5011 END IF;
5012
5013 IF g_dbg THEN op(l_proc, 140); END IF;
5014 --
5015 -- Piece the SQL statement together.
5016 --
5017 l_sql_str := l_select_from_clause || l_where_clause || l_connect_clause;
5018
5019 IF g_dbg THEN
5020 hr_utility.trace( 'No Supervisor Security is present');
5021 hr_utility.trace('***************************************************');
5022 l_exec_str_print:= l_sql_str;
5023 while length(l_exec_str_print)>0 loop
5024 hr_utility.trace(substr(l_exec_str_print,1,70));
5025 l_exec_str_print:=substr(l_exec_str_print,71);
5026 end loop;
5027 hr_utility.trace('***************************************************');
5028 End if;
5029
5030 IF g_dbg THEN op(l_proc, 150); END IF;
5031 --
5032 -- Open cursor, bulk fetch all the rows and close
5033 -- branching on dynamic binds.
5034 -- Do not to pass p_top_person_id.
5035 --
5036 /*-- Depending on the Security Profile Setup
5037 We are opening the cusroer by passing the
5038 bind variables.
5039 As For enhancement we added more date clause for
5040 Ex-EMployee and Future Employee so we modified the
5041 bind variables accordingly. */
5042 IF l_custom_y_set THEN
5043 OPEN l_csr FOR l_sql_str
5044 USING p_effective_date,
5045 p_effective_date,
5046 p_effective_date,
5047 p_effective_date,
5048 p_sec_prof_rec.security_profile_id;
5049 ELSIF l_custom_u_set THEN
5050 OPEN l_csr FOR l_sql_str
5051 USING p_effective_date,
5052 p_effective_date,
5053 p_effective_date,
5054 p_effective_date,
5055 p_effective_date,
5056 p_effective_date,
5057 p_effective_date,
5058 p_effective_date;
5059 ELSE
5060 OPEN l_csr FOR l_sql_str
5061 USING p_effective_date,
5062 p_effective_date,
5063 p_effective_date,
5064 p_effective_date;
5065 END IF;
5066
5067 IF g_dbg THEN op(l_proc, 170); END IF;
5068
5069 --
5070 -- Oracle 8/8i does not support BULK COLLECT of a dynamic PL/SQL
5071 -- statement.
5072 --
5073 IF hr_general2.get_oracle_db_version >= 9 THEN
5074 --
5075 -- Oracle 9+ being used so perform a BULK COLLECT.
5076 --
5077 FETCH l_csr BULK COLLECT INTO l_temp_asg_tbl
5078 ,l_temp_per_tbl;
5079 ELSE
5080 --
5081 -- Pre Oracle 9 so fetch each row individually.
5082 --
5083 l_cnt := 1;
5084 LOOP
5085 --
5086 -- A Pre Oracle 9 DB is being used so LOOP through,
5087 -- fetching each row.
5088 --
5089 FETCH l_csr INTO l_temp_asg_tbl(l_cnt), l_temp_per_tbl(l_cnt);
5090 EXIT WHEN l_csr%NOTFOUND;
5091 l_cnt := l_cnt + 1;
5092 END LOOP;
5093 END IF;
5094 CLOSE l_csr;
5095
5096 IF g_dbg THEN op(l_proc, 180); END IF;
5097
5098 IF l_temp_asg_tbl.COUNT > 0 THEN
5099 --
5100 -- Enumerate through the temporary table and re-order
5101 -- the list of asgs into the global cache so that the
5102 -- index is the asg_id. This allows for direct index
5103 -- access.
5104 --
5105 IF g_dbg THEN op(l_proc, 190); END IF;
5106 FOR i IN l_temp_asg_tbl.FIRST..l_temp_asg_tbl.LAST LOOP
5107 IF NOT g_asg_tbl.EXISTS(l_temp_asg_tbl(i)) THEN
5108 g_asg_tbl(l_temp_asg_tbl(i)) := l_temp_per_tbl(i);
5109 END IF;
5110 END LOOP;
5111
5112 --
5113 -- Enumerate through the temporary table and re-order
5114 -- the list of pers into the global cache so that the
5115 -- index is the per_id. This allows for direct index
5116 -- access.
5117 --
5118 IF g_dbg THEN op(l_proc, 200); END IF;
5119 FOR i IN l_temp_per_tbl.FIRST..l_temp_per_tbl.LAST LOOP
5120 IF NOT g_per_tbl.EXISTS(l_temp_per_tbl(i)) THEN
5121 g_per_tbl(l_temp_per_tbl(i)) := TRUE;
5122 END IF;
5123 END LOOP;
5124 END IF;
5125 ELSE
5126 /*-- SUPERVISOR SECURITY IS SET */
5127
5128 IF (hr_security.g_IS_SSHR = 1) THEN
5129 l_supervisor_levels := 2;
5130 IF g_dbg THEN
5131 hr_utility.trace('Call made from SSHR - Supervisor Level - '||l_supervisor_levels);
5132 END IF;
5133
5134 ELSE
5135 l_supervisor_levels := p_sec_prof_rec.supervisor_levels;
5136 IF g_dbg THEN
5137 hr_utility.trace('Call not made from SSHR - Supervisor Level - '||l_supervisor_levels);
5138 END IF;
5139 END IF;
5140
5141
5142 IF g_dbg THEN
5143 hr_utility.trace( 'Supervisor Security is present or HR: Ex-Employee Security Profile Option is not Set');
5144 END IF;
5145 --
5146 -- Set the skeleton WHERE clause.
5147 --
5148 l_where_clause :=
5149 ' WHERE :effective_date BETWEEN
5150 hr_asg.effective_start_date AND hr_asg.effective_end_date';
5151
5152 IF g_dbg THEN op(l_proc, 30); END IF;
5153
5154 --
5155 -- Build strings that can be used to select
5156 -- allowable assignment types.
5157 --
5158 IF p_sec_prof_rec.view_all_employees_flag = 'Y' THEN
5159 l_asg_types_y := or_clause(l_asg_types_y, l_emp_str);
5160 ELSIF p_sec_prof_rec.view_all_employees_flag = 'N' THEN
5161 l_asg_types_n := or_clause(l_asg_types_n, l_emp_str);
5162 END IF;
5163
5164 IF p_sec_prof_rec.view_all_cwk_flag = 'Y' THEN
5165 l_asg_types_y := or_clause(l_asg_types_y, l_cwk_str);
5166 ELSIF p_sec_prof_rec.view_all_cwk_flag = 'N' THEN
5167 l_asg_types_n := or_clause(l_asg_types_n, l_cwk_str);
5168 END IF;
5169
5170 IF p_sec_prof_rec.view_all_applicants_flag = 'Y' THEN
5171 l_asg_types_y := or_clause(l_asg_types_y, l_apl_str);
5172 ELSIF p_sec_prof_rec.view_all_applicants_flag = 'N' THEN
5173 l_asg_types_n := or_clause(l_asg_types_n, l_apl_str);
5174 END IF;
5175
5176 --
5177 -- Add brackets to the strings that have just been built.
5178 --
5179 l_asg_types_y_or_n := add_brackets(or_clause(l_asg_types_y, l_asg_types_n));
5180 l_asg_types_y := add_brackets(l_asg_types_y);
5181 l_asg_types_n := add_brackets(l_asg_types_n);
5182
5183 IF g_dbg THEN op(l_proc, 40); END IF;
5184
5185 --
5186 -- Allow all 'View All' and 'Restricted' assignment types
5187 -- but no 'View None' ('X') types.
5188 --
5189 IF l_asg_types_y_or_n IS NULL THEN
5190 --
5191 -- All assignment types must be 'X' so prevent
5192 -- any rows from being returned.
5193 --
5194 l_where_clause := and_clause(l_where_clause, 'rownum < 1');
5195 ELSE
5196 l_where_clause := and_clause(l_where_clause, l_asg_types_y_or_n);
5197 END IF;
5198
5199 IF g_dbg THEN op(l_proc, 50); END IF;
5200
5201 --
5202 -- Restrict to primary assignments only if set.
5203 --
5204 IF p_sec_prof_rec.exclude_secondary_asgs_flag = 'Y' THEN
5205 l_where_clause := and_clause(l_where_clause, 'hr_asg.primary_flag = ''Y''');
5206 END IF;
5207
5208 IF g_dbg THEN op(l_proc, 55); END IF;
5209
5210 --
5211 -- Restrict by business group if the profile is local.
5212 --
5213 -- Note: the business group restriction is only added when there
5214 -- is no supervisor restriction. Functionally, this is a bug
5215 -- because global profiles should be used instead of local profiles
5216 -- but security has always behaved like that so adding this restriction
5217 -- will cause havoc in customers' security profile setup.
5218 --
5219 IF p_sec_prof_rec.business_group_id IS NOT null AND
5220 NVL(p_sec_prof_rec.restrict_by_supervisor_flag, 'N') = 'N' THEN
5221 l_where_clause := and_clause (l_where_clause,
5222 'hr_asg.business_group_id = '||p_sec_prof_rec.business_group_id);
5223 END IF;
5224
5225 IF g_dbg THEN op(l_proc, 60); END IF;
5226
5227 --
5228 -- If there are any restrictions to org, pos, pay or custom then
5229 -- apply them here - but only to assignment types that are 'Restricted'.
5230 --
5231 IF l_asg_types_n IS NOT null AND
5232 (l_org_restriction = 'Y' OR l_pos_restriction = 'Y' OR
5233 l_pay_restriction = 'Y' OR l_custom_per = 'Y' OR l_custom_per = 'U')
5234 THEN
5235 IF g_dbg THEN op(l_proc, 65); END IF;
5236 --
5237 -- Restrict by organization.
5238 --
5239 IF g_dbg THEN op(l_proc, 70); END IF;
5240 IF l_org_restriction = 'Y' THEN
5241 l_temp_clause := and_clause(l_temp_clause, l_org_str);
5242 END IF;
5243 --
5244 -- Restrict by position.
5245 --
5246 IF g_dbg THEN op(l_proc, 75); END IF;
5247 IF l_pos_restriction = 'Y' THEN
5248 l_temp_clause := and_clause(l_temp_clause, l_pos_str);
5249 END IF;
5250 --
5251 -- Restrict by payroll.
5252 --
5253 IF g_dbg THEN op(l_proc, 80); END IF;
5254 IF l_pay_restriction = 'Y' THEN
5255 l_temp_clause := and_clause(l_temp_clause, l_pay_str);
5256 END IF;
5257 --
5258 -- Restrict by custom (static).
5259 --
5260 IF g_dbg THEN op(l_proc, 85); END IF;
5261 IF ((p_sec_prof_rec.restrict_on_individual_asg IS NULL OR
5262 p_sec_prof_rec.restrict_on_individual_asg = 'N') AND
5263 l_custom_per = 'Y') THEN
5264 l_temp_clause := and_clause(l_temp_clause,
5265 'EXISTS
5266 (SELECT null
5267 FROM per_person_list ppl
5268 WHERE ppl.security_profile_id = :security_profile_id
5269 AND ppl.person_id = hr_asg.person_id)');
5270 l_custom_y_set := TRUE;
5271 END IF;
5272 --
5273 -- Restrict by custom (user-based).
5274 --
5275 IF g_dbg THEN op(l_proc, 90); END IF;
5276 IF ((p_sec_prof_rec.restrict_on_individual_asg IS NOT NULL AND
5277 p_sec_prof_rec.restrict_on_individual_asg = 'Y') OR
5278 l_custom_per = 'U') AND
5279 p_sec_prof_rec.restriction_text IS NOT NULL THEN
5280 --
5281 -- Check if the custom restriction is using the PERSON or PERSON_TYPE
5282 -- table aliases. If they are, do the full sub-select otherwise
5283 -- substitute the ASSIGNMENT alias for asg and run the SQL as an
5284 -- in-line predicate.
5285 --
5286 IF instr(upper(p_sec_prof_rec.restriction_text), 'PERSON.') = 0 AND
5287 instr(upper(p_sec_prof_rec.restriction_text), 'PERSON_TYPE.') = 0
5288 THEN
5289 --
5290 -- Added upper() clause for bug 5048562.
5291 --
5292 l_temp_clause := and_clause(l_temp_clause
5293 ,replace(upper(p_sec_prof_rec.restriction_text)
5294 ,'ASSIGNMENT.', 'hr_asg.'));
5295 ELSE
5296 l_temp_clause := and_clause(l_temp_clause, and_clause(
5297 'EXISTS (SELECT NULL
5298 FROM '||l_paaf_name||' ASSIGNMENT,
5299 per_all_people_f PERSON,
5300 per_person_type_usages_f PERSON_TYPE
5301 WHERE ASSIGNMENT.rowid = hr_asg.rowid
5302 AND ASSIGNMENT.ASSIGNMENT_ID = hr_asg.assignment_id /* For the bug 6196437 */
5303 AND PERSON.person_id = ASSIGNMENT.person_id
5304 AND :effective_date
5305 BETWEEN PERSON.effective_start_date AND PERSON.effective_end_date
5306 AND PERSON.person_id = PERSON_TYPE.person_id
5307 AND :effective_date BETWEEN
5308 PERSON_TYPE.effective_start_date AND
5309 PERSON_TYPE.effective_end_date',
5310 p_sec_prof_rec.restriction_text||')'));
5311 l_custom_u_set := TRUE;
5312 END IF;
5313 END IF;
5314
5315 IF g_dbg THEN op(l_proc, 95); END IF;
5316
5317 --
5318 -- Merge the above restrictions into l_where_clause.
5319 --
5320 IF l_asg_types_y IS NOT null THEN
5321 --
5322 -- For workers that are 'Y' include those rows without checking
5323 -- the restrictions.
5324 --
5325 IF g_dbg THEN op(l_proc, 100); END IF;
5326 l_where_clause := and_clause
5327 (l_where_clause, add_brackets
5328 (or_clause(l_asg_types_y, add_brackets(l_temp_clause))));
5329 ELSE
5330 --
5331 -- l_asg_types_y is null, which means asg types are either
5332 -- 'Restricted' (in which case the above conditions must run for
5333 -- all rows) or 'None' (which are filtered out earlier).
5334 --
5335 IF g_dbg THEN op(l_proc, 105); END IF;
5336 l_where_clause := and_clause (l_where_clause, l_temp_clause);
5337 END IF;
5338 IF g_dbg THEN op(l_proc, 110); END IF;
5339 END IF;
5340
5341 IF g_dbg THEN op(l_proc, 120); END IF;
5342
5343 IF nvl(p_sec_prof_rec.restrict_by_supervisor_flag, 'N') = 'Y' THEN
5344 --
5345 -- Add the connect by clause to traverse the supervisor
5346 -- hierarchy by person_id.
5347 --
5348 -- added 'O' for bug 7476561
5349 IF g_dbg THEN op(l_proc, 125); END IF;
5350 -- effective date condition in connect by and start with added for bug 5105261
5351 /*
5352 l_connect_clause :=
5353 ' CONNECT BY hr_asg.supervisor_id = PRIOR person_id
5354 and hr_asg.assignment_type <> ''B''
5355 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date
5356 AND LEVEL <= NVL(:supervisor_levels, LEVEL) + 1
5357 START WITH hr_asg.person_id = :top_person_id
5358 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date';
5359
5360 -- added for the bug 5647930
5361 l_connect_clause := ' CONNECT BY hr_asg.supervisor_id = PRIOR person_id
5362 a and hr_asg.assignment_type not in (''B'',''O'')
5363 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date
5364 AND LEVEL <= NVL(:supervisor_levels, LEVEL) + 1';
5365
5366 IF p_sec_prof_rec.exclude_secondary_asgs_flag = 'Y' THEN
5367 l_connect_clause := l_connect_clause || ' and hr_asg.primary_flag = ''Y''';
5368 END IF;
5369
5370 l_connect_clause := l_connect_clause || ' START WITH hr_asg.person_id = :top_person_id
5371 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date';
5372 -- end of bug 5647930
5373 */
5374 -- re added the code so that the fix goes into R12 branch line
5375 -- added for the bug 5647930
5376 l_connect_clause := ' CONNECT BY hr_asg.supervisor_id = PRIOR person_id
5377 and hr_asg.assignment_type not in (''B'',''O'')
5378 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date
5379 AND LEVEL <= NVL(:supervisor_levels, LEVEL) + 1';
5380
5381 IF p_sec_prof_rec.exclude_secondary_asgs_flag = 'Y' THEN
5382 l_connect_clause := l_connect_clause || ' and hr_asg.primary_flag = ''Y''';
5383 END IF;
5384
5385 l_connect_clause := l_connect_clause || ' START WITH hr_asg.person_id = :top_person_id
5386 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date';
5387 -- end of bug 5647930
5388 --
5389 ELSIF nvl(p_sec_prof_rec.restrict_by_supervisor_flag, 'N') = 'A' THEN
5390 --
5391 -- Add the connect by clause to traverse the supervisor
5392 -- hierarchy by assignment_id.
5393 --
5394 -- effective date condition in connect by and start with added for bug 5105261
5395 /*
5396 IF g_dbg THEN op(l_proc, 130); END IF;
5397 l_connect_clause :=
5398 ' CONNECT BY hr_asg.supervisor_assignment_id = PRIOR assignment_id
5399 and hr_asg.assignment_type not in (''B'',''O'')
5400 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date
5401 AND LEVEL <= NVL(:supervisor_levels, LEVEL) + 1
5402 START WITH hr_asg.person_id = :top_person_id
5403 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date';
5404
5405 --
5406 -- added for the bug 5647930
5407 IF g_dbg THEN op(l_proc, 130); END IF;
5408 l_connect_clause := ' CONNECT BY hr_asg.supervisor_assignment_id = PRIOR assignment_id
5409 and hr_asg.assignment_type <> ''B''
5410 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date
5411 AND LEVEL <= NVL(:supervisor_levels, LEVEL) + 1';
5412
5413 IF p_sec_prof_rec.exclude_secondary_asgs_flag = 'Y' THEN
5414 l_connect_clause := l_connect_clause || ' and hr_asg.primary_flag = ''Y''';
5415 END IF;
5416
5417 l_connect_clause := l_connect_clause || ' START WITH hr_asg.person_id = :top_person_id
5418 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date';
5419 --
5420 -- end of bug 5647930
5421 --
5422 */
5423 -- For R12 Branch line
5424 -- added for the bug 5647930
5425 IF g_dbg THEN op(l_proc, 130); END IF;
5426 l_connect_clause := ' CONNECT BY hr_asg.supervisor_assignment_id = PRIOR assignment_id
5427 and hr_asg.assignment_type not in (''B'',''O'')
5428 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date
5429 AND LEVEL <= NVL(:supervisor_levels, LEVEL) + 1';
5430
5431 IF p_sec_prof_rec.exclude_secondary_asgs_flag = 'Y' THEN
5432 l_connect_clause := l_connect_clause || ' and hr_asg.primary_flag = ''Y''';
5433 END IF;
5434
5435 l_connect_clause := l_connect_clause || ' START WITH hr_asg.person_id = :top_person_id
5436 and :effective_date BETWEEN hr_asg.effective_start_date AND hr_asg.effective_end_date';
5437 --
5438 -- end of bug 5647930
5439 --
5440 ELSE
5441 l_sup_hier_set := FALSE;
5442 END IF;
5443
5444 IF g_dbg THEN op(l_proc, 140); END IF;
5445
5446 --
5447 -- Piece the SQL statement together.
5448 --
5449 l_sql_str := l_select_from_clause || l_where_clause || l_connect_clause;
5450
5451 IF g_dbg THEN op(l_sql_str); END IF;
5452 IF g_dbg THEN op(l_proc, 150); END IF;
5453
5454 IF l_sup_hier_set THEN
5455 l_vac_sql_str := replace(l_sql_str,'(''B'',''O'')','(''B'',''O'',''A'')');
5456
5457 IF g_dbg THEN op(l_vac_sql_str); END IF;
5458 IF g_dbg THEN op(l_proc, 151); END IF;
5459 END IF;
5460
5461 --
5462 -- Trace bind variables.
5463 --
5464 IF g_dbg THEN
5465 op(':effective_date: '||to_char(p_effective_date));
5466 op(':security_profile_id: '||to_char(p_sec_prof_rec.security_profile_id));
5467 op(':supervisor_levels: '||to_char(p_sec_prof_rec.supervisor_levels));
5468 op(':top_person_id: '||to_char(p_top_person_id));
5469 END IF;
5470
5471 --
5472 -- Open cursor, bulk fetch all the rows and close
5473 -- branching on dynamic binds.
5474 --
5475 IF l_sup_hier_set THEN
5476 --
5477 -- Need to pass p_top_person_id for supervisor hierarchy tree-walk.
5478 --
5479 IF g_dbg THEN op(l_proc, 155); END IF;
5480 IF l_custom_y_set THEN
5481 OPEN l_csr FOR l_sql_str
5482 USING p_effective_date,
5483 p_sec_prof_rec.security_profile_id,
5484 p_effective_date, -- bug 5105261
5485 --p_sec_prof_rec.supervisor_levels,
5486 l_supervisor_levels,
5487 p_top_person_id,
5488 p_effective_date; -- bug 5105261
5489
5490 -- Added for Bug 8353429
5491
5492 OPEN l_vac_csr FOR l_vac_sql_str
5493 USING p_effective_date,
5494 p_sec_prof_rec.security_profile_id,
5495 p_effective_date,
5496 --p_sec_prof_rec.supervisor_levels,
5497 l_supervisor_levels,
5498 p_top_person_id,
5499 p_effective_date;
5500
5501 ELSIF l_custom_u_set THEN
5502 OPEN l_csr FOR l_sql_str
5503 USING p_effective_date,
5504 p_effective_date,
5505 p_effective_date,
5506 p_effective_date, -- bug 5105261
5507 --p_sec_prof_rec.supervisor_levels,
5508 l_supervisor_levels,
5509 p_top_person_id,
5510 p_effective_date; -- bug 5105261
5511
5512 -- Added for Bug 8353429
5513
5514 OPEN l_vac_csr FOR l_vac_sql_str
5515 USING p_effective_date,
5516 p_effective_date,
5517 p_effective_date,
5518 p_effective_date,
5519 --p_sec_prof_rec.supervisor_levels,
5520 l_supervisor_levels,
5521 p_top_person_id,
5522 p_effective_date;
5523
5524 ELSE
5525 OPEN l_csr FOR l_sql_str
5526 USING p_effective_date,
5527 p_effective_date, -- bug 5105261
5528 --p_sec_prof_rec.supervisor_levels,
5529 l_supervisor_levels,
5530 p_top_person_id,
5531 p_effective_date; -- bug 5105261
5532
5533 -- Added for Bug 8353429
5534
5535 OPEN l_vac_csr FOR l_vac_sql_str
5536 USING p_effective_date,
5537 p_effective_date,
5538 --p_sec_prof_rec.supervisor_levels,
5539 l_supervisor_levels,
5540 p_top_person_id,
5541 p_effective_date;
5542
5543 END IF;
5544 ELSE
5545 --
5546 -- Do not to pass p_top_person_id.
5547 --
5548 IF g_dbg THEN op(l_proc, 160); END IF;
5549 IF l_custom_y_set THEN
5550 OPEN l_csr FOR l_sql_str
5551 USING p_effective_date,
5552 p_sec_prof_rec.security_profile_id;
5553 ELSIF l_custom_u_set THEN
5554 OPEN l_csr FOR l_sql_str
5555 USING p_effective_date,
5556 p_effective_date,
5557 p_effective_date;
5558 ELSE
5559 OPEN l_csr FOR l_sql_str
5560 USING p_effective_date;
5561 END IF;
5562 END IF;
5563
5564 IF g_dbg THEN op(l_proc, 170); END IF;
5565
5566 --
5567 -- Oracle 8/8i does not support BULK COLLECT of a dynamic PL/SQL
5568 -- statement.
5569 --
5570 IF hr_general2.get_oracle_db_version >= 9 THEN
5571 --
5572 -- Oracle 9+ being used so perform a BULK COLLECT.
5573 --
5574 FETCH l_csr BULK COLLECT INTO l_temp_asg_tbl
5575 ,l_temp_per_tbl;
5576
5577 -- Added for Bug 8353429
5578 IF l_sup_hier_set THEN
5579 FETCH l_vac_csr BULK COLLECT INTO l_temp_vac_asg_tbl
5580 ,l_temp_vac_per_tbl;
5581 END IF;
5582
5583 ELSE
5584 --
5585 -- Pre Oracle 9 so fetch each row individually.
5586 --
5587 l_cnt := 1;
5588 LOOP
5589 --
5590 -- A Pre Oracle 9 DB is being used so LOOP through,
5591 -- fetching each row.
5592 --
5593 FETCH l_csr INTO l_temp_asg_tbl(l_cnt), l_temp_per_tbl(l_cnt);
5594 EXIT WHEN l_csr%NOTFOUND;
5595 l_cnt := l_cnt + 1;
5596 END LOOP;
5597 END IF;
5598 CLOSE l_csr;
5599
5600 -- Added for Bug 8353429
5601 IF l_sup_hier_set THEN
5602 CLOSE l_vac_csr;
5603 END IF;
5604
5605 IF g_dbg THEN op(l_proc, 180); END IF;
5606
5607 IF l_temp_asg_tbl.COUNT > 0 THEN
5608 --
5609 -- Enumerate through the temporary table and re-order
5610 -- the list of asgs into the global cache so that the
5611 -- index is the asg_id. This allows for direct index
5612 -- access.
5613 --
5614 IF g_dbg THEN op(l_proc, 190); END IF;
5615 FOR i IN l_temp_asg_tbl.FIRST..l_temp_asg_tbl.LAST LOOP
5616 IF NOT g_asg_tbl.EXISTS(l_temp_asg_tbl(i)) THEN
5617 g_asg_tbl(l_temp_asg_tbl(i)) := l_temp_per_tbl(i);
5618 END IF;
5619 END LOOP;
5620
5621 --
5622 -- Enumerate through the temporary table and re-order
5623 -- the list of pers into the global cache so that the
5624 -- index is the per_id. This allows for direct index
5625 -- access.
5626 --
5627 IF g_dbg THEN op(l_proc, 200); END IF;
5628 FOR i IN l_temp_per_tbl.FIRST..l_temp_per_tbl.LAST LOOP
5629 IF NOT g_per_tbl.EXISTS(l_temp_per_tbl(i)) THEN
5630 g_per_tbl(l_temp_per_tbl(i)) := TRUE;
5631 END IF;
5632 END LOOP;
5633
5634 END IF;
5635
5636 -- Added for Bug 8353429
5637 IF l_sup_hier_set THEN
5638 IF l_temp_vac_asg_tbl.COUNT > 0 THEN
5639 IF g_dbg THEN op(l_proc, 5190); END IF;
5640
5641 FOR i IN l_temp_vac_asg_tbl.FIRST..l_temp_vac_asg_tbl.LAST LOOP
5642 IF NOT g_vac_asg_tbl.EXISTS(l_temp_vac_asg_tbl(i))
5643 AND g_asg_tbl.EXISTS(l_temp_vac_asg_tbl(i)) THEN
5644 g_vac_asg_tbl(l_temp_vac_asg_tbl(i)) := l_temp_vac_per_tbl(i);
5645 END IF;
5646 END LOOP;
5647
5648 IF g_dbg THEN op(l_proc, 5200); END IF;
5649
5650 FOR i IN l_temp_vac_per_tbl.FIRST..l_temp_vac_per_tbl.LAST LOOP
5651 IF NOT g_vac_per_tbl.EXISTS(l_temp_vac_per_tbl(i))
5652 AND g_per_tbl.EXISTS(l_temp_vac_per_tbl(i)) THEN
5653 g_vac_per_tbl(l_temp_vac_per_tbl(i)) := TRUE;
5654 END IF;
5655 END LOOP;
5656 END IF;
5657 END IF;
5658 End IF;
5659 END IF;
5660 IF g_dbg THEN op('Leaving: '||l_proc, 970); END IF;
5661
5662 EXCEPTION
5663
5664 WHEN no_data_found THEN
5665 --
5666 -- Close the cursor if open to avoid leaking.
5667 --
5668 IF l_csr%isopen THEN
5669 CLOSE l_csr;
5670 END IF;
5671 IF g_dbg THEN op('Leaving: '||l_proc, 993); END IF;
5672
5673 WHEN loop_in_user_data THEN
5674 --
5675 -- Close the cursor if open to avoid leaking.
5676 --
5677 IF l_csr%isopen THEN
5678 CLOSE l_csr;
5679 END IF;
5680 IF g_dbg THEN op('Leaving: '||l_proc, 996); END IF;
5681 fnd_message.set_name('PER','PER_449800_ORA_1436');
5682 fnd_message.raise_error;
5683
5684 -- Fix for bug#13430866
5685 WHEN invalid_column_name THEN
5686 -- Close the cursor if open to avoid leaking.
5687 --
5688 IF l_csr%isopen THEN
5689 CLOSE l_csr;
5690 END IF;
5691 IF g_dbg THEN op('Leaving: '||l_proc, 997); END IF;
5692 fnd_message.set_name('PER','PER_500020_SEC_ENH_INV_COL');
5693 fnd_message.raise_error;
5694 -- Fix for bug#13430866
5695
5696 WHEN others THEN
5697 --
5698 -- Close the cursor if open to avoid leaking.
5699 --
5700 IF l_csr%isopen THEN
5701 CLOSE l_csr;
5702 END IF;
5703 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
5704 RAISE;
5705
5706 END add_people_to_cache;
5707
5708 --
5709 -- ----------------------------------------------------------------------------
5710 -- |----------------------< add_static_orgs_to_cache >------------------------|
5711 -- ----------------------------------------------------------------------------
5712 --
5713 PROCEDURE add_static_orgs_to_cache
5714 (p_user_id IN NUMBER
5715 ,p_security_profile_id IN NUMBER
5716 ,p_top_organization_method IN VARCHAR2)
5717 IS
5718
5719 --
5720 -- Local variables.
5721 --
5722 l_temp_org_tbl g_number_t;
5723 l_proc VARCHAR2(72) := g_package||'add_static_orgs_to_cache';
5724
5725 --
5726 -- Fetch all the organizations in the static org list
5727 -- for the given user.
5728 -- As there is a user and security profile pair, this
5729 -- allows for scenarios whereby a single user has multiple
5730 -- secured responsibilities, each attached to a different
5731 -- security profile and therefore different access rights.
5732 --
5733 CURSOR csr_get_static_orgs_for_user IS
5734 SELECT pol.organization_id
5735 FROM per_organization_list pol
5736 WHERE pol.security_profile_id IS NOT NULL
5737 AND pol.user_id IS NOT NULL
5738 AND pol.security_profile_id = p_security_profile_id
5739 AND pol.user_id = p_user_id;
5740
5741 --
5742 -- Fetch the organizations in the static org list for this profile.
5743 -- This cursor is used when user-based org security is
5744 -- not in use.
5745 --
5746 CURSOR csr_get_static_orgs IS
5747 SELECT pol.organization_id
5748 FROM per_organization_list pol
5749 WHERE pol.security_profile_id IS NOT NULL
5750 AND pol.user_id IS NULL
5751 AND pol.security_profile_id = p_security_profile_id;
5752
5753 BEGIN
5754
5755 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
5756
5757 --
5758 -- Verify that the necessary parameters have a value.
5759 --
5760 IF p_user_id IS NOT NULL AND
5761 p_security_profile_id IS NOT NULL THEN
5762 --
5763 -- If this is user-based, look for a user and
5764 -- security profile pair. Generally speaking, the static
5765 -- user lists will only be cached when it is known that
5766 -- this user is in the list of users to build static
5767 -- lists for AND they have rows in per_organization_list.
5768 --
5769 IF g_dbg THEN op(l_proc, 20); END IF;
5770
5771 IF NVL(p_top_organization_method, 'S') = 'U' THEN
5772 --
5773 -- Get the user's visible orgs by bulk collecting into a
5774 -- temporary collection.
5775 --
5776 IF g_dbg THEN op(l_proc, 30); END IF;
5777
5778 OPEN csr_get_static_orgs_for_user;
5779 FETCH csr_get_static_orgs_for_user BULK COLLECT INTO l_temp_org_tbl;
5780 CLOSE csr_get_static_orgs_for_user;
5781
5782 IF g_dbg THEN op(l_proc, 40); END IF;
5783
5784 ELSE
5785 --
5786 -- Get the visible orgs for the profile by bulk collecting
5787 -- into a temporary collection.
5788 --
5789 IF g_dbg THEN op(l_proc, 50); END IF;
5790
5791 OPEN csr_get_static_orgs;
5792 FETCH csr_get_static_orgs BULK COLLECT INTO l_temp_org_tbl;
5793 CLOSE csr_get_static_orgs;
5794
5795 IF g_dbg THEN op(l_proc, 60); END IF;
5796
5797 END IF;
5798
5799 IF l_temp_org_tbl.COUNT > 0 THEN
5800 --
5801 -- Enumerate through the temporary table and re-order
5802 -- the list of orgs into the global cache so that the
5803 -- index is the org_id. This allows for direct index
5804 -- access.
5805 --
5806 IF g_dbg THEN op(l_proc, 70); END IF;
5807
5808 FOR i IN l_temp_org_tbl.FIRST..l_temp_org_tbl.LAST LOOP
5809 IF NOT g_org_tbl.EXISTS(l_temp_org_tbl(i)) THEN
5810 g_org_tbl(l_temp_org_tbl(i)) := TRUE;
5811 END IF;
5812 END LOOP;
5813 END IF;
5814 END IF;
5815
5816 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
5817
5818 END add_static_orgs_to_cache;
5819 --
5820 -- ----------------------------------------------------------------------------
5821 -- |----------------------< add_static_pos_to_cache >-------------------------|
5822 -- ----------------------------------------------------------------------------
5823 --
5824 PROCEDURE add_static_pos_to_cache
5825 (p_user_id IN NUMBER
5826 ,p_security_profile_id IN NUMBER
5827 ,p_top_position_method IN VARCHAR2)
5828 IS
5829
5830 --
5831 -- Local variables.
5832 --
5833 l_temp_pos_tbl g_number_t;
5834 l_proc VARCHAR2(72) := g_package||'add_static_pos_to_cache';
5835
5836 --
5837 -- Fetch all the positions in the static pos list
5838 -- for the given user.
5839 -- As there is a user and security profile pair, this
5840 -- allows for scenarios whereby a single user has multiple
5841 -- secured responsibilities, each attached to a different
5842 -- security profile and therefore different access rights.
5843 --
5844 CURSOR csr_get_static_pos_for_user IS
5845 SELECT ppl.position_id
5846 FROM per_position_list ppl
5847 WHERE ppl.security_profile_id IS NOT NULL
5848 AND ppl.user_id IS NOT NULL
5849 AND ppl.security_profile_id = p_security_profile_id
5850 AND ppl.user_id = p_user_id;
5851
5852 --
5853 -- Fetch the positions in the static pos list for this profile.
5854 -- This cursor is used when user-based pos security is
5855 -- not in use.
5856 --
5857 CURSOR csr_get_static_pos IS
5858 SELECT ppl.position_id
5859 FROM per_position_list ppl
5860 WHERE ppl.security_profile_id IS NOT NULL
5861 AND ppl.user_id IS NULL
5862 AND ppl.security_profile_id = p_security_profile_id;
5863
5864 BEGIN
5865
5866 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
5867
5868 --
5869 -- Verify that the necessary parameters have a value.
5870 --
5871 IF p_user_id IS NOT NULL AND
5872 p_security_profile_id IS NOT NULL THEN
5873 --
5874 -- If this is user-based, look for a user and
5875 -- security profile pair. Generally speaking, the static
5876 -- user lists will only be cached when it is known that
5877 -- this user is in the list of users to build static
5878 -- lists for AND they have rows in per_position_list.
5879 --
5880 IF g_dbg THEN op(l_proc, 20); END IF;
5881
5882 IF NVL(p_top_position_method, 'S') = 'U' THEN
5883 --
5884 -- Get the user's visible positions by bulk collecting into a
5885 -- temporary collection.
5886 --
5887 IF g_dbg THEN op(l_proc, 30); END IF;
5888
5889 OPEN csr_get_static_pos_for_user;
5890 FETCH csr_get_static_pos_for_user BULK COLLECT INTO l_temp_pos_tbl;
5891 CLOSE csr_get_static_pos_for_user;
5892
5893 IF g_dbg THEN op(l_proc, 40); END IF;
5894
5895 ELSE
5896 --
5897 -- Get the visible positions for the profile by bulk collecting
5898 -- into a temporary collection.
5899 --
5900 IF g_dbg THEN op(l_proc, 50); END IF;
5901
5902 OPEN csr_get_static_pos;
5903 FETCH csr_get_static_pos BULK COLLECT INTO l_temp_pos_tbl;
5904 CLOSE csr_get_static_pos;
5905
5906 IF g_dbg THEN op(l_proc, 60); END IF;
5907
5908 END IF;
5909
5910 IF l_temp_pos_tbl.COUNT > 0 THEN
5911 --
5912 -- Enumerate through the temporary table and re-order
5913 -- the list of positions into the global cache so that the
5914 -- index is the pos_id. This allows for direct index
5915 -- access.
5916 --
5917 IF g_dbg THEN op(l_proc, 70); END IF;
5918
5919 FOR i IN l_temp_pos_tbl.FIRST..l_temp_pos_tbl.LAST LOOP
5920 IF NOT g_pos_tbl.EXISTS(l_temp_pos_tbl(i)) THEN
5921 g_pos_tbl(l_temp_pos_tbl(i)) := TRUE;
5922 END IF;
5923 END LOOP;
5924 END IF;
5925 END IF;
5926
5927 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
5928
5929 END add_static_pos_to_cache;
5930 --
5931 -- ----------------------------------------------------------------------------
5932 -- |----------------------< add_static_pay_to_cache >-------------------------|
5933 -- ----------------------------------------------------------------------------
5934 --
5935 PROCEDURE add_static_pay_to_cache
5936 (p_security_profile_id IN NUMBER)
5937 IS
5938
5939 --
5940 -- Local variables.
5941 --
5942 l_temp_pay_tbl g_number_t;
5943 l_proc VARCHAR2(72) := g_package||'add_static_pay_to_cache';
5944
5945 --
5946 -- Fetch the payrolls in the static pay list for this profile.
5947 --
5948 CURSOR csr_get_static_pay IS
5949 SELECT ppl.payroll_id
5950 FROM pay_payroll_list ppl
5951 WHERE ppl.security_profile_id IS NOT NULL
5952 AND ppl.security_profile_id = p_security_profile_id;
5953
5954 BEGIN
5955
5956 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
5957
5958 --
5959 -- Verify that the necessary parameters have a value.
5960 --
5961 IF p_security_profile_id IS NOT NULL THEN
5962 --
5963 -- Get the visible payrolls for the profile by bulk collecting
5964 -- into a temporary collection.
5965 --
5966 IF g_dbg THEN op(l_proc, 20); END IF;
5967
5968 OPEN csr_get_static_pay;
5969 FETCH csr_get_static_pay BULK COLLECT INTO l_temp_pay_tbl;
5970 CLOSE csr_get_static_pay;
5971
5972 IF g_dbg THEN op(l_proc, 30); END IF;
5973
5974 IF l_temp_pay_tbl.COUNT > 0 THEN
5975 --
5976 -- Enumerate through the temporary table and re-order
5977 -- the list of payrolls into the global cache so that the
5978 -- index is the pay_id. This allows for direct index
5979 -- access.
5980 --
5981 IF g_dbg THEN op(l_proc, 40); END IF;
5982
5983 FOR i IN l_temp_pay_tbl.FIRST..l_temp_pay_tbl.LAST LOOP
5984 IF NOT g_pay_tbl.EXISTS(l_temp_pay_tbl(i)) THEN
5985 g_pay_tbl(l_temp_pay_tbl(i)) := TRUE;
5986 END IF;
5987 END LOOP;
5988 END IF;
5989 END IF;
5990
5991 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
5992
5993 END add_static_pay_to_cache;
5994 --
5995 -- ----------------------------------------------------------------------------
5996 -- |----------------------< add_static_per_to_cache >-------------------------|
5997 -- ----------------------------------------------------------------------------
5998 --
5999 PROCEDURE add_static_per_to_cache
6000 (p_user_id IN NUMBER
6001 ,p_security_profile_id IN NUMBER
6002 ,p_cache_by_user IN BOOLEAN)
6003 IS
6004
6005 --
6006 -- Local variables.
6007 --
6008 l_temp_per_tbl g_number_t;
6009 l_proc VARCHAR2(72) := g_package||'add_static_per_to_cache';
6010
6011 --
6012 -- Fetch all the people in the static per list
6013 -- for the given user.
6014 -- As there is a user and security profile pair, this
6015 -- allows for scenarios whereby a single user has multiple
6016 -- secured responsibilities, each attached to a different
6017 -- security profile and therefore different access rights.
6018 --
6019 CURSOR csr_get_static_per_for_user IS
6020 SELECT ppl.person_id
6021 FROM per_person_list ppl
6022 WHERE ppl.security_profile_id IS NOT NULL
6023 AND ppl.granted_user_id IS NOT NULL
6024 AND ppl.security_profile_id = p_security_profile_id
6025 AND ppl.granted_user_id = p_user_id;
6026
6027 --
6028 -- Fetch the people in the static per list for this profile.
6029 -- This cursor is used when user-based per security is
6030 -- not in use.
6031 --
6032 CURSOR csr_get_static_per IS
6033 SELECT ppl.person_id
6034 FROM per_person_list ppl
6035 WHERE ppl.security_profile_id IS NOT NULL
6036 AND ppl.granted_user_id IS NULL
6037 AND ppl.security_profile_id = p_security_profile_id;
6038
6039 BEGIN
6040
6041 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6042
6043 --
6044 -- Verify that the necessary parameters have a value.
6045 --
6046 IF p_user_id IS NOT NULL AND
6047 p_security_profile_id IS NOT NULL THEN
6048 --
6049 -- If this is user-based, look for a user and
6050 -- security profile pair. Generally speaking, the static
6051 -- user lists will only be cached when it is known that
6052 -- this user is in the list of users to build static
6053 -- lists for AND they have rows in per_person_list.
6054 --
6055 IF g_dbg THEN op(l_proc, 20); END IF;
6056
6057 IF p_cache_by_user THEN
6058 --
6059 -- Get the user's visible people by bulk collecting into a
6060 -- temporary collection.
6061 --
6062 IF g_dbg THEN op(l_proc, 30); END IF;
6063
6064 OPEN csr_get_static_per_for_user;
6065 FETCH csr_get_static_per_for_user BULK COLLECT INTO l_temp_per_tbl;
6066 CLOSE csr_get_static_per_for_user;
6067
6068 IF g_dbg THEN op(l_proc, 40); END IF;
6069
6070 ELSE
6071 --
6072 -- Get the security profile's visible people.
6073 --
6074 IF g_dbg THEN op(l_proc, 50); END IF;
6075
6076 OPEN csr_get_static_per;
6077 FETCH csr_get_static_per BULK COLLECT INTO l_temp_per_tbl;
6078 CLOSE csr_get_static_per;
6079
6080 IF g_dbg THEN op(l_proc, 60); END IF;
6081
6082 END IF;
6083
6084 IF l_temp_per_tbl.COUNT > 0 THEN
6085 --
6086 -- Enumerate through the temporary table and re-order
6087 -- the list of people into the global cache so that the
6088 -- index is the per_id. This allows for direct index
6089 -- access.
6090 --
6091 IF g_dbg THEN op(l_proc, 70); END IF;
6092
6093 FOR i IN l_temp_per_tbl.FIRST..l_temp_per_tbl.LAST LOOP
6094 IF NOT g_per_tbl.EXISTS(l_temp_per_tbl(i)) THEN
6095 g_per_tbl(l_temp_per_tbl(i)) := TRUE;
6096 END IF;
6097 END LOOP;
6098 END IF;
6099 END IF;
6100
6101 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6102
6103 END add_static_per_to_cache;
6104 --
6105 -- ----------------------------------------------------------------------------
6106 -- |----------------------< add_static_asg_to_cache >-------------------------|
6107 -- ----------------------------------------------------------------------------
6108 --
6109 PROCEDURE add_static_asg_to_cache
6110 (p_user_id IN NUMBER
6111 ,p_security_profile_id IN NUMBER
6112 ,p_cache_by_user IN BOOLEAN)
6113 IS
6114
6115 --
6116 -- Local variables.
6117 --
6118 l_temp_asg_tbl g_number_t;
6119 l_temp_per_tbl g_number_t;
6120 l_proc VARCHAR2(72) := g_package||'add_static_asg_to_cache';
6121
6122 --
6123 -- Fetch all the assignments in the static asg list
6124 -- for the given user.
6125 -- As there is a user and security profile pair, this
6126 -- allows for scenarios whereby a single user has multiple
6127 -- secured responsibilities, each attached to a different
6128 -- security profile and therefore different access rights.
6129 --
6130 CURSOR csr_get_static_asg_for_user IS
6131 SELECT pal.assignment_id
6132 ,pal.person_id
6133 FROM per_assignment_list pal
6134 WHERE pal.security_profile_id IS NOT NULL
6135 AND pal.user_id IS NOT NULL
6136 AND pal.security_profile_id = p_security_profile_id
6137 AND pal.user_id = p_user_id;
6138
6139 --
6140 -- Fetch the people in the static asg list for this profile.
6141 -- This cursor is used when user-based asg security is
6142 -- not in use. At the moment, permissions are only stored
6143 -- in the assignment list against a user so this cursor
6144 -- should never return any rows.
6145 --
6146 CURSOR csr_get_static_asg IS
6147 SELECT pal.assignment_id
6148 ,pal.person_id
6149 FROM per_assignment_list pal
6150 WHERE pal.security_profile_id IS NOT NULL
6151 AND pal.user_id IS NULL
6152 AND pal.security_profile_id = p_security_profile_id;
6153
6154 BEGIN
6155
6156 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6157
6158 --
6159 -- Verify that the necessary parameters have a value.
6160 --
6161 IF p_user_id IS NOT NULL AND
6162 p_security_profile_id IS NOT NULL AND
6163 p_cache_by_user IS NOT NULL THEN
6164 --
6165 -- If this is user-based, look for a user and
6166 -- security profile pair. Generally speaking, the static
6167 -- user lists will only be cached when it is known that
6168 -- this user is in the list of users to build static
6169 -- lists for AND they have rows in per_assignment_list.
6170 --
6171 IF g_dbg THEN op(l_proc, 20); END IF;
6172
6173 IF p_cache_by_user THEN
6174 --
6175 -- Get the user's visible assignments by bulk collecting
6176 -- into a temporary collection.
6177 --
6178 IF g_dbg THEN op(l_proc, 30); END IF;
6179
6180 OPEN csr_get_static_asg_for_user;
6181 FETCH csr_get_static_asg_for_user BULK COLLECT INTO l_temp_asg_tbl
6182 ,l_temp_per_tbl;
6183 CLOSE csr_get_static_asg_for_user;
6184
6185 IF g_dbg THEN op(l_proc, 40); END IF;
6186
6187 ELSE
6188 --
6189 -- Get the security profile's visible assignments.
6190 --
6191 IF g_dbg THEN op(l_proc, 50); END IF;
6192
6193 OPEN csr_get_static_asg;
6194 FETCH csr_get_static_asg BULK COLLECT INTO l_temp_asg_tbl
6195 ,l_temp_per_tbl;
6196 CLOSE csr_get_static_asg;
6197
6198 IF g_dbg THEN op(l_proc, 60); END IF;
6199
6200 END IF;
6201
6202 IF l_temp_asg_tbl.COUNT > 0 THEN
6203 --
6204 -- Enumerate through the temporary table and re-order
6205 -- the list of assignments into the global cache so that
6206 -- the index is the asg_id. This allows for direct index
6207 -- access. Also, use the person ID as each row's value
6208 -- so that show_person could potentially use this table
6209 -- in the future.
6210 --
6211 IF g_dbg THEN op(l_proc, 70); END IF;
6212
6213 FOR i IN l_temp_asg_tbl.FIRST..l_temp_asg_tbl.LAST LOOP
6214 IF NOT g_asg_tbl.EXISTS(l_temp_asg_tbl(i)) THEN
6215 g_asg_tbl(l_temp_asg_tbl(i)) := l_temp_per_tbl(i);
6216 END IF;
6217 END LOOP;
6218 END IF;
6219 END IF;
6220
6221 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6222
6223 END add_static_asg_to_cache;
6224 --
6225 -- ----------------------------------------------------------------------------
6226 -- |----------------------< add_per_list_changes_to_cache >-------------------|
6227 -- ----------------------------------------------------------------------------
6228 --
6229 PROCEDURE add_per_list_changes_to_cache
6230 (p_security_profile_id IN NUMBER
6231 ,p_effective_date IN DATE)
6232 IS
6233
6234 --
6235 -- Local variables.
6236 --
6237 l_temp_per_tbl g_number_t;
6238 l_proc VARCHAR2(72) := g_package||'add_per_list_changes_to_cache';
6239
6240 --
6241 -- Fetch all the people in the static person list changes to the
6242 -- cache. In theory, this table should be empty because of the
6243 -- ex-person enhancements but in practice, it is likely that this
6244 -- table is still maintained or was used by unsupported customer
6245 -- processes.
6246 -- Either way, cache the contents to be safe.
6247 -- Only include people that do not have an assignment effective
6248 -- as of the effective date (because they would have already been
6249 -- evaluated) but did once have an assignment.
6250 --
6251 CURSOR csr_get_static_per IS
6252 SELECT plc.person_id
6253 FROM per_person_list_changes plc
6254 WHERE plc.security_profile_id IS NOT NULL
6255 AND plc.security_profile_id = p_security_profile_id
6256 AND NOT EXISTS
6257 (SELECT NULL
6258 FROM per_all_assignments_f paaf
6259 WHERE paaf.person_id = plc.person_id
6260 AND paaf.assignment_type <> 'B'
6261 AND p_effective_date BETWEEN
6262 paaf.effective_start_date AND paaf.effective_end_date)
6263 AND EXISTS
6264 (SELECT NULL
6265 FROM per_all_assignments_f paaf2
6266 WHERE paaf2.person_id = plc.person_id
6267 AND paaf2.assignment_type <> 'B'
6268 AND p_effective_date > paaf2.effective_start_date);
6269
6270 BEGIN
6271
6272 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6273
6274 --
6275 -- Verify that the necessary parameters have a value.
6276 --
6277 IF p_security_profile_id IS NOT NULL THEN
6278 --
6279 -- Get the people in the list by bulk collecting into a
6280 -- temporary collection.
6281 --
6282 IF g_dbg THEN op(l_proc, 20); END IF;
6283
6284 OPEN csr_get_static_per;
6285 FETCH csr_get_static_per BULK COLLECT INTO l_temp_per_tbl;
6286 CLOSE csr_get_static_per;
6287
6288 IF g_dbg THEN op(l_proc, 30); END IF;
6289
6290 IF l_temp_per_tbl.COUNT > 0 THEN
6291 --
6292 -- Enumerate through the temporary table and re-order
6293 -- the list of people into the global cache so that the
6294 -- index is the per_id. This allows for direct index
6295 -- access.
6296 --
6297 IF g_dbg THEN op(l_proc, 40); END IF;
6298
6299 FOR i IN l_temp_per_tbl.FIRST..l_temp_per_tbl.LAST LOOP
6300 IF NOT g_per_tbl.EXISTS(l_temp_per_tbl(i)) THEN
6301 g_per_tbl(l_temp_per_tbl(i)) := TRUE;
6302 END IF;
6303 END LOOP;
6304 END IF;
6305 END IF;
6306
6307 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6308
6309 END add_per_list_changes_to_cache;
6310 --
6311 -- ----------------------------------------------------------------------------
6312 -- |----------------------< add_granted_users_to_cache >----------------------|
6313 -- ----------------------------------------------------------------------------
6314 --
6315 PROCEDURE add_granted_users_to_cache
6316 (p_user_id IN NUMBER
6317 ,p_effective_date IN DATE
6318 ,p_allow_granted_users_flag IN VARCHAR2
6319 ,p_restrict_on_individual_asg IN VARCHAR2)
6320 IS
6321
6322 --
6323 -- Local variables.
6324 --
6325 l_proc VARCHAR2(72) := g_package||'add_granted_users_to_cache';
6326 l_temp_per_tbl g_number_t;
6327
6328 --
6329 -- Fetch all the people for whom this user has explicitly been
6330 -- granted access.
6331 --
6332 CURSOR csr_get_granted_users IS
6333 SELECT ppl.person_id
6334 FROM per_person_list ppl
6335 WHERE ppl.granted_user_id IS NOT NULL
6336 AND ppl.granted_user_id = p_user_id
6337 AND ppl.security_profile_id IS NULL;
6338
6339 --
6340 -- Fetch all the non-benefits assignments for a given person.
6341 --
6342 CURSOR csr_get_asgs_for_per
6343 (p_person_id IN NUMBER) IS
6344 SELECT paaf.assignment_id
6345 FROM per_all_assignments_f paaf
6346 WHERE paaf.person_id = p_person_id
6347 AND p_effective_date BETWEEN
6348 paaf.effective_start_date AND paaf.effective_end_date
6349 AND paaf.assignment_type <> 'B';
6350
6351 BEGIN
6352
6353 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6354
6355 --
6356 -- Verify that the necessary parameters have a value.
6357 --
6358 IF p_user_id IS NOT NULL AND
6359 p_effective_date IS NOT NULL THEN
6360
6361 --
6362 -- If granted users are allowed.
6363 --
6364 IF NVL(p_allow_granted_users_flag, 'N') = 'Y' THEN
6365 --
6366 -- Get the granted users by bulk collecting into a
6367 -- temporary collection.
6368 --
6369 IF g_dbg THEN op(l_proc, 20); END IF;
6370
6371 OPEN csr_get_granted_users;
6372 FETCH csr_get_granted_users BULK COLLECT INTO l_temp_per_tbl;
6373 CLOSE csr_get_granted_users;
6374
6375 IF g_dbg THEN op(l_proc, 30); END IF;
6376
6377 IF l_temp_per_tbl.COUNT > 0 THEN
6378 --
6379 -- Enumerate through the temporary table and re-order
6380 -- the list of people into the global cache so that the
6381 -- index is the per_id. This allows for direct index
6382 -- access.
6383 --
6384 IF g_dbg THEN op(l_proc, 40); END IF;
6385
6386 FOR i IN l_temp_per_tbl.FIRST..l_temp_per_tbl.LAST LOOP
6387 --
6388 -- Add the granted user to the person cache if they
6389 -- do not already exist.
6390 --
6391 IF NOT g_per_tbl.EXISTS(l_temp_per_tbl(i)) THEN
6392 g_per_tbl(l_temp_per_tbl(i)) := TRUE;
6393 END IF;
6394
6395 IF NVL(p_restrict_on_individual_asg, 'N') = 'Y' THEN
6396 --
6397 -- This profile is securing at an individual assignment level
6398 -- so add all the assignments for this person into the
6399 -- assignment cache.
6400 --
6401 FOR asg_rec IN csr_get_asgs_for_per(l_temp_per_tbl(i)) LOOP
6402 --
6403 -- For each assignment, add it to the assignment
6404 -- cache if it does not already exist.
6405 --
6406 IF NOT g_asg_tbl.EXISTS(asg_rec.assignment_id) THEN
6407 g_asg_tbl(asg_rec.assignment_id) := l_temp_per_tbl(i);
6408 END IF;
6409 END LOOP;
6410 END IF;
6411 END LOOP;
6412 END IF;
6413 END IF;
6414 END IF;
6415
6416 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6417
6418 END add_granted_users_to_cache;
6419 --
6420 -- ----------------------------------------------------------------------------
6421 -- |----------------------< add_sec_prof_pay_to_cache >-----------------------|
6422 -- ----------------------------------------------------------------------------
6423 --
6424 PROCEDURE add_sec_prof_pay_to_cache
6425 (p_security_profile_id IN NUMBER
6426 ,p_include_exclude_payroll_flag IN VARCHAR2
6427 ,p_business_group_id IN NUMBER
6428 ,p_effective_date IN DATE)
6429 IS
6430
6431 --
6432 -- Local variables.
6433 --
6434 l_temp_pay_tbl g_number_t;
6435 l_proc VARCHAR2(72) := g_package||'add_sec_prof_pay_to_cache';
6436
6437 --
6438 -- Fetch the effective payrolls in the security profile's payroll
6439 -- list. This cursor is used when the payrolls listed should be
6440 -- included.
6441 --
6442 CURSOR csr_get_include_pay IS
6443 SELECT pay.payroll_id
6444 FROM pay_all_payrolls_f pay
6445 ,pay_security_payrolls psp
6446 WHERE psp.security_profile_id IS NOT NULL
6447 AND psp.security_profile_id = p_security_profile_id
6448 AND psp.payroll_id = pay.payroll_id
6449 AND p_effective_date BETWEEN
6450 pay.effective_start_date AND pay.effective_end_date;
6451
6452 --
6453 -- Fetch the effective payrolls in the business group of the
6454 -- security profile, specifically excluding those listed
6455 -- in the security profile's list of payrolls.
6456 -- This cursor is used when the payrolls listed should be
6457 -- included.
6458 --
6459 CURSOR csr_get_exclude_pay IS
6460 SELECT pay.payroll_id
6461 FROM pay_all_payrolls_f pay
6462 WHERE p_effective_date BETWEEN
6463 pay.effective_start_date AND pay.effective_end_date
6464 AND pay.business_group_id IS NOT NULL
6465 AND pay.business_group_id = p_business_group_id
6466 AND NOT EXISTS
6467 (SELECT NULL
6468 FROM pay_security_payrolls psp
6469 WHERE psp.security_profile_id IS NOT NULL
6470 AND psp.security_profile_id = p_security_profile_id
6471 AND psp.payroll_id = pay.payroll_id);
6472
6473 BEGIN
6474
6475 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6476
6477 --
6478 -- Verify that the necessary parameters have a value.
6479 --
6480 IF p_security_profile_id IS NOT NULL AND
6481 p_include_exclude_payroll_flag IS NOT NULL AND
6482 p_business_group_id IS NOT NULL AND
6483 p_effective_date IS NOT NULL THEN
6484
6485 IF g_dbg THEN op(l_proc, 20); END IF;
6486
6487 --
6488 -- Add the payrolls to the cache: include them if
6489 -- Include is specified, otherwise exclude all
6490 -- except those in the payroll list.
6491 --
6492 IF p_include_exclude_payroll_flag = 'I' THEN
6493 --
6494 -- Include those in the security profile's payroll list.
6495 --
6496 IF g_dbg THEN op(l_proc, 30); END IF;
6497
6498 OPEN csr_get_include_pay;
6499 FETCH csr_get_include_pay BULK COLLECT INTO l_temp_pay_tbl;
6500 CLOSE csr_get_include_pay;
6501
6502 ELSIF p_include_exclude_payroll_flag = 'E' THEN
6503 --
6504 -- Include all but those in the security profile's payroll
6505 -- list.
6506 --
6507 IF g_dbg THEN op(l_proc, 40); END IF;
6508
6509 OPEN csr_get_exclude_pay;
6510 FETCH csr_get_exclude_pay BULK COLLECT INTO l_temp_pay_tbl;
6511 CLOSE csr_get_exclude_pay;
6512
6513 END IF;
6514
6515 IF l_temp_pay_tbl.COUNT > 0 THEN
6516 --
6517 -- Enumerate through the temporary table and re-order
6518 -- the list of payrolls into the global cache so that the
6519 -- index is the pay_id. This allows for direct index
6520 -- access.
6521 --
6522 IF g_dbg THEN op(l_proc, 50); END IF;
6523
6524 FOR i IN l_temp_pay_tbl.FIRST..l_temp_pay_tbl.LAST LOOP
6525 IF NOT g_pay_tbl.EXISTS(l_temp_pay_tbl(i)) THEN
6526 g_pay_tbl(l_temp_pay_tbl(i)) := TRUE;
6527 END IF;
6528 END LOOP;
6529 END IF;
6530 END IF;
6531
6532 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6533
6534 END add_sec_prof_pay_to_cache;
6535 --
6536 -- ----------------------------------------------------------------------------
6537 -- |----------------------< user_in_static_org_list >-------------------------|
6538 -- ----------------------------------------------------------------------------
6539 --
6540 FUNCTION user_in_static_org_list
6541 (p_user_id IN NUMBER
6542 ,p_security_profile_id IN NUMBER)
6543 RETURN BOOLEAN IS
6544
6545 --
6546 -- Local variables.
6547 --
6548 l_return BOOLEAN := FALSE;
6549 l_organization_id NUMBER;
6550 l_proc VARCHAR2(72) := g_package||'user_in_static_org_list';
6551
6552 BEGIN
6553
6554 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6555
6556 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
6557
6558 IF g_dbg THEN op(l_proc, 30); END IF;
6559
6560 SELECT pol.organization_id
6561 INTO l_organization_id
6562 FROM per_organization_list pol
6563 WHERE pol.user_id IS NOT NULL
6564 AND pol.security_profile_id IS NOT NULL
6565 AND pol.user_id = p_user_id
6566 AND pol.security_profile_id = p_security_profile_id
6567 AND rownum = 1;
6568
6569 IF g_dbg THEN op(l_proc, 40); END IF;
6570
6571 END IF;
6572
6573 l_return := (l_organization_id IS NOT NULL);
6574
6575 IF g_dbg THEN op('Leaving: '||l_proc, 989); END IF;
6576
6577 RETURN l_return;
6578
6579 EXCEPTION
6580
6581 WHEN no_data_found THEN
6582
6583 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6584
6585 RETURN l_return;
6586
6587 END user_in_static_org_list;
6588 --
6589 -- ----------------------------------------------------------------------------
6590 -- |----------------------< user_in_static_pos_list >-------------------------|
6591 -- ----------------------------------------------------------------------------
6592 --
6593 FUNCTION user_in_static_pos_list
6594 (p_user_id IN NUMBER
6595 ,p_security_profile_id IN NUMBER)
6596 RETURN BOOLEAN IS
6597
6598 --
6599 -- Local variables.
6600 --
6601 l_return BOOLEAN := FALSE;
6602 l_position_id NUMBER;
6603 l_proc VARCHAR2(72) := g_package||'user_in_static_pos_list';
6604
6605 BEGIN
6606
6607 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6608
6609 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
6610
6611 IF g_dbg THEN op(l_proc, 30); END IF;
6612
6613 SELECT ppl.position_id
6614 INTO l_position_id
6615 FROM per_position_list ppl
6616 WHERE ppl.user_id IS NOT NULL
6617 AND ppl.security_profile_id IS NOT NULL
6618 AND ppl.user_id = p_user_id
6619 AND ppl.security_profile_id = p_security_profile_id
6620 AND rownum = 1;
6621
6622 IF g_dbg THEN op(l_proc, 40); END IF;
6623
6624 END IF;
6625
6626 l_return := (l_position_id IS NOT NULL);
6627
6628 IF g_dbg THEN op('Leaving: '||l_proc, 989); END IF;
6629
6630 RETURN l_return;
6631
6632 EXCEPTION
6633
6634 WHEN no_data_found THEN
6635
6636 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6637
6638 RETURN l_return;
6639
6640 END user_in_static_pos_list;
6641 --
6642 -- ----------------------------------------------------------------------------
6643 -- |----------------------< user_in_static_per_list >-------------------------|
6644 -- ----------------------------------------------------------------------------
6645 --
6646 FUNCTION user_in_static_per_list
6647 (p_user_id IN NUMBER
6648 ,p_security_profile_id IN NUMBER)
6649 RETURN BOOLEAN IS
6650
6651 --
6652 -- Local variables.
6653 --
6654 l_return BOOLEAN := FALSE;
6655 l_person_id NUMBER;
6656 l_proc VARCHAR2(72) := g_package||'user_in_static_per_list';
6657
6658 BEGIN
6659
6660 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6661
6662 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
6663
6664 IF g_dbg THEN op(l_proc, 30); END IF;
6665
6666 --
6667 -- Here it is important to specify that the security_profile_id is not
6668 -- null because rows with a null security_profile_id indicate
6669 -- access explicitly granted through SSHR, and this should not be
6670 -- picked up here.
6671 --
6672 SELECT ppl.person_id
6673 INTO l_person_id
6674 FROM per_person_list ppl
6675 WHERE ppl.granted_user_id IS NOT NULL
6676 AND ppl.security_profile_id IS NOT NULL
6677 AND ppl.granted_user_id = p_user_id
6678 AND ppl.security_profile_id = p_security_profile_id
6679 AND rownum = 1;
6680
6681 IF g_dbg THEN op(l_proc, 40); END IF;
6682
6683 END IF;
6684
6685 l_return := (l_person_Id IS NOT NULL);
6686
6687 IF g_dbg THEN op('Leaving: '||l_proc, 989); END IF;
6688
6689 RETURN l_return;
6690
6691 EXCEPTION
6692
6693 WHEN no_data_found THEN
6694
6695 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6696
6697 RETURN l_return;
6698
6699 END user_in_static_per_list;
6700 --
6701 -- ----------------------------------------------------------------------------
6702 -- |----------------------< user_in_static_asg_list >-------------------------|
6703 -- ----------------------------------------------------------------------------
6704 --
6705 FUNCTION user_in_static_asg_list
6706 (p_user_id IN NUMBER
6707 ,p_security_profile_id IN NUMBER)
6708 RETURN BOOLEAN IS
6709
6710 --
6711 -- Local variables.
6712 --
6713 l_return BOOLEAN := FALSE;
6714 l_assignment_id NUMBER;
6715 l_proc VARCHAR2(72) := g_package||'user_in_static_asg_list';
6716
6717 BEGIN
6718
6719 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6720
6721 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
6722
6723 IF g_dbg THEN op(l_proc, 30); END IF;
6724
6725 SELECT pal.assignment_id
6726 INTO l_assignment_id
6727 FROM per_assignment_list pal
6728 WHERE pal.user_id IS NOT NULL
6729 AND pal.security_profile_id IS NOT NULL
6730 AND pal.user_id = p_user_id
6731 AND pal.security_profile_id = p_security_profile_id
6732 AND rownum = 1;
6733
6734 IF g_dbg THEN op(l_proc, 40); END IF;
6735
6736 END IF;
6737
6738 l_return := (l_assignment_id IS NOT NULL);
6739
6740 IF g_dbg THEN op('Leaving: '||l_proc, 989); END IF;
6741
6742 RETURN l_return;
6743
6744 EXCEPTION
6745
6746 WHEN no_data_found THEN
6747
6748 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6749
6750 RETURN l_return;
6751
6752 END user_in_static_asg_list;
6753 --
6754 -- ----------------------------------------------------------------------------
6755 -- |----------------------< delete_org_list_for_user >------------------------|
6756 -- ----------------------------------------------------------------------------
6757 --
6758 PROCEDURE delete_org_list_for_user
6759 (p_user_id IN NUMBER
6760 ,p_security_profile_id IN NUMBER)
6761 IS
6762
6763 --
6764 -- Break out into an autonomous transaction so that this does not
6765 -- share the same commit cycle as the calling routine.
6766 -- This ensures rows get deleted where there is no assumed commits
6767 -- elsewhere, for example, at longon. It also commits regardless of
6768 -- unexpected exceptions elsewhere.
6769 --
6770 PRAGMA AUTONOMOUS_TRANSACTION;
6771
6772 --
6773 -- Local variables.
6774 --
6775 l_proc VARCHAR2(72) := g_package||'delete_org_list_for_user';
6776
6777 BEGIN
6778
6779 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6780
6781 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
6782
6783 --
6784 -- Delete all orgs in per_organization_list for this user
6785 -- and this security profile.
6786 --
6787 IF g_dbg THEN op(l_proc, 20); END IF;
6788
6789 DELETE FROM per_organization_list pol
6790 WHERE pol.user_id IS NOT NULL
6791 AND pol.security_profile_id IS NOT NULL
6792 AND pol.user_id = p_user_id
6793 AND pol.security_profile_id = p_security_profile_id;
6794
6795 IF g_dbg THEN op(l_proc, 30); END IF;
6796 --
6797 -- This is an autonomous transaction so an explicit
6798 -- commit or rollback is required.
6799 --
6800 COMMIT;
6801
6802 END IF;
6803
6804 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6805
6806 END delete_org_list_for_user;
6807 --
6808 -- ----------------------------------------------------------------------------
6809 -- |----------------------< delete_pos_list_for_user >------------------------|
6810 -- ----------------------------------------------------------------------------
6811 --
6812 PROCEDURE delete_pos_list_for_user
6813 (p_user_id IN NUMBER
6814 ,p_security_profile_id IN NUMBER)
6815 IS
6816
6817 --
6818 -- Break out into an autonomous transaction so that this does not
6819 -- share the same commit cycle as the calling routine.
6820 -- This ensures rows get deleted where there is no assumed commits
6821 -- elsewhere, for example, at longon. It also commits regardless of
6822 -- unexpected exceptions elsewhere.
6823 --
6824 PRAGMA AUTONOMOUS_TRANSACTION;
6825
6826 --
6827 -- Local variables.
6828 --
6829 l_proc VARCHAR2(72) := g_package||'delete_pos_list_for_user';
6830
6831 BEGIN
6832
6833 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6834
6835 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
6836
6837 --
6838 -- Delete all positions in per_position_list for this user
6839 -- and this security profile.
6840 --
6841 IF g_dbg THEN op(l_proc, 20); END IF;
6842
6843 DELETE FROM per_position_list ppl
6844 WHERE ppl.user_id IS NOT NULL
6845 AND ppl.security_profile_id IS NOT NULL
6846 AND ppl.user_id = p_user_id
6847 AND ppl.security_profile_id = p_security_profile_id;
6848
6849 IF g_dbg THEN op(l_proc, 30); END IF;
6850 --
6851 -- This is an autonomous transaction so an explicit
6852 -- commit or rollback is required.
6853 --
6854 COMMIT;
6855
6856 END IF;
6857
6858 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6859
6860 END delete_pos_list_for_user;
6861 --
6862 -- ----------------------------------------------------------------------------
6863 -- |----------------------< delete_per_list_for_user >------------------------|
6864 -- ----------------------------------------------------------------------------
6865 --
6866 PROCEDURE delete_per_list_for_user
6867 (p_user_id IN NUMBER
6868 ,p_security_profile_id IN NUMBER)
6869 IS
6870
6871 --
6872 -- Break out into an autonomous transaction so that this does not
6873 -- share the same commit cycle as the calling routine.
6874 -- This ensures rows get deleted where there is no assumed commits
6875 -- elsewhere, for example, at longon. It also commits regardless of
6876 -- unexpected exceptions elsewhere.
6877 --
6878 PRAGMA AUTONOMOUS_TRANSACTION;
6879
6880 --
6881 -- Local variables.
6882 --
6883 l_proc VARCHAR2(72) := g_package||'delete_per_list_for_user';
6884
6885 BEGIN
6886
6887 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6888
6889 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
6890
6891 --
6892 -- Delete all people in per_person_list for this user
6893 -- and this security profile.
6894 --
6895 IF g_dbg THEN op(l_proc, 20); END IF;
6896
6897 --
6898 -- Here it is important to specify that the security_profile_id is not
6899 -- null because rows with a null security_profile_id indicate
6900 -- access explicitly granted through SSHR.
6901 --
6902 DELETE FROM per_person_list ppl
6903 WHERE ppl.granted_user_id IS NOT NULL
6904 AND ppl.security_profile_id IS NOT NULL
6905 AND ppl.granted_user_id = p_user_id
6906 AND ppl.security_profile_id = p_security_profile_id;
6907
6908 IF g_dbg THEN op(l_proc, 30); END IF;
6909 --
6910 -- This is an autonomous transaction so an explicit
6911 -- commit or rollback is required.
6912 --
6913 COMMIT;
6914
6915 END IF;
6916
6917 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6918
6919 END delete_per_list_for_user;
6920 --
6921 -- ----------------------------------------------------------------------------
6922 -- |----------------------< delete_asg_list_for_user >------------------------|
6923 -- ----------------------------------------------------------------------------
6924 --
6925 PROCEDURE delete_asg_list_for_user
6926 (p_user_id IN NUMBER
6927 ,p_security_profile_id IN NUMBER)
6928 IS
6929
6930 --
6931 -- Break out into an autonomous transaction so that this does not
6932 -- share the same commit cycle as the calling routine.
6933 -- This ensures rows get deleted where there is no assumed commits
6934 -- elsewhere, for example, at longon. It also commits regardless of
6935 -- unexpected exceptions elsewhere.
6936 --
6937 PRAGMA AUTONOMOUS_TRANSACTION;
6938
6939 --
6940 -- Local variables.
6941 --
6942 l_proc VARCHAR2(72) := g_package||'delete_asg_list_for_user';
6943
6944 BEGIN
6945
6946 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
6947
6948 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
6949
6950 --
6951 -- Delete all assignments in per_assignment_list for this user
6952 -- and this security profile.
6953 --
6954 IF g_dbg THEN op(l_proc, 20); END IF;
6955
6956 DELETE FROM per_assignment_list pal
6957 WHERE pal.user_id IS NOT NULL
6958 AND pal.security_profile_id IS NOT NULL
6959 AND pal.user_id = p_user_id
6960 AND pal.security_profile_id = p_security_profile_id;
6961
6962 IF g_dbg THEN op(l_proc, 30); END IF;
6963 --
6964 -- This is an autonomous transaction so an explicit
6965 -- commit or rollback is required.
6966 --
6967 COMMIT;
6968
6969 END IF;
6970
6971 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
6972
6973 END delete_asg_list_for_user;
6974 --
6975 -- ----------------------------------------------------------------------------
6976 -- |----------------------< insert_org_list_for_user >------------------------|
6977 -- ----------------------------------------------------------------------------
6978 --
6979 PROCEDURE insert_org_list_for_user
6980 (p_user_id IN NUMBER
6981 ,p_security_profile_id IN NUMBER)
6982 IS
6983
6984 --
6985 -- Break out into an autonomous transaction so that this does not
6986 -- share the same commit cycle as the calling routine.
6987 -- This ensures rows get inserted where there is no assumed commits
6988 -- elsewhere, for example, at longon. It also commits regardless of
6989 -- unexpected exceptions elsewhere.
6990 --
6991 PRAGMA AUTONOMOUS_TRANSACTION;
6992
6993 --
6994 -- Local variables. Used for populating the who columns.
6995 --
6996 l_proc VARCHAR2(72) := g_package||'insert_org_list_for_user';
6997 l_request_id NUMBER := fnd_profile.value('CONC_REQUEST_ID');
6998 l_program_id NUMBER := fnd_profile.value('CONC_PROGRAM_ID');
6999 l_program_application_id NUMBER := fnd_profile.value
7000 ('CONC_PROGRAM_APPLICATION_ID');
7001 i NUMBER;
7002
7003 BEGIN
7004
7005 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
7006
7007 --
7008 -- If all the values needed to insert rows are available,
7009 -- insert them.
7010 --
7011 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL
7012 AND g_org_tbl.COUNT > 0 THEN
7013 --
7014 -- Unfortunately, a bulk insert (forall) statement cannot
7015 -- be used here because the index is by organization_id
7016 -- and is therefore not contiguous and there are likely
7017 -- to be gaps in the range.
7018 --
7019 IF g_dbg THEN op(l_proc, 20); END IF;
7020
7021 i := g_org_tbl.FIRST;
7022
7023 WHILE i <= g_org_tbl.LAST LOOP
7024 --
7025 -- There is no duplicate row checking. Although the index
7026 -- in g_org_tbl will be unique, this routine relies on
7027 -- existing rows to have been deleted (through
7028 -- delete_org_list_for_user) prior to insertion.
7029 --
7030 IF g_dbg THEN op(l_proc||'('||to_char(i)||'):'); END IF;
7031
7032 INSERT INTO per_organization_list
7033 (security_profile_id
7034 ,organization_id
7035 ,user_id
7036 ,request_id
7037 ,program_application_id
7038 ,program_id
7039 ,program_update_date)
7040 VALUES
7041 (p_security_profile_id
7042 ,i
7043 ,p_user_id
7044 ,l_request_id
7045 ,l_program_application_id
7046 ,l_program_id
7047 ,sysdate
7048 );
7049
7050 i := g_org_tbl.NEXT(i);
7051
7052 END LOOP;
7053
7054 IF g_dbg THEN op(l_proc, 30); END IF;
7055 --
7056 -- This is an autonomous transaction so an explicit
7057 -- commit or rollback is required.
7058 --
7059 COMMIT;
7060
7061 END IF;
7062
7063 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
7064
7065 END insert_org_list_for_user;
7066 --
7067 -- ----------------------------------------------------------------------------
7068 -- |----------------------< insert_pos_list_for_user >------------------------|
7069 -- ----------------------------------------------------------------------------
7070 --
7071 PROCEDURE insert_pos_list_for_user
7072 (p_user_id IN NUMBER
7073 ,p_security_profile_id IN NUMBER)
7074 IS
7075
7076 --
7077 -- Break out into an autonomous transaction so that this does not
7078 -- share the same commit cycle as the calling routine.
7079 -- This ensures rows get inserted where there is no assumed commits
7080 -- elsewhere, for example, at longon. It also commits regardless of
7081 -- unexpected exceptions elsewhere.
7082 --
7083 PRAGMA AUTONOMOUS_TRANSACTION;
7084
7085 --
7086 -- Local variables. Used for populating the who columns.
7087 --
7088 l_proc VARCHAR2(72) := g_package||'insert_pos_list_for_user';
7089 l_request_id NUMBER := fnd_profile.value('CONC_REQUEST_ID');
7090 l_program_id NUMBER := fnd_profile.value('CONC_PROGRAM_ID');
7091 l_program_application_id NUMBER := fnd_profile.value
7092 ('CONC_PROGRAM_APPLICATION_ID');
7093 i NUMBER;
7094
7095 BEGIN
7096
7097 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
7098
7099 --
7100 -- If all the values needed to insert rows are available,
7101 -- insert them.
7102 --
7103 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL
7104 AND g_pos_tbl.COUNT > 0 THEN
7105 --
7106 -- Unfortunately, a bulk insert (forall) statement cannot
7107 -- be used here because the index is by position_id
7108 -- and is therefore not contiguous and there are likely
7109 -- to be gaps in the range.
7110 --
7111 IF g_dbg THEN op(l_proc, 20); END IF;
7112
7113 i := g_pos_tbl.FIRST;
7114
7115 WHILE i <= g_pos_tbl.LAST LOOP
7116 --
7117 -- There is no duplicate row checking. Although the index
7118 -- in g_pos_tbl will be unique, this routine relies on
7119 -- existing rows to have been deleted (through
7120 -- delete_pos_list_for_user) prior to insertion.
7121 --
7122 IF g_dbg THEN op(l_proc||'('||to_char(i)||'):'); END IF;
7123
7124 INSERT INTO per_position_list
7125 (security_profile_id
7126 ,position_id
7127 ,user_id
7128 ,request_id
7129 ,program_application_id
7130 ,program_id
7131 ,program_update_date)
7132 VALUES
7133 (p_security_profile_id
7134 ,i
7135 ,p_user_id
7136 ,l_request_id
7137 ,l_program_application_id
7138 ,l_program_id
7139 ,sysdate
7140 );
7141
7142 i := g_pos_tbl.NEXT(i);
7143
7144 END LOOP;
7145
7146 IF g_dbg THEN op(l_proc, 30); END IF;
7147 --
7148 -- This is an autonomous transaction so an explicit
7149 -- commit or rollback is required.
7150 --
7151 COMMIT;
7152
7153 END IF;
7154
7155 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
7156
7157 END insert_pos_list_for_user;
7158 --
7159 -- ----------------------------------------------------------------------------
7160 -- |----------------------< insert_per_list_for_user >------------------------|
7161 -- ----------------------------------------------------------------------------
7162 --
7163 PROCEDURE insert_per_list_for_user
7164 (p_user_id IN NUMBER
7165 ,p_security_profile_id IN NUMBER)
7166 IS
7167
7168 --
7169 -- Break out into an autonomous transaction so that this does not
7170 -- share the same commit cycle as the calling routine.
7171 -- This ensures rows get inserted where there is no assumed commits
7172 -- elsewhere, for example, at longon. It also commits regardless of
7173 -- unexpected exceptions elsewhere.
7174 --
7175 PRAGMA AUTONOMOUS_TRANSACTION;
7176
7177 --
7178 -- Local variables. Used for populating the who columns.
7179 --
7180 l_proc VARCHAR2(72) := g_package||'insert_per_list_for_user';
7181 l_request_id NUMBER := fnd_profile.value('CONC_REQUEST_ID');
7182 l_program_id NUMBER := fnd_profile.value('CONC_PROGRAM_ID');
7183 l_program_application_id NUMBER := fnd_profile.value
7184 ('CONC_PROGRAM_APPLICATION_ID');
7185 i NUMBER;
7186
7187 BEGIN
7188
7189 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
7190
7191 --
7192 -- If all the values needed to insert rows are available,
7193 -- insert them.
7194 --
7195 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL
7196 AND g_per_tbl.COUNT > 0 THEN
7197 --
7198 -- Unfortunately, a bulk insert (forall) statement cannot
7199 -- be used here because the index is by person_id
7200 -- and is therefore not contiguous and there are likely
7201 -- to be gaps in the range.
7202 --
7203 IF g_dbg THEN op(l_proc, 20); END IF;
7204
7205 i := g_per_tbl.FIRST;
7206
7207 WHILE i <= g_per_tbl.LAST LOOP
7208 --
7209 -- There is no duplicate row checking. Although the index
7210 -- in g_per_tbl will be unique, this routine relies on
7211 -- existing rows to have been deleted (through
7212 -- delete_per_list_for_user) prior to insertion.
7213 --
7214 IF g_dbg THEN op(l_proc||'('||to_char(i)||'):'); END IF;
7215
7216 INSERT INTO per_person_list
7217 (security_profile_id
7218 ,person_id
7219 ,granted_user_id
7220 ,request_id
7221 ,program_application_id
7222 ,program_id
7223 ,program_update_date)
7224 VALUES
7225 (p_security_profile_id
7226 ,i
7227 ,p_user_id
7228 ,l_request_id
7229 ,l_program_application_id
7230 ,l_program_id
7231 ,sysdate
7232 );
7233
7234 i := g_per_tbl.NEXT(i);
7235
7236 END LOOP;
7237
7238 IF g_dbg THEN op(l_proc, 30); END IF;
7239 --
7240 -- This is an autonomous transaction so an explicit
7241 -- commit or rollback is required.
7242 --
7243 COMMIT;
7244
7245 END IF;
7246
7247 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
7248
7249 END insert_per_list_for_user;
7250 --
7251 -- ----------------------------------------------------------------------------
7252 -- |----------------------< insert_asg_list_for_user >------------------------|
7253 -- ----------------------------------------------------------------------------
7254 --
7255 PROCEDURE insert_asg_list_for_user
7256 (p_user_id IN NUMBER
7257 ,p_security_profile_id IN NUMBER)
7258 IS
7259
7260 --
7261 -- Break out into an autonomous transaction so that this does not
7262 -- share the same commit cycle as the calling routine.
7263 -- This ensures rows get inserted where there is no assumed commits
7264 -- elsewhere, for example, at longon. It also commits regardless of
7265 -- unexpected exceptions elsewhere.
7266 --
7267 PRAGMA AUTONOMOUS_TRANSACTION;
7268
7269 --
7270 -- Local variables. Used for populating the who columns.
7271 --
7272 l_proc VARCHAR2(72) := g_package||'insert_asg_list_for_user';
7273 l_request_id NUMBER := fnd_profile.value('CONC_REQUEST_ID');
7274 l_program_id NUMBER := fnd_profile.value('CONC_PROGRAM_ID');
7275 l_program_application_id NUMBER := fnd_profile.value
7276 ('CONC_PROGRAM_APPLICATION_ID');
7277 i NUMBER;
7278
7279 BEGIN
7280
7281 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
7282
7283 --
7284 -- If all the values needed to insert rows are available,
7285 -- insert them.
7286 --
7287 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL
7288 AND g_asg_tbl.COUNT > 0 THEN
7289 --
7290 -- Unfortunately, a bulk insert (forall) statement cannot
7291 -- be used here because the index is by assignment_id
7292 -- and is therefore not contiguous and there are likely
7293 -- to be gaps in the range.
7294 --
7295 IF g_dbg THEN op(l_proc, 20); END IF;
7296
7297 i := g_asg_tbl.FIRST;
7298
7299 WHILE i <= g_asg_tbl.LAST LOOP
7300 --
7301 -- There is no duplicate row checking. Although the index
7302 -- in g_asg_tbl will be unique, this routine relies on
7303 -- existing rows to have been deleted (through
7304 -- delete_asg_list_for_user) prior to insertion.
7305 --
7306 IF g_dbg THEN op(l_proc||'('||to_char(i)||'):'); END IF;
7307
7308 INSERT INTO per_assignment_list
7309 (security_profile_id
7310 ,assignment_id
7311 ,person_id
7312 ,user_id
7313 ,request_id
7314 ,program_application_id
7315 ,program_id
7316 ,program_update_date)
7317 VALUES
7318 (p_security_profile_id
7319 ,i
7320 ,g_asg_tbl(i)
7321 ,p_user_id
7322 ,l_request_id
7323 ,l_program_application_id
7324 ,l_program_id
7325 ,sysdate
7326 );
7327
7328 i := g_asg_tbl.NEXT(i);
7329
7330 END LOOP;
7331
7332 IF g_dbg THEN op(l_proc, 30); END IF;
7333 --
7334 -- This is an autonomous transaction so an explicit
7335 -- commit or rollback is required.
7336 --
7337 COMMIT;
7338
7339 END IF;
7340
7341 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
7342
7343 END insert_asg_list_for_user;
7344 --
7345 -- ----------------------------------------------------------------------------
7346 -- |----------------------< evaluate_org_access >-----------------------------|
7347 -- ----------------------------------------------------------------------------
7348 --
7349 FUNCTION evaluate_org_access
7350 (p_user_id IN NUMBER
7351 ,p_effective_date IN DATE
7352 ,p_assignments_tbl IN g_assignments_t
7353 ,p_sec_prof_rec IN g_sec_prof_r
7354 ,p_use_static_lists IN BOOLEAN DEFAULT TRUE
7355 ,p_update_static_lists IN BOOLEAN DEFAULT FALSE)
7356 RETURN BOOLEAN IS
7357
7358 --
7359 -- Local variables.
7360 --
7361 l_org_structure_version_id NUMBER;
7362 l_proc VARCHAR2(72) := g_package||'evaluate_org_access';
7363
7364 BEGIN
7365
7366 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
7367
7368 --
7369 -- If there is no organization security, return true.
7370 --
7371 IF NOT restricted_orgs(p_sec_prof_rec) THEN
7372 IF g_dbg THEN op('Leaving: '||l_proc, 989); END IF;
7373 RETURN TRUE;
7374 END IF;
7375
7376 --
7377 -- Here organization security is evaluated on the fly.
7378 -- This is done dynamically because:
7379 -- a) user-based org security is in use and the user does
7380 -- not have their permissions stored in static tables, or
7381 -- b) the per_organization_list table is not to be used.
7382 --
7383 IF NOT p_use_static_lists
7384 OR (NVL(p_sec_prof_rec.top_organization_method, 'S') = 'U'
7385 AND NOT user_in_static_org_list(p_user_id
7386 ,p_sec_prof_rec.security_profile_id))
7387 THEN
7388 --
7389 -- Start by getting the organization hierarchy version for the
7390 -- security profile. Note that the structure ID will be null
7391 -- when only Include orgs are used. In this case, the
7392 -- get_org_structure_version function below will return null
7393 -- and the org hierarchy assessment will be stepped over.
7394 --
7395 IF g_dbg THEN op(l_proc, 30); END IF;
7396
7397 l_org_structure_version_id := get_org_structure_version
7398 (p_sec_prof_rec.organization_structure_id
7399 ,p_effective_date);
7400
7401 IF l_org_structure_version_id IS NOT NULL THEN
7402 --
7403 -- This will occur when using, for example, include organizations
7404 -- without hierarchies.
7405 --
7406 IF g_dbg THEN op(l_proc, 40); END IF;
7407
7408 IF NVL(p_sec_prof_rec.top_organization_method, 'S') = 'U' THEN
7409 --
7410 -- If using user-based security, permissions must be
7411 -- evaluated on a per assignment basis.
7412 --
7413 IF g_dbg THEN op(l_proc, 50); END IF;
7414
7415 IF p_assignments_tbl.COUNT > 0 THEN
7416 --
7417 -- Check that assignments exist and evaluate access
7418 -- for each assignment.
7419 --
7420 IF g_dbg THEN op(l_proc, 60); END IF;
7421
7422 FOR i IN p_assignments_tbl.FIRST..p_assignments_tbl.LAST LOOP
7423
7424 --
7425 -- Add the organizations in the hierarchy to the cache,
7426 -- using the assignment's organization as the top
7427 -- org.
7428 --
7429 IF g_dbg THEN op(l_proc||'('||
7430 to_char(p_assignments_tbl(i).assignment_id)||')', 10);
7431 END IF;
7432
7433 add_hier_orgs_to_cache
7434 (p_assignments_tbl(i).organization_id
7435 ,l_org_structure_version_id
7436 ,p_sec_prof_rec.include_top_organization_flag);
7437
7438 IF g_dbg THEN op(l_proc||'('||
7439 to_char(p_assignments_tbl(i).assignment_id)||')', 20);
7440 END IF;
7441 END LOOP;
7442 END IF; -- End of evaluating each individual assignment
7443
7444 ELSE
7445 --
7446 -- Add the organizations in the hierarchy to the cache,
7447 -- using the organization specified on the security profile
7448 -- as the top org.
7449 --
7450 IF g_dbg THEN op(l_proc, 70); END IF;
7451
7452 add_hier_orgs_to_cache
7453 (p_sec_prof_rec.organization_id
7454 ,l_org_structure_version_id
7455 ,p_sec_prof_rec.include_top_organization_flag);
7456 END IF;
7457 END IF;
7458
7459 IF g_dbg THEN op(l_proc, 90); END IF;
7460
7461 --
7462 -- If the exclude business groups flag is ticked, remove any BGs
7463 -- already in the list.
7464 -- If the exclude business groups flag is unticked, add the orgs'
7465 -- owning BGs to the list.
7466 --
7467 add_remove_bgs_for_orgs(p_sec_prof_rec.exclude_business_groups_flag
7468 ,p_sec_prof_rec.business_group_id);
7469
7470 IF g_dbg THEN op(l_proc, 100); END IF;
7471 --
7472 -- Add the include organizations; remove the exclude
7473 -- organizations.
7474 --
7475 add_incl_remove_excl_orgs(p_sec_prof_rec.security_profile_id);
7476
7477 IF g_dbg THEN op(l_proc, 110); END IF;
7478
7479 ELSE
7480 --
7481 -- Organization security will not be calculated on the fly
7482 -- so the static org list is cached.
7483 --
7484 IF g_dbg THEN op(l_proc, 120); END IF;
7485
7486 add_static_orgs_to_cache(p_user_id
7487 ,p_sec_prof_rec.security_profile_id
7488 ,p_sec_prof_rec.top_organization_method);
7489
7490 IF g_dbg THEN op(l_proc, 130); END IF;
7491
7492 END IF;
7493
7494 IF g_dbg THEN op(l_proc, 140); END IF;
7495
7496 IF p_update_static_lists
7497 AND NVL(p_sec_prof_rec.top_organization_method, 'S') = 'U'
7498 THEN
7499 --
7500 -- Existing records for this user are deleted and then
7501 -- re-inserted. Records are only inserted if this profile
7502 -- is using user-based org security.
7503 --
7504 IF g_dbg THEN op(l_proc, 150); END IF;
7505
7506 delete_org_list_for_user
7507 (p_user_id, p_sec_prof_rec.security_profile_id);
7508 insert_org_list_for_user
7509 (p_user_id,p_sec_prof_rec.security_profile_id);
7510
7511 END IF;
7512
7513 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
7514
7515 RETURN TRUE;
7516
7517 END evaluate_org_access;
7518 --
7519 -- ----------------------------------------------------------------------------
7520 -- |----------------------< evaluate_pos_access >-----------------------------|
7521 -- ----------------------------------------------------------------------------
7522 --
7523 FUNCTION evaluate_pos_access
7524 (p_user_id IN NUMBER
7525 ,p_effective_date IN DATE
7526 ,p_assignments_tbl IN g_assignments_t
7527 ,p_sec_prof_rec IN g_sec_prof_r
7528 ,p_use_static_lists IN BOOLEAN DEFAULT TRUE
7529 ,p_update_static_lists IN BOOLEAN DEFAULT FALSE)
7530 RETURN BOOLEAN IS
7531
7532 --
7533 -- Local variables.
7534 --
7535 l_pos_structure_version_id NUMBER;
7536 l_restricted_orgs BOOLEAN;
7537 l_proc VARCHAR2(72) := g_package||'evaluate_pos_access';
7538
7539 BEGIN
7540
7541 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
7542
7543 --
7544 -- If there is no position security, return true.
7545 --
7546 IF NOT restricted_pos(p_sec_prof_rec) THEN
7547 IF g_dbg THEN op('Leaving: '||l_proc, 989); END IF;
7548 RETURN TRUE;
7549 END IF;
7550
7551 --
7552 -- Here position security is evaluated on the fly.
7553 -- This is done dynamically because:
7554 -- a) user-based pos security or user-based org security
7555 -- is in use and the user does not have their permissions
7556 -- stored in static tables, or
7557 -- b) the per_position_list table is not to be used.
7558 --
7559 IF NOT p_use_static_lists
7560 OR ((NVL(p_sec_prof_rec.top_position_method, 'S') = 'U' OR
7561 NVL(p_sec_prof_rec.top_organization_method, 'S') = 'U')
7562 AND NOT user_in_static_pos_list(p_user_id
7563 ,p_sec_prof_rec.security_profile_id))
7564 THEN
7565
7566 IF g_dbg THEN op(l_proc, 20); END IF;
7567 l_restricted_orgs := restricted_orgs(p_sec_prof_rec);
7568
7569 IF l_restricted_orgs AND (NOT org_access_known) THEN
7570 --
7571 -- The profile has organization restrictions, but
7572 -- the evaluation of organization security was deferred
7573 -- for performance reasons. The org permissions
7574 -- are needed to determine the position permissions, so
7575 -- force evaluation of organization security permissions
7576 -- now.
7577 --
7578 IF g_dbg THEN op(l_proc, 30); END IF;
7579
7580 evaluate_access
7581 (p_person_id => g_access_known_rec.person_id
7582 ,p_user_id => p_user_id
7583 ,p_effective_date => p_effective_date
7584 ,p_sec_prof_rec => p_sec_prof_rec
7585 ,p_what_to_evaluate => g_ORG_SEC_ONLY
7586 ,p_update_static_lists => p_update_static_lists
7587 ,p_debug => g_dbg_type);
7588 END IF;
7589
7590 --
7591 -- Get the position hierarchy version for the security
7592 -- profile. Note that the structure ID should be
7593 -- set (the below "IF" is for safety).
7594 --
7595 IF g_dbg THEN op(l_proc, 30); END IF;
7596
7597 l_pos_structure_version_id := get_pos_structure_version
7598 (p_sec_prof_rec.position_structure_id
7599 ,p_effective_date);
7600
7601 IF l_pos_structure_version_id IS NOT NULL THEN
7602 --
7603 -- This will occur if the hierarchy exists but does not have
7604 -- versions.
7605 --
7606 IF g_dbg THEN op(l_proc, 40); END IF;
7607
7608 IF NVL(p_sec_prof_rec.top_position_method, 'S') = 'U' THEN
7609 --
7610 -- If using user-based security, permissions must be
7611 -- evaluated on a per assignment basis.
7612 --
7613 IF g_dbg THEN op(l_proc, 50); END IF;
7614
7615 IF p_assignments_tbl.COUNT > 0 THEN
7616 --
7617 -- Check that assignments exist and evaluate access
7618 -- for each assignment.
7619 --
7620 IF g_dbg THEN op(l_proc, 60); END IF;
7621
7622 FOR i IN p_assignments_tbl.FIRST..p_assignments_tbl.LAST LOOP
7623 --
7624 -- Add the positions in the hierarchy to the cache,
7625 -- using the assignment's position as the top
7626 -- position.
7627 --
7628 IF g_dbg THEN op(l_proc||'('||
7629 to_char(p_assignments_tbl(i).assignment_id)||')', 10);
7630 END IF;
7631
7632 add_hier_pos_to_cache
7633 (p_assignments_tbl(i).position_id
7634 ,l_pos_structure_version_id
7635 ,p_sec_prof_rec.include_top_position_flag
7636 ,p_effective_date
7637 ,l_restricted_orgs);
7638
7639 IF g_dbg THEN op(l_proc||'('||
7640 to_char(p_assignments_tbl(i).assignment_id)||')', 20);
7641 END IF;
7642 END LOOP;
7643 END IF; -- End of evaluating each individual assignment
7644
7645 ELSE
7646 --
7647 -- Add the positions in the hierarchy to the cache,
7648 -- using the position specified on the security profile
7649 -- as the top position.
7650 --
7651 IF g_dbg THEN op(l_proc, 70); END IF;
7652
7653 add_hier_pos_to_cache
7654 (p_sec_prof_rec.position_id
7655 ,l_pos_structure_version_id
7656 ,p_sec_prof_rec.include_top_position_flag
7657 ,p_effective_date
7658 ,l_restricted_orgs);
7659
7660 IF g_dbg THEN op(l_proc, 80); END IF;
7661 END IF;
7662 END IF;
7663
7664 IF g_dbg THEN op(l_proc, 90); END IF;
7665
7666 ELSE
7667 --
7668 -- Position security will not be calculated on the fly
7669 -- so the static position list is cached.
7670 --
7671 IF g_dbg THEN op(l_proc, 100); END IF;
7672
7673 add_static_pos_to_cache(p_user_id
7674 ,p_sec_prof_rec.security_profile_id
7675 ,p_sec_prof_rec.top_position_method);
7676
7677 IF g_dbg THEN op(l_proc, 110); END IF;
7678
7679 END IF;
7680
7681 IF g_dbg THEN op(l_proc, 120); END IF;
7682
7683 IF p_update_static_lists AND
7684 NVL(p_sec_prof_rec.top_position_method, 'S') = 'U'
7685 THEN
7686 --
7687 -- Existing records for this user are deleted and then
7688 -- re-inserted. Records are only inserted if this profile
7689 -- is using user-based org security.
7690 --
7691 IF g_dbg THEN op(l_proc, 130); END IF;
7692
7693 delete_pos_list_for_user
7694 (p_user_id, p_sec_prof_rec.security_profile_id);
7695 insert_pos_list_for_user
7696 (p_user_id,p_sec_prof_rec.security_profile_id);
7697
7698 END IF;
7699
7700 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
7701
7702 RETURN TRUE;
7703
7704 END evaluate_pos_access;
7705 --
7706 -- ----------------------------------------------------------------------------
7707 -- |----------------------< evaluate_pay_access >-----------------------------|
7708 -- ----------------------------------------------------------------------------
7709 --
7710 FUNCTION evaluate_pay_access
7711 (p_user_id IN NUMBER
7712 ,p_effective_date IN DATE
7713 ,p_sec_prof_rec IN g_sec_prof_r
7714 ,p_use_static_lists IN BOOLEAN DEFAULT TRUE)
7715 RETURN BOOLEAN IS
7716
7717 --
7718 -- Local variables.
7719 --
7720 l_proc VARCHAR2(72) := g_package||'evaluate_pay_access';
7721
7722 BEGIN
7723
7724 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
7725
7726 --
7727 -- If there is no payroll security, return true.
7728 --
7729 IF NOT restricted_pays(p_sec_prof_rec) THEN
7730 IF g_dbg THEN op(l_proc, 20); END IF;
7731 RETURN TRUE;
7732 END IF;
7733
7734 IF NOT p_use_static_lists THEN
7735 --
7736 -- Here payroll security is evaluated on the fly if static
7737 -- lists will not be used.
7738 --
7739 IF g_dbg THEN op(l_proc, 30); END IF;
7740
7741 add_sec_prof_pay_to_cache(p_sec_prof_rec.security_profile_id
7742 ,p_sec_prof_rec.include_exclude_payroll_flag
7743 ,p_sec_prof_rec.business_group_id
7744 ,p_effective_date);
7745
7746 IF g_dbg THEN op(l_proc, 40); END IF;
7747
7748 ELSE
7749 --
7750 -- Payroll security will not be calculated on the fly
7751 -- so the static payroll list is cached.
7752 --
7753 IF g_dbg THEN op(l_proc, 50); END IF;
7754
7755 add_static_pay_to_cache(p_sec_prof_rec.security_profile_id);
7756
7757 IF g_dbg THEN op(l_proc, 60); END IF;
7758
7759 END IF;
7760
7761 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
7762
7763 RETURN TRUE;
7764
7765 END evaluate_pay_access;
7766 --
7767 -- ----------------------------------------------------------------------------
7768 -- |----------------------< evaluate_per_access >-----------------------------|
7769 -- ----------------------------------------------------------------------------
7770 --
7771 function evaluate_per_access(
7772 p_user_id in number
7773 ,p_effective_date in date
7774 ,p_assignments_tbl in g_assignments_t
7775 ,p_sec_prof_rec in g_sec_prof_r
7776 ,p_use_static_lists in boolean default true
7777 ,p_update_static_lists in boolean default false
7778 ) return boolean is
7779 -- Local variables.
7780 l_proc varchar2(72) := g_package||'evaluate_per_access';
7781 l_user_restriction boolean := false;
7782 l_restricted_orgs boolean := false;
7783 l_restricted_pos boolean := false;
7784 l_restricted_pays boolean := false;
7785 l_rtm_security varchar2(1) := 'N';
7786 l_only_use_static boolean := false;
7787 --
7788 begin
7789 --
7790 if g_dbg then op('Entering: '||l_proc, 1); end if;
7791 --
7792 -- If there is no person security, return true.
7793 if not restricted_pers(p_sec_prof_rec) then
7794 --
7795 if g_dbg then op(l_proc, 20); end if;
7796 return true;
7797 --
7798 end if;
7799 --
7800 -- Record whether this profile uses a user-based restriction.
7801 if nvl(p_sec_prof_rec.top_organization_method, 'S') = 'U' or
7802 nvl(p_sec_prof_rec.top_position_method, 'S') = 'U' or
7803 nvl(p_sec_prof_rec.restrict_by_supervisor_flag, 'N') <> 'N' or
7804 nvl(p_sec_prof_rec.custom_restriction_flag, 'N') = 'U' then
7805 --
7806 l_user_restriction := true;
7807 --
7808 end if;
7809 --
7810 -- The static lists will be used when:
7811 -- a) No user-based or assignment-level security is in use,
7812 -- b) Assignment-level security is used without user-based security
7813 -- (the static lists are used for person-level security only where
7814 -- assignment security is evaluated dynamically),
7815 -- c) User-based security is in use, but permissions for this user
7816 -- are stored in static lists.
7817 if p_use_static_lists and
7818 (not l_user_restriction or
7819 (l_user_restriction and user_in_static_per_list(p_user_id,
7820 p_sec_prof_rec.security_profile_id))) then
7821 --
7822 l_only_use_static := true;
7823 --
7824 end if;
7825 --
7826 -- Security is only assessed dynamically where essential.
7827 -- The conditions that force this are:
7828 -- a) User-based security is used and the user-based permissions
7829 -- are not stored in static lists for this user,
7830 -- a) Assignment-level security is in use and the assignment-level
7831 -- permissions are not stored in static lists for this user,
7832 -- c) The p_use_static_lists parameter is forcing the dynamic
7833 -- evaluation of security.
7834 if not l_only_use_static or
7835 (nvl(p_sec_prof_rec.restrict_on_individual_asg, 'N') = 'Y'
7836 and not user_in_static_asg_list(p_user_id,
7837 p_sec_prof_rec.security_profile_id)) then
7838 --
7839 -- First, ensure all other security criteria has already
7840 -- been evaluated where it is needed.
7841 if g_dbg then op(l_proc, 20); end if;
7842 --
7843 l_restricted_orgs := restricted_orgs(p_sec_prof_rec);
7844 --
7845 if l_restricted_orgs and (not org_access_known) then
7846 --
7847 -- The profile has organization restrictions, but
7848 -- the evaluation of organization security was deferred
7849 -- for performance reasons. The org permissions
7850 -- are needed to determine the per / asg permissions, so
7851 -- force evaluation of organization security permissions now.
7852 if g_dbg then op(l_proc, 30); end if;
7853 --
7854 evaluate_access(p_person_id => g_access_known_rec.person_id
7855 ,p_user_id => p_user_id
7856 ,p_effective_date => p_effective_date
7857 ,p_sec_prof_rec => p_sec_prof_rec
7858 ,p_what_to_evaluate => g_ORG_SEC_ONLY
7859 ,p_update_static_lists => p_update_static_lists
7860 ,p_debug => g_dbg_type);
7861 --
7862 end if;
7863 --
7864 if g_dbg then op(l_proc, 40); end if;
7865 --
7866 l_restricted_pos := restricted_pos(p_sec_prof_rec);
7867 --
7868 if l_restricted_pos and (not pos_access_known) then
7869 --
7870 -- The profile has position restrictions, but
7871 -- the evaluation of position security was deferred
7872 -- for performance reasons. The pos permissions
7873 -- are needed to determine the per / asg permissions, so
7874 -- force evaluation of position security permissions now.
7875 if g_dbg then op(l_proc, 50); end if;
7876 --
7877 evaluate_access(p_person_id => g_access_known_rec.person_id
7878 ,p_user_id => p_user_id
7879 ,p_effective_date => p_effective_date
7880 ,p_sec_prof_rec => p_sec_prof_rec
7881 ,p_what_to_evaluate => g_POS_SEC_ONLY
7882 ,p_update_static_lists => p_update_static_lists
7883 ,p_debug => g_dbg_type);
7884 --
7885 end if;
7886 --
7887 if g_dbg then op(l_proc, 60); end if;
7888 --
7889 l_restricted_pays := restricted_pays(p_sec_prof_rec);
7890 --
7891 if l_restricted_pays and (not pay_access_known) then
7892 --
7893 -- The profile has payroll restrictions, but
7894 -- the evaluation of payroll security was deferred
7895 -- for performance reasons. The pay permissions
7896 -- are needed to determine the per / asg permissions, so
7897 -- force evaluation of payroll security permissions now.
7898 if g_dbg then op(l_proc, 70); end if;
7899 --
7900 evaluate_access(p_person_id => g_access_known_rec.person_id
7901 ,p_user_id => p_user_id
7902 ,p_effective_date => p_effective_date
7903 ,p_sec_prof_rec => p_sec_prof_rec
7904 ,p_what_to_evaluate => g_PAY_SEC_ONLY
7905 ,p_update_static_lists => p_update_static_lists
7906 ,p_debug => g_dbg_type);
7907 --
7908 end if;
7909 --
7910 -- Evaluate person and assignment security permissions.
7911 if g_dbg then op(l_proc, 80); end if;
7912
7913 add_people_to_cache(p_top_person_id => g_access_known_rec.person_id
7914 ,p_effective_date => p_effective_date
7915 ,p_sec_prof_rec => p_sec_prof_rec
7916 ,p_use_static_lists => p_use_static_lists);
7917
7918 --
7919 -- Contacts for the people visible (both related and unrelated) and
7920 -- rows in per_person_list_changes are not processed and so not visible
7921 -- for all types of user-based security.
7922
7923 -- The reason for this is to remain consistent with supervisor security
7924 -- (been around since 11i) where PPLC people were not processed and
7925 -- so not visible and contacts only being visible in a view all contacts
7926 -- profile.
7927
7928 -- It is possible that future enhancements will allow contacts to be
7929 -- displayed in a user-based profile, but as it stands now they are
7930 -- never visible: the routines are kept here for future use only.
7931
7932 -- Add contacts to the cache if the profile restricts by contacts.
7933 -- If the security profile does not restrict by contacts, people
7934 -- are not added to the cache because the secure views handle
7935 -- this scenario without need to refer to the cache.
7936
7937 -- A condition with view_all_contacts_flag = All and
7938 -- view_all_candidates_flag = None, needs caching (ie: similar to
7939 -- record existing in per_person_list). The additional OR condition
7940 -- is included as part of Candidate Security enchancements.
7941
7942 -- if p_sec_prof_rec.view_all_contacts_flag = 'N' or
7943 -- (p_sec_prof_rec.view_all_contacts_flag = 'Y' and
7944 -- p_sec_prof_rec.view_all_candidates_flag = 'X') then
7945 --
7946 -- add_contacts_to_cache(p_effective_date
7947 -- ,p_sec_prof_rec.business_group_id);
7948 --
7949 -- end if;
7950 --
7951 -- However Candidate Security still needs the contacts to be cached
7952 -- atleast for the following condition.
7953 if p_sec_prof_rec.view_all_contacts_flag = 'Y' and
7954 p_sec_prof_rec.view_all_candidates_flag = 'X' then
7955 --
7956 add_contacts_to_cache(p_effective_date
7957 ,p_sec_prof_rec.business_group_id);
7958 --
7959 end if;
7960 -- Add the people in per_person_list_changes to the cache.
7961 -- It is expected that this can be obsoleted at a future
7962 -- date, because per_person_list_changes is effectively
7963 -- obsolete and is retained solely for the purpose of not
7964 -- breaking customer custom processes that use this table.
7965
7966 -- add_per_list_changes_to_cache(p_sec_prof_rec.security_profile_id
7967 -- ,p_effective_date);
7968
7969 end if;
7970 --
7971 if l_only_use_static then
7972 --
7973 -- Person security will not be calculated on the fly
7974 -- so the static person list is cached.
7975 add_static_per_to_cache(p_user_id
7976 ,p_sec_prof_rec.security_profile_id
7977 ,l_user_restriction);
7978 --
7979 -- If restricting at an assignment level, also cache
7980 -- the assignment list.
7981 if nvl(p_sec_prof_rec.restrict_on_individual_asg, 'N') = 'Y' then
7982 --
7983 add_static_asg_to_cache(p_user_id
7984 ,p_sec_prof_rec.security_profile_id
7985 ,l_user_restriction);
7986 --
7987 end if;
7988 --
7989 end if;
7990 --
7991 -- Add granted users and their assignments to the cache.
7992 add_granted_users_to_cache(p_user_id
7993 ,p_effective_date
7994 ,p_sec_prof_rec.allow_granted_users_flag
7995 ,p_sec_prof_rec.restrict_on_individual_asg);
7996 --
7997 -- Caching candidates (registered users through iRecruitment), this is
7998 -- valid only if the iRecruitment is installed.
7999 if p_sec_prof_rec.view_all_candidates_flag = 'Y' and
8000 p_sec_prof_rec.view_all_contacts_flag = 'N' then
8001 --
8002 add_candidates_to_cache(p_effective_date
8003 ,p_sec_prof_rec.business_group_id);
8004 --
8005 end if;
8006 --
8007 /* Get the value of Profile option 'Enable RTM Security' */
8008 fnd_profile.get(NAME => 'PER_RTM_SECURITY_PROFILE'
8009 ,VAL => l_rtm_security);
8010
8011
8012 /* Check Enable RTM Security is 'Yes' and current user is
8013 an RTM in this context */
8014
8015 if nvl(l_rtm_security,'N') ='Y' and hr_security.is_user_rtm then
8016 add_rtm_candidates_to_cache(p_sec_prof_rec);
8017 end if;
8018 --
8019 if p_update_static_lists and l_user_restriction then
8020 --
8021 -- Existing records for this user are deleted and then
8022 -- re-inserted. Records are only inserted if this profile
8023 -- is using user-based security.
8024 if g_dbg then op(l_proc, 130); end if;
8025 --
8026 delete_per_list_for_user(p_user_id,p_sec_prof_rec.security_profile_id);
8027 --
8028 insert_per_list_for_user(p_user_id,p_sec_prof_rec.security_profile_id);
8029 --
8030 if g_dbg then op(l_proc, 140); end if;
8031 --
8032 if nvl(p_sec_prof_rec.restrict_on_individual_asg, 'N') = 'Y' then
8033 --
8034 -- Only insert the assignment privileges if securing
8035 -- at an assignment level.
8036 if g_dbg then op(l_proc, 150); end if;
8037 --
8038 delete_asg_list_for_user(p_user_id,p_sec_prof_rec.security_profile_id);
8039 --
8040 insert_asg_list_for_user(p_user_id,p_sec_prof_rec.security_profile_id);
8041 --
8042 if g_dbg then op(l_proc, 160); end if;
8043 --
8044 end if;
8045 --
8046 end if;
8047 --
8048 if g_dbg then op('Leaving: '||l_proc, 999); end if;
8049 --
8050 return true;
8051 --
8052 end evaluate_per_access;
8053
8054 --SSHR
8055 function evaluate_per_access(
8056 p_user_id in number
8057 ,p_effective_date in date
8058 ,p_assignments_tbl in g_assignments_t
8059 ,p_sec_prof_rec in g_sec_prof_r
8060 ,p_use_static_lists in boolean default true
8061 ,p_update_static_lists in boolean default false
8062 ,p_top_person_id in number
8063 ) return boolean is
8064 -- Local variables.
8065 l_proc varchar2(72) := g_package||'evaluate_per_access';
8066 l_user_restriction boolean := false;
8067 l_restricted_orgs boolean := false;
8068 l_restricted_pos boolean := false;
8069 l_restricted_pays boolean := false;
8070 l_rtm_security varchar2(1) := 'N';
8071 l_only_use_static boolean := false;
8072 --
8073 begin
8074 --
8075 if g_dbg then op('Entering: '||l_proc, 1); end if;
8076 --
8077 -- If there is no person security, return true.
8078 if not restricted_pers(p_sec_prof_rec) then
8079 --
8080 if g_dbg then op(l_proc, 20); end if;
8081 return true;
8082 --
8083 end if;
8084 --
8085 -- Record whether this profile uses a user-based restriction.
8086 if nvl(p_sec_prof_rec.top_organization_method, 'S') = 'U' or
8087 nvl(p_sec_prof_rec.top_position_method, 'S') = 'U' or
8088 nvl(p_sec_prof_rec.restrict_by_supervisor_flag, 'N') <> 'N' or
8089 nvl(p_sec_prof_rec.custom_restriction_flag, 'N') = 'U' then
8090 --
8091 l_user_restriction := true;
8092 --
8093 end if;
8094 --
8095 -- The static lists will be used when:
8096 -- a) No user-based or assignment-level security is in use,
8097 -- b) Assignment-level security is used without user-based security
8098 -- (the static lists are used for person-level security only where
8099 -- assignment security is evaluated dynamically),
8100 -- c) User-based security is in use, but permissions for this user
8101 -- are stored in static lists.
8102 if p_use_static_lists and
8103 (not l_user_restriction or
8104 (l_user_restriction and user_in_static_per_list(p_user_id,
8105 p_sec_prof_rec.security_profile_id))) then
8106 --
8107 l_only_use_static := true;
8108 --
8109 end if;
8110 --
8111 -- Security is only assessed dynamically where essential.
8112 -- The conditions that force this are:
8113 -- a) User-based security is used and the user-based permissions
8114 -- are not stored in static lists for this user,
8115 -- a) Assignment-level security is in use and the assignment-level
8116 -- permissions are not stored in static lists for this user,
8117 -- c) The p_use_static_lists parameter is forcing the dynamic
8118 -- evaluation of security.
8119 if not l_only_use_static or
8120 (nvl(p_sec_prof_rec.restrict_on_individual_asg, 'N') = 'Y'
8121 and not user_in_static_asg_list(p_user_id,
8122 p_sec_prof_rec.security_profile_id)) then
8123 --
8124 -- First, ensure all other security criteria has already
8125 -- been evaluated where it is needed.
8126 if g_dbg then op(l_proc, 20); end if;
8127 --
8128 l_restricted_orgs := restricted_orgs(p_sec_prof_rec);
8129 --
8130 if l_restricted_orgs and (not org_access_known) then
8131 --
8132 -- The profile has organization restrictions, but
8133 -- the evaluation of organization security was deferred
8134 -- for performance reasons. The org permissions
8135 -- are needed to determine the per / asg permissions, so
8136 -- force evaluation of organization security permissions now.
8137 if g_dbg then op(l_proc, 30); end if;
8138 --
8139 evaluate_access(p_person_id => g_access_known_rec.person_id
8140 ,p_user_id => p_user_id
8141 ,p_effective_date => p_effective_date
8142 ,p_sec_prof_rec => p_sec_prof_rec
8143 ,p_what_to_evaluate => g_ORG_SEC_ONLY
8144 ,p_update_static_lists => p_update_static_lists
8145 ,p_debug => g_dbg_type);
8146 --
8147 end if;
8148 --
8149 if g_dbg then op(l_proc, 40); end if;
8150 --
8151 l_restricted_pos := restricted_pos(p_sec_prof_rec);
8152 --
8153 if l_restricted_pos and (not pos_access_known) then
8154 --
8155 -- The profile has position restrictions, but
8156 -- the evaluation of position security was deferred
8157 -- for performance reasons. The pos permissions
8158 -- are needed to determine the per / asg permissions, so
8159 -- force evaluation of position security permissions now.
8160 if g_dbg then op(l_proc, 50); end if;
8161 --
8162 evaluate_access(p_person_id => g_access_known_rec.person_id
8163 ,p_user_id => p_user_id
8164 ,p_effective_date => p_effective_date
8165 ,p_sec_prof_rec => p_sec_prof_rec
8166 ,p_what_to_evaluate => g_POS_SEC_ONLY
8167 ,p_update_static_lists => p_update_static_lists
8168 ,p_debug => g_dbg_type);
8169 --
8170 end if;
8171 --
8172 if g_dbg then op(l_proc, 60); end if;
8173 --
8174 l_restricted_pays := restricted_pays(p_sec_prof_rec);
8175 --
8176 if l_restricted_pays and (not pay_access_known) then
8177 --
8178 -- The profile has payroll restrictions, but
8179 -- the evaluation of payroll security was deferred
8180 -- for performance reasons. The pay permissions
8181 -- are needed to determine the per / asg permissions, so
8182 -- force evaluation of payroll security permissions now.
8183 if g_dbg then op(l_proc, 70); end if;
8184 --
8185 evaluate_access(p_person_id => g_access_known_rec.person_id
8186 ,p_user_id => p_user_id
8187 ,p_effective_date => p_effective_date
8188 ,p_sec_prof_rec => p_sec_prof_rec
8189 ,p_what_to_evaluate => g_PAY_SEC_ONLY
8190 ,p_update_static_lists => p_update_static_lists
8191 ,p_debug => g_dbg_type);
8192 --
8193 end if;
8194 --
8195 -- Evaluate person and assignment security permissions.
8196 if g_dbg then op(l_proc, 80); end if;
8197
8198 add_people_to_cache(p_top_person_id => p_top_person_id --g_access_known_rec.person_id - Modified for SSHR Hierarchy Page Perf issue.
8199 ,p_effective_date => p_effective_date
8200 ,p_sec_prof_rec => p_sec_prof_rec
8201 ,p_use_static_lists => p_use_static_lists);
8202
8203 --
8204 -- Contacts for the people visible (both related and unrelated) and
8205 -- rows in per_person_list_changes are not processed and so not visible
8206 -- for all types of user-based security.
8207
8208 -- The reason for this is to remain consistent with supervisor security
8209 -- (been around since 11i) where PPLC people were not processed and
8210 -- so not visible and contacts only being visible in a view all contacts
8211 -- profile.
8212
8213 -- It is possible that future enhancements will allow contacts to be
8214 -- displayed in a user-based profile, but as it stands now they are
8215 -- never visible: the routines are kept here for future use only.
8216
8217 -- Add contacts to the cache if the profile restricts by contacts.
8218 -- If the security profile does not restrict by contacts, people
8219 -- are not added to the cache because the secure views handle
8220 -- this scenario without need to refer to the cache.
8221
8222 -- A condition with view_all_contacts_flag = All and
8223 -- view_all_candidates_flag = None, needs caching (ie: similar to
8224 -- record existing in per_person_list). The additional OR condition
8225 -- is included as part of Candidate Security enchancements.
8226
8227 -- if p_sec_prof_rec.view_all_contacts_flag = 'N' or
8228 -- (p_sec_prof_rec.view_all_contacts_flag = 'Y' and
8229 -- p_sec_prof_rec.view_all_candidates_flag = 'X') then
8230 --
8231 -- add_contacts_to_cache(p_effective_date
8232 -- ,p_sec_prof_rec.business_group_id);
8233 --
8234 -- end if;
8235 --
8236 -- However Candidate Security still needs the contacts to be cached
8237 -- atleast for the following condition.
8238 if p_sec_prof_rec.view_all_contacts_flag = 'Y' and
8239 p_sec_prof_rec.view_all_candidates_flag = 'X' then
8240 --
8241 add_contacts_to_cache(p_effective_date
8242 ,p_sec_prof_rec.business_group_id);
8243 --
8244 end if;
8245 -- Add the people in per_person_list_changes to the cache.
8246 -- It is expected that this can be obsoleted at a future
8247 -- date, because per_person_list_changes is effectively
8248 -- obsolete and is retained solely for the purpose of not
8249 -- breaking customer custom processes that use this table.
8250
8251 -- add_per_list_changes_to_cache(p_sec_prof_rec.security_profile_id
8252 -- ,p_effective_date);
8253
8254 end if;
8255 --
8256 if l_only_use_static then
8257 --
8258 -- Person security will not be calculated on the fly
8259 -- so the static person list is cached.
8260 add_static_per_to_cache(p_user_id
8261 ,p_sec_prof_rec.security_profile_id
8262 ,l_user_restriction);
8263 --
8264 -- If restricting at an assignment level, also cache
8265 -- the assignment list.
8266 if nvl(p_sec_prof_rec.restrict_on_individual_asg, 'N') = 'Y' then
8267 --
8268 add_static_asg_to_cache(p_user_id
8269 ,p_sec_prof_rec.security_profile_id
8270 ,l_user_restriction);
8271 --
8272 end if;
8273 --
8274 end if;
8275 --
8276 -- Add granted users and their assignments to the cache.
8277 add_granted_users_to_cache(p_user_id
8278 ,p_effective_date
8279 ,p_sec_prof_rec.allow_granted_users_flag
8280 ,p_sec_prof_rec.restrict_on_individual_asg);
8281 --
8282 -- Caching candidates (registered users through iRecruitment), this is
8283 -- valid only if the iRecruitment is installed.
8284 if p_sec_prof_rec.view_all_candidates_flag = 'Y' and
8285 p_sec_prof_rec.view_all_contacts_flag = 'N' then
8286 --
8287 add_candidates_to_cache(p_effective_date
8288 ,p_sec_prof_rec.business_group_id);
8289 --
8290 end if;
8291 --
8292 /* Get the value of Profile option 'Enable RTM Security' */
8293 fnd_profile.get(NAME => 'PER_RTM_SECURITY_PROFILE'
8294 ,VAL => l_rtm_security);
8295
8296
8297 /* Check Enable RTM Security is 'Yes' and current user is
8298 an RTM in this context */
8299
8300 if nvl(l_rtm_security,'N') ='Y' and hr_security.is_user_rtm then
8301 add_rtm_candidates_to_cache(p_sec_prof_rec);
8302 end if;
8303 --
8304 if p_update_static_lists and l_user_restriction then
8305 --
8306 -- Existing records for this user are deleted and then
8307 -- re-inserted. Records are only inserted if this profile
8308 -- is using user-based security.
8309 if g_dbg then op(l_proc, 130); end if;
8310 --
8311 delete_per_list_for_user(p_user_id,p_sec_prof_rec.security_profile_id);
8312 --
8313 insert_per_list_for_user(p_user_id,p_sec_prof_rec.security_profile_id);
8314 --
8315 if g_dbg then op(l_proc, 140); end if;
8316 --
8317 if nvl(p_sec_prof_rec.restrict_on_individual_asg, 'N') = 'Y' then
8318 --
8319 -- Only insert the assignment privileges if securing
8320 -- at an assignment level.
8321 if g_dbg then op(l_proc, 150); end if;
8322 --
8323 delete_asg_list_for_user(p_user_id,p_sec_prof_rec.security_profile_id);
8324 --
8325 insert_asg_list_for_user(p_user_id,p_sec_prof_rec.security_profile_id);
8326 --
8327 if g_dbg then op(l_proc, 160); end if;
8328 --
8329 end if;
8330 --
8331 end if;
8332 --
8333 if g_dbg then op('Leaving: '||l_proc, 999); end if;
8334 --
8335 return true;
8336 --
8337 end evaluate_per_access;
8338
8339 --SSHR
8340
8341
8342
8343 --
8344 -- ----------------------------------------------------------------------------
8345 -- |----------------------< evaluate_access >---------------------------------|
8346 -- ----------------------------------------------------------------------------
8347 --
8348 PROCEDURE evaluate_access
8349 (p_user_id IN NUMBER
8350 ,p_effective_date IN DATE
8351 ,p_sec_prof_rec IN g_sec_prof_r
8352 ,p_person_id IN NUMBER DEFAULT NULL
8353 ,p_what_to_evaluate IN NUMBER DEFAULT g_PER_SEC_ONLY
8354 ,p_use_static_lists IN BOOLEAN DEFAULT TRUE
8355 ,p_update_static_lists IN BOOLEAN DEFAULT FALSE
8356 ,p_debug IN NUMBER DEFAULT g_NO_DEBUG)
8357 IS
8358
8359 --
8360 -- Local variables.
8361 --
8362 l_proc VARCHAR2(72) := g_package||'evaluate_access';
8363 l_debug BOOLEAN := FALSE;
8364 l_effective_date DATE := TRUNC(p_effective_date);
8365 l_assignments_tbl g_assignments_t;
8366
8367 BEGIN
8368
8369 --
8370 -- Initialise debugging.
8371 --
8372 IF p_debug = g_NO_DEBUG THEN
8373 --
8374 -- If no debug was specified (or defaulted) then
8375 -- checking for standard HRMS Pipe output.
8376 --
8377 IF g_debug THEN
8378 g_dbg_type := g_PIPE;
8379 g_dbg := TRUE;
8380 END IF;
8381 ELSIF p_debug <> g_NO_DEBUG THEN
8382 --
8383 -- If debugging was specified, set accordingly.
8384 --
8385 g_dbg_type := p_debug;
8386 g_dbg := TRUE;
8387 END IF;
8388
8389 IF g_dbg THEN
8390 op('Entering: '||l_proc, 1);
8391 op(' ');
8392 op(' --------------------------------'||
8393 '---------------------------------');
8394 op(' Profile: '||p_sec_prof_rec.security_profile_name);
8395 op(' --------------------------------'||
8396 '+--------------------------------');
8397 op(' p_person_id '||
8398 to_char(p_person_id));
8399 op(' p_user_id '||
8400 to_char(p_user_id));
8401 op(' p_effective_date '||
8402 to_char(l_effective_date));
8403 op(' p_security_profile_id '||
8404 to_char(p_sec_prof_rec.security_profile_id));
8405 op(' p_business_group_id '||
8406 to_char(p_sec_prof_rec.business_group_id));
8407 op(' p_view_all_flag '||
8408 p_sec_prof_rec.view_all_flag);
8409 op(' p_reporting_oracle_username '||
8410 p_sec_prof_rec.reporting_oracle_username);
8411 op(' p_allow_granted_users_flag '||
8412 p_sec_prof_rec.allow_granted_users_flag);
8413 op(' p_restrict_on_individual_asg '||
8414 p_sec_prof_rec.restrict_on_individual_asg);
8415 op(' p_view_all_employees_flag '||
8416 p_sec_prof_rec.view_all_employees_flag);
8417 op(' p_view_all_cwk_flag '||
8418 p_sec_prof_rec.view_all_cwk_flag);
8419 op(' p_view_all_applicants_flag '||
8420 p_sec_prof_rec.view_all_applicants_flag);
8421 op(' p_view_all_contacts_flag '||
8422 p_sec_prof_rec.view_all_contacts_flag);
8423 op(' p_view_all_organizations_flag '||
8424 p_sec_prof_rec.view_all_organizations_flag);
8425 op(' p_org_security_mode '||
8426 p_sec_prof_rec.org_security_mode);
8427 op(' p_top_organization_method '||
8428 p_sec_prof_rec.top_organization_method);
8429 op(' p_organization_structure_id '||
8430 to_char(p_sec_prof_rec.organization_structure_id));
8431 op(' p_organization_id '||
8432 to_char(p_sec_prof_rec.organization_id));
8433 op(' p_include_top_organization_flag '||
8434 p_sec_prof_rec.include_top_organization_flag);
8435 op(' p_exclude_business_groups_flag '||
8436 p_sec_prof_rec.exclude_business_groups_flag);
8437 op(' p_view_all_positions_flag '||
8438 p_sec_prof_rec.view_all_positions_flag);
8439 op(' p_top_position_method '||
8440 p_sec_prof_rec.top_position_method);
8441 op(' p_position_structure_id '||
8442 to_char(p_sec_prof_rec.position_structure_id));
8443 op(' p_position_id '||
8444 to_char(p_sec_prof_rec.position_id));
8445 op(' p_include_top_position_flag '||
8446 p_sec_prof_rec.include_top_position_flag);
8447 op(' p_view_all_payrolls_flag '||
8448 p_sec_prof_rec.view_all_payrolls_flag);
8449 op(' p_include_exclude_payroll_flag '||
8450 p_sec_prof_rec.include_exclude_payroll_flag);
8451 op(' p_restrict_by_supervisor_flag '||
8452 p_sec_prof_rec.restrict_by_supervisor_flag);
8453 op(' p_supervisor_levels '||
8454 to_char(p_sec_prof_rec.supervisor_levels));
8455 op(' p_exclude_secondary_asgs_flag '||
8456 p_sec_prof_rec.exclude_secondary_asgs_flag);
8457 op(' p_exclude_person_flag '||
8458 p_sec_prof_rec.exclude_person_flag);
8459 op(' p_named_person_id '||
8460 to_char(p_sec_prof_rec.named_person_id));
8461 op(' p_custom_restriction_flag '||
8462 p_sec_prof_rec.custom_restriction_flag);
8463 op(' p_what_to_evaluate '||
8464 to_char(p_what_to_evaluate));
8465 IF p_use_static_lists THEN
8466 op(' p_use_static_lists '||
8467 'TRUE');
8468 ELSE
8469 op(' p_use_static_lists '||
8470 'FALSE');
8471 END IF;
8472 IF p_update_static_lists THEN
8473 op(' p_update_static_lists '||
8474 'TRUE');
8475 ELSE
8476 op(' p_update_static_lists '||
8477 'FALSE');
8478 END IF;
8479 END IF;
8480
8481 --
8482 -- Protect against required values being NULL.
8483 --
8484 IF p_user_id IS NOT NULL AND
8485 l_effective_date IS NOT NULL AND
8486 p_sec_prof_rec.security_profile_id IS NOT NULL THEN
8487
8488 --
8489 -- Check that the permissions in memory (if any) match the
8490 -- given person, user, and security profile.
8491 --
8492 IF g_dbg THEN op(l_proc, 20); END IF;
8493
8494 IF g_access_known_rec.user_id IS NULL
8495 OR g_access_known_rec.effective_date IS NULL
8496 OR g_access_known_rec.security_profile_id IS NULL
8497 OR g_access_known_rec.user_id <> p_user_id
8498 OR g_access_known_rec.effective_date <> l_effective_date
8499 OR g_access_known_rec.security_profile_id <>
8500 p_sec_prof_rec.security_profile_id
8501 THEN
8502 --
8503 -- Clear the existing permission cache.
8504 --
8505 IF g_dbg THEN op(l_proc, 30); END IF;
8506
8507 g_access_known_rec.org := FALSE;
8508 g_access_known_rec.pos := FALSE;
8509 g_access_known_rec.pay := FALSE;
8510 g_access_known_rec.per := FALSE;
8511 g_org_tbl.DELETE;
8512 g_pos_tbl.DELETE;
8513 g_pay_tbl.DELETE;
8514 g_per_tbl.DELETE;
8515 g_asg_tbl.DELETE;
8516
8517 -- Added for Bug 8353429
8518 g_vac_per_tbl.DELETE;
8519 g_vac_asg_tbl.DELETE;
8520
8521 --
8522 -- Record the contexts of the (soon to be) cached permission.
8523 --
8524 g_access_known_rec.person_id := p_person_id;
8525 g_access_known_rec.user_id := p_user_id;
8526 g_access_known_rec.effective_date := l_effective_date;
8527 g_access_known_rec.security_profile_id
8528 := p_sec_prof_rec.security_profile_id;
8529
8530
8531 END IF;
8532
8533 IF g_dbg THEN op(l_proc, 40); END IF;
8534 --
8535 --
8536 -- Fetch the assignments for this person if the person is
8537 -- known.
8538 --
8539 IF p_person_id IS NOT NULL THEN
8540 l_assignments_tbl :=
8541 get_assignments(p_person_id, l_effective_date);
8542 END IF;
8543
8544 IF g_dbg THEN op(l_proc, 50); END IF;
8545
8546 --
8547 -- Evaluate the security permissions for this person
8548 -- and each assignments.
8549 --
8550 -- Not all permissions are evalulated right now. Where
8551 -- possible, evaluation is deferred until a more convenient
8552 -- point (eg, not at longon but perhaps on demand).
8553 -- The permissions are cached in PL/SQL list tables;
8554 -- the below g_access_known_rec record is used to indicate
8555 -- where evaluation has been deferred so that they can be
8556 -- evaluated at a later point.
8557 --
8558
8559 --
8560 -- Organization security.
8561 --
8562 IF p_what_to_evaluate = g_ALL OR
8563 p_what_to_evaluate = g_ORG_SEC_ONLY
8564 THEN
8565 IF g_dbg THEN op(l_proc, 60); END IF;
8566
8567 g_access_known_rec.org
8568 := evaluate_org_access
8569 (p_user_id => p_user_id
8570 ,p_effective_date => l_effective_date
8571 ,p_assignments_tbl => l_assignments_tbl
8572 ,p_sec_prof_rec => p_sec_prof_rec
8573 ,p_use_static_lists => p_use_static_lists
8574 ,p_update_static_lists => p_update_static_lists);
8575 END IF;
8576
8577 --
8578 -- Position security.
8579 --
8580 IF p_what_to_evaluate = g_ALL OR
8581 p_what_to_evaluate = g_POS_SEC_ONLY
8582 THEN
8583 IF g_dbg THEN op(l_proc, 70); END IF;
8584
8585 g_access_known_rec.pos
8586 := evaluate_pos_access
8587 (p_user_id => p_user_id
8588 ,p_effective_date => l_effective_date
8589 ,p_assignments_tbl => l_assignments_tbl
8590 ,p_sec_prof_rec => p_sec_prof_rec
8591 ,p_use_static_lists => p_use_static_lists
8592 ,p_update_static_lists => p_update_static_lists);
8593 END IF;
8594
8595 --
8596 -- Payroll security.
8597 --
8598 IF p_what_to_evaluate = g_ALL OR
8599 p_what_to_evaluate = g_PAY_SEC_ONLY
8600 THEN
8601 --
8602 -- Payroll security currently has no user-based feature,
8603 -- so there is no need to pass the table of assignments.
8604 -- As such, there is no benefit of using the
8605 -- p_use_static_lists and p_update_static_lists parameters.
8606 --
8607 IF g_dbg THEN op(l_proc, 80); END IF;
8608
8609 g_access_known_rec.pay
8610 := evaluate_pay_access
8611 (p_user_id => p_user_id
8612 ,p_effective_date => l_effective_date
8613 ,p_sec_prof_rec => p_sec_prof_rec
8614 ,p_use_static_lists => p_use_static_lists);
8615 END IF;
8616
8617 --
8618 -- Person security.
8619 --
8620 IF p_what_to_evaluate = g_ALL OR
8621 p_what_to_evaluate = g_PER_SEC_ONLY
8622 THEN
8623 IF g_dbg THEN op(l_proc, 90); END IF;
8624
8625 g_access_known_rec.per
8626 := evaluate_per_access
8627 (p_user_id => p_user_id
8628 ,p_effective_date => l_effective_date
8629 ,p_assignments_tbl => l_assignments_tbl
8630 ,p_sec_prof_rec => p_sec_prof_rec
8631 ,p_use_static_lists => p_use_static_lists
8632 ,p_update_static_lists => p_update_static_lists);
8633 END IF;
8634
8635 --
8636 -- Keep a record of the fnd session context in the local cache
8637 -- so that a context change can be detected.
8638 --
8639 --DK:4188036. Have moved this call to the end of evaluate_access
8640 --to guard against the case where apps initialize is called without
8641 --a change a change in security context.
8642
8643 sync_session_context;
8644
8645
8646 END IF;
8647
8648 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
8649
8650 END evaluate_access;
8651
8652 --SSHR
8653
8654 PROCEDURE evaluate_access
8655 (p_user_id IN NUMBER
8656 ,p_effective_date IN DATE
8657 ,p_sec_prof_rec IN g_sec_prof_r
8658 ,p_person_id IN NUMBER DEFAULT NULL
8659 ,p_what_to_evaluate IN NUMBER DEFAULT g_PER_SEC_ONLY
8660 ,p_use_static_lists IN BOOLEAN DEFAULT TRUE
8661 ,p_update_static_lists IN BOOLEAN DEFAULT FALSE
8662 ,p_debug IN NUMBER DEFAULT g_NO_DEBUG
8663 ,p_top_person_id IN NUMBER)
8664 IS
8665
8666 --
8667 -- Local variables.
8668 --
8669 l_proc VARCHAR2(72) := g_package||'evaluate_access';
8670 l_debug BOOLEAN := FALSE;
8671 l_effective_date DATE := TRUNC(p_effective_date);
8672 l_assignments_tbl g_assignments_t;
8673
8674 BEGIN
8675
8676 --
8677 -- Initialise debugging.
8678 --
8679 IF p_debug = g_NO_DEBUG THEN
8680 --
8681 -- If no debug was specified (or defaulted) then
8682 -- checking for standard HRMS Pipe output.
8683 --
8684 IF g_debug THEN
8685 g_dbg_type := g_PIPE;
8686 g_dbg := TRUE;
8687 END IF;
8688 ELSIF p_debug <> g_NO_DEBUG THEN
8689 --
8690 -- If debugging was specified, set accordingly.
8691 --
8692 g_dbg_type := p_debug;
8693 g_dbg := TRUE;
8694 END IF;
8695
8696 IF g_dbg THEN
8697 op('Entering: '||l_proc, 1);
8698 op(' ');
8699 op(' --------------------------------'||
8700 '---------------------------------');
8701 op(' Profile: '||p_sec_prof_rec.security_profile_name);
8702 op(' --------------------------------'||
8703 '+--------------------------------');
8704 op(' p_person_id '||
8705 to_char(p_person_id));
8706 op(' p_user_id '||
8707 to_char(p_user_id));
8708 op(' p_effective_date '||
8709 to_char(l_effective_date));
8710 op(' p_security_profile_id '||
8711 to_char(p_sec_prof_rec.security_profile_id));
8712 op(' p_business_group_id '||
8713 to_char(p_sec_prof_rec.business_group_id));
8714 op(' p_view_all_flag '||
8715 p_sec_prof_rec.view_all_flag);
8716 op(' p_reporting_oracle_username '||
8717 p_sec_prof_rec.reporting_oracle_username);
8718 op(' p_allow_granted_users_flag '||
8719 p_sec_prof_rec.allow_granted_users_flag);
8720 op(' p_restrict_on_individual_asg '||
8721 p_sec_prof_rec.restrict_on_individual_asg);
8722 op(' p_view_all_employees_flag '||
8723 p_sec_prof_rec.view_all_employees_flag);
8724 op(' p_view_all_cwk_flag '||
8725 p_sec_prof_rec.view_all_cwk_flag);
8726 op(' p_view_all_applicants_flag '||
8727 p_sec_prof_rec.view_all_applicants_flag);
8728 op(' p_view_all_contacts_flag '||
8729 p_sec_prof_rec.view_all_contacts_flag);
8730 op(' p_view_all_organizations_flag '||
8731 p_sec_prof_rec.view_all_organizations_flag);
8732 op(' p_org_security_mode '||
8733 p_sec_prof_rec.org_security_mode);
8734 op(' p_top_organization_method '||
8735 p_sec_prof_rec.top_organization_method);
8736 op(' p_organization_structure_id '||
8737 to_char(p_sec_prof_rec.organization_structure_id));
8738 op(' p_organization_id '||
8739 to_char(p_sec_prof_rec.organization_id));
8740 op(' p_include_top_organization_flag '||
8741 p_sec_prof_rec.include_top_organization_flag);
8742 op(' p_exclude_business_groups_flag '||
8743 p_sec_prof_rec.exclude_business_groups_flag);
8744 op(' p_view_all_positions_flag '||
8745 p_sec_prof_rec.view_all_positions_flag);
8746 op(' p_top_position_method '||
8747 p_sec_prof_rec.top_position_method);
8748 op(' p_position_structure_id '||
8749 to_char(p_sec_prof_rec.position_structure_id));
8750 op(' p_position_id '||
8751 to_char(p_sec_prof_rec.position_id));
8752 op(' p_include_top_position_flag '||
8753 p_sec_prof_rec.include_top_position_flag);
8754 op(' p_view_all_payrolls_flag '||
8755 p_sec_prof_rec.view_all_payrolls_flag);
8756 op(' p_include_exclude_payroll_flag '||
8757 p_sec_prof_rec.include_exclude_payroll_flag);
8758 op(' p_restrict_by_supervisor_flag '||
8759 p_sec_prof_rec.restrict_by_supervisor_flag);
8760 op(' p_supervisor_levels '||
8761 to_char(p_sec_prof_rec.supervisor_levels));
8762 op(' p_exclude_secondary_asgs_flag '||
8763 p_sec_prof_rec.exclude_secondary_asgs_flag);
8764 op(' p_exclude_person_flag '||
8765 p_sec_prof_rec.exclude_person_flag);
8766 op(' p_named_person_id '||
8767 to_char(p_sec_prof_rec.named_person_id));
8768 op(' p_custom_restriction_flag '||
8769 p_sec_prof_rec.custom_restriction_flag);
8770 op(' p_what_to_evaluate '||
8771 to_char(p_what_to_evaluate));
8772 IF p_use_static_lists THEN
8773 op(' p_use_static_lists '||
8774 'TRUE');
8775 ELSE
8776 op(' p_use_static_lists '||
8777 'FALSE');
8778 END IF;
8779 IF p_update_static_lists THEN
8780 op(' p_update_static_lists '||
8781 'TRUE');
8782 ELSE
8783 op(' p_update_static_lists '||
8784 'FALSE');
8785 END IF;
8786 END IF;
8787
8788 --
8789 -- Protect against required values being NULL.
8790 --
8791 IF p_user_id IS NOT NULL AND
8792 l_effective_date IS NOT NULL AND
8793 p_sec_prof_rec.security_profile_id IS NOT NULL THEN
8794
8795 --
8796 -- Check that the permissions in memory (if any) match the
8797 -- given person, user, and security profile.
8798 --
8799 IF g_dbg THEN op(l_proc, 20); END IF;
8800
8801 IF g_access_known_rec.user_id IS NULL
8802 OR g_access_known_rec.effective_date IS NULL
8803 OR g_access_known_rec.security_profile_id IS NULL
8804 OR g_access_known_rec.user_id <> p_user_id
8805 OR g_access_known_rec.effective_date <> l_effective_date
8806 OR g_access_known_rec.security_profile_id <>
8807 p_sec_prof_rec.security_profile_id
8808 THEN
8809 --
8810 -- Clear the existing permission cache.
8811 --
8812 IF g_dbg THEN op(l_proc, 30); END IF;
8813
8814 g_access_known_rec.org := FALSE;
8815 g_access_known_rec.pos := FALSE;
8816 g_access_known_rec.pay := FALSE;
8817 g_access_known_rec.per := FALSE;
8818 g_org_tbl.DELETE;
8819 g_pos_tbl.DELETE;
8820 g_pay_tbl.DELETE;
8821 g_per_tbl.DELETE;
8822 g_asg_tbl.DELETE;
8823
8824 -- Added for Bug 8353429
8825 g_vac_per_tbl.DELETE;
8826 g_vac_asg_tbl.DELETE;
8827
8828 --
8829 -- Record the contexts of the (soon to be) cached permission.
8830 --
8831 g_access_known_rec.person_id := p_person_id;
8832 g_access_known_rec.user_id := p_user_id;
8833 g_access_known_rec.effective_date := l_effective_date;
8834 g_access_known_rec.security_profile_id
8835 := p_sec_prof_rec.security_profile_id;
8836
8837
8838 END IF;
8839
8840 IF g_dbg THEN op(l_proc, 40); END IF;
8841 --
8842 --
8843 -- Fetch the assignments for this person if the person is
8844 -- known.
8845 --
8846 IF p_person_id IS NOT NULL THEN
8847 l_assignments_tbl :=
8848 get_assignments(p_person_id, l_effective_date);
8849 END IF;
8850
8851 IF g_dbg THEN op(l_proc, 50); END IF;
8852
8853 --
8854 -- Evaluate the security permissions for this person
8855 -- and each assignments.
8856 --
8857 -- Not all permissions are evalulated right now. Where
8858 -- possible, evaluation is deferred until a more convenient
8859 -- point (eg, not at longon but perhaps on demand).
8860 -- The permissions are cached in PL/SQL list tables;
8861 -- the below g_access_known_rec record is used to indicate
8862 -- where evaluation has been deferred so that they can be
8863 -- evaluated at a later point.
8864 --
8865
8866 --
8867 -- Organization security.
8868 --
8869 IF p_what_to_evaluate = g_ALL OR
8870 p_what_to_evaluate = g_ORG_SEC_ONLY
8871 THEN
8872 IF g_dbg THEN op(l_proc, 60); END IF;
8873
8874 g_access_known_rec.org
8875 := evaluate_org_access
8876 (p_user_id => p_user_id
8877 ,p_effective_date => l_effective_date
8878 ,p_assignments_tbl => l_assignments_tbl
8879 ,p_sec_prof_rec => p_sec_prof_rec
8880 ,p_use_static_lists => p_use_static_lists
8881 ,p_update_static_lists => p_update_static_lists);
8882 END IF;
8883
8884 --
8885 -- Position security.
8886 --
8887 IF p_what_to_evaluate = g_ALL OR
8888 p_what_to_evaluate = g_POS_SEC_ONLY
8889 THEN
8890 IF g_dbg THEN op(l_proc, 70); END IF;
8891
8892 g_access_known_rec.pos
8893 := evaluate_pos_access
8894 (p_user_id => p_user_id
8895 ,p_effective_date => l_effective_date
8896 ,p_assignments_tbl => l_assignments_tbl
8897 ,p_sec_prof_rec => p_sec_prof_rec
8898 ,p_use_static_lists => p_use_static_lists
8899 ,p_update_static_lists => p_update_static_lists);
8900 END IF;
8901
8902 --
8903 -- Payroll security.
8904 --
8905 IF p_what_to_evaluate = g_ALL OR
8906 p_what_to_evaluate = g_PAY_SEC_ONLY
8907 THEN
8908 --
8909 -- Payroll security currently has no user-based feature,
8910 -- so there is no need to pass the table of assignments.
8911 -- As such, there is no benefit of using the
8912 -- p_use_static_lists and p_update_static_lists parameters.
8913 --
8914 IF g_dbg THEN op(l_proc, 80); END IF;
8915
8916 g_access_known_rec.pay
8917 := evaluate_pay_access
8918 (p_user_id => p_user_id
8919 ,p_effective_date => l_effective_date
8920 ,p_sec_prof_rec => p_sec_prof_rec
8921 ,p_use_static_lists => p_use_static_lists);
8922 END IF;
8923
8924 --
8925 -- Person security.
8926 --
8927 IF p_what_to_evaluate = g_ALL OR
8928 p_what_to_evaluate = g_PER_SEC_ONLY
8929 THEN
8930 IF g_dbg THEN op(l_proc, 90); END IF;
8931
8932 g_access_known_rec.per
8933 := evaluate_per_access
8934 (p_user_id => p_user_id
8935 ,p_effective_date => l_effective_date
8936 ,p_assignments_tbl => l_assignments_tbl
8937 ,p_sec_prof_rec => p_sec_prof_rec
8938 ,p_use_static_lists => p_use_static_lists
8939 ,p_update_static_lists => p_update_static_lists
8940 ,p_top_person_id => p_top_person_id);
8941 END IF;
8942
8943 --
8944 -- Keep a record of the fnd session context in the local cache
8945 -- so that a context change can be detected.
8946 --
8947 --DK:4188036. Have moved this call to the end of evaluate_access
8948 --to guard against the case where apps initialize is called without
8949 --a change a change in security context.
8950
8951 sync_session_context;
8952
8953
8954 END IF;
8955
8956 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
8957
8958 END evaluate_access;
8959 --SSHR
8960
8961
8962
8963
8964 --
8965 -- ----------------------------------------------------------------------------
8966 -- |----------------------< user_in_static_lists >----------------------------|
8967 -- ----------------------------------------------------------------------------
8968 --
8969 FUNCTION user_in_static_lists
8970 (p_user_id IN NUMBER
8971 ,p_security_profile_id IN NUMBER)
8972 RETURN BOOLEAN IS
8973
8974 --
8975 -- Local variables.
8976 --
8977 l_proc VARCHAR2(72) := g_package||'user_in_static_lists';
8978
8979 BEGIN
8980
8981 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
8982
8983 IF p_user_id IS NOT NULL and p_security_profile_id IS NOT NULL THEN
8984 --
8985 -- Look in each of the static lists for this user and security profile
8986 -- pair. If a match is found in any list, immediately return true.
8987 -- The payroll list does not store static user permissions so it
8988 -- is not checked here.
8989 --
8990 IF g_dbg THEN op(l_proc, 20); END IF;
8991
8992 IF user_in_static_org_list(p_user_id, p_security_profile_id) THEN
8993 IF g_dbg THEN op('Leaving: '||l_proc, 959); END IF;
8994 RETURN TRUE;
8995 END IF;
8996
8997 IF user_in_static_pos_list(p_user_id, p_security_profile_id) THEN
8998 IF g_dbg THEN op('Leaving: '||l_proc, 969); END IF;
8999 RETURN TRUE;
9000 END IF;
9001
9002 IF user_in_static_per_list(p_user_id, p_security_profile_id) THEN
9003 IF g_dbg THEN op('Leaving: '||l_proc, 979); END IF;
9004 RETURN TRUE;
9005 END IF;
9006
9007 IF user_in_static_asg_list(p_user_id, p_security_profile_id) THEN
9008 IF g_dbg THEN op('Leaving: '||l_proc, 989); END IF;
9009 RETURN TRUE;
9010 END IF;
9011
9012 END IF;
9013
9014 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
9015
9016 RETURN FALSE;
9017
9018 END user_in_static_lists;
9019 --
9020 -- ----------------------------------------------------------------------------
9021 -- |----------------------< delete_static_lists_for_user >--------------------|
9022 -- ----------------------------------------------------------------------------
9023 --
9024 PROCEDURE delete_static_lists_for_user
9025 (p_user_id IN NUMBER
9026 ,p_security_profile_id IN NUMBER)
9027 IS
9028
9029 --
9030 -- This is not an autonomous transaction because it is called during
9031 -- normal transaction processing, eg, by APIs, so an explicit commit
9032 -- cannot be issued.
9033 --
9034 --
9035 -- Local variables.
9036 --
9037 l_proc VARCHAR2(72) := g_package||'delete_static_lists_for_user';
9038
9039 BEGIN
9040
9041 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
9042
9043 IF p_user_id IS NOT NULL AND p_security_profile_id IS NOT NULL THEN
9044 --
9045 -- Delete from each of the static lists. The only list untouched
9046 -- is the payroll list and that is because it doesn't contain
9047 -- the user_id column, ie, it doesn't store static user permissions.
9048 --
9049 -- Organization List.
9050 --
9051 IF g_dbg THEN op(l_proc, 20); END IF;
9052
9053 DELETE FROM per_organization_list pol
9054 WHERE pol.user_id IS NOT NULL
9055 AND pol.security_profile_id IS NOT NULL
9056 AND pol.user_id = p_user_id
9057 AND pol.security_profile_id = p_security_profile_id;
9058
9059 --
9060 -- Position List.
9061 --
9062 IF g_dbg THEN op(l_proc, 30); END IF;
9063
9064 DELETE FROM per_position_list ppl
9065 WHERE ppl.user_id IS NOT NULL
9066 AND ppl.security_profile_id IS NOT NULL
9067 AND ppl.user_id = p_user_id
9068 AND ppl.security_profile_id = p_security_profile_id;
9069
9070 --
9071 -- Person List.
9072 --
9073 -- WARNING: This will delete any self-service grants.
9074 --
9075 IF g_dbg THEN op(l_proc, 40); END IF;
9076
9077 DELETE FROM per_person_list ppl
9078 WHERE ppl.granted_user_id IS NOT NULL
9079 AND ppl.security_profile_id IS NOT NULL
9080 AND ppl.granted_user_id = p_user_id
9081 AND ppl.security_profile_id = p_security_profile_id;
9082
9083 --
9084 -- Assignment List.
9085 --
9086 IF g_dbg THEN op(l_proc, 50); END IF;
9087
9088 DELETE FROM per_assignment_list pal
9089 WHERE pal.user_id IS NOT NULL
9090 AND pal.security_profile_id IS NOT NULL
9091 AND pal.user_id = p_user_id
9092 AND pal.security_profile_id = p_security_profile_id;
9093
9094 END IF;
9095
9096 END delete_static_lists_for_user;
9097 --
9098 -- ----------------------------------------------------------------------------
9099 -- |----------------------< get_effective_date >------------------------------|
9100 -- ----------------------------------------------------------------------------
9101 --
9102 FUNCTION get_effective_date RETURN DATE
9103 IS
9104
9105 --
9106 -- Local variables.
9107 --
9108 l_proc VARCHAR2(72) := g_package||'get_effective_date';
9109
9110 BEGIN
9111
9112 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
9113
9114 --
9115 -- Default the effective date to sysdate. This could potentially
9116 -- be used in the future to set the effective date to the
9117 -- date-track effective date, but as it stands now, security
9118 -- is also determined as of sysdate.
9119 --
9120 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
9121
9122 RETURN trunc(sysdate);
9123
9124 END get_effective_date;
9125 --
9126 -- ----------------------------------------------------------------------------
9127 -- |----------------------< get_what_to_evaluate >----------------------------|
9128 -- ----------------------------------------------------------------------------
9129 --
9130 FUNCTION get_what_to_evaluate RETURN NUMBER
9131 IS
9132
9133 --
9134 -- Local variables.
9135 --
9136 l_proc VARCHAR2(72) := g_package||'get_what_to_evaluate';
9137
9138 BEGIN
9139
9140 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
9141
9142 --
9143 -- Determine what permissions should be cached when a secured object is
9144 -- first used for a session. By default, only person security is first
9145 -- cached (although this may force the caching of org and pos security too
9146 -- if they are used-based) but it is possible to cache all security
9147 -- permissions when a secured object is first used, even if only person
9148 -- security is needed.
9149 --
9150 -- THIS PROFILE OPTION HAS NOT BEEN SEEDED, IT IS FOR ORACLE INTERNAL
9151 -- USE ONLY.
9152 --
9153 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
9154
9155 RETURN NVL(to_number(fnd_profile.value('HR_SEC_EVALUATION_TYPE'))
9156 ,g_PER_SEC_ONLY);
9157
9158 END get_what_to_evaluate;
9159 --
9160 -- ----------------------------------------------------------------------------
9161 -- |----------------------< get_use_static_lists >----------------------------|
9162 -- ----------------------------------------------------------------------------
9163 --
9164 FUNCTION get_use_static_lists RETURN BOOLEAN
9165 IS
9166
9167 --
9168 -- Local variables.
9169 --
9170 l_proc VARCHAR2(72) := g_package||'get_use_static_lists';
9171
9172 BEGIN
9173
9174 IF g_dbg THEN op('Entering: '||l_proc, 1); END IF;
9175
9176 --
9177 -- Determine whether the static lists should be used for profiles that
9178 -- use static security ("Y"), or whether security should be evaluated
9179 -- dynamically at each session initialisation and the static lists
9180 -- should be ignored ("N").
9181 --
9182 -- THIS PROFILE OPTION HAS NOT BEEN SEEDED, IT IS FOR ORACLE INTERNAL
9183 -- USE ONLY.
9184 --
9185 IF g_dbg THEN op('Leaving: '||l_proc, 999); END IF;
9186
9187 RETURN (NVL(fnd_profile.value('HR_SEC_USE_STATIC_LISTS'),'Y')
9188 = 'Y');
9189
9190 END get_use_static_lists;
9191 --
9192 --
9193 -- ----------------------------------------------------------------------------
9194 -- |-------------------< delete_security_list_for_bg >-------------------------|
9195 -- ----------------------------------------------------------------------------
9196 PROCEDURE delete_security_list_for_bg(p_business_group_id NUMBER)
9197 IS
9198 --
9199 l_proc varchar2(80) := g_package||'delete_security_list_for_bg';
9200 --
9201 -- DK 16-SEP-1996 Enabled use of business group index
9202 -- In development there are lots of business groups
9203 -- and otherwise it is not a very high cost.
9204 CURSOR pev IS
9205 SELECT pp.person_id
9206 FROM per_people_f pp,
9207 per_person_list pl
9208 WHERE pp.person_id = pl.person_id
9209 AND pp.business_group_id = p_business_group_id;
9210 BEGIN
9211 --
9212 hr_utility.set_location(l_proc,20);
9213 --
9214 DELETE FROM pay_security_payrolls psp
9215 WHERE psp.business_group_id = p_business_group_id;
9216 hr_utility.set_location(l_proc,30);
9217 --
9218 DELETE FROM pay_payroll_list ppl
9219 WHERE EXISTS ( SELECT ''
9220 FROM pay_payrolls_f pay
9221 WHERE pay.payroll_id = ppl.payroll_id
9222 AND pay.business_group_id = p_business_group_id);
9223 hr_utility.set_location(l_proc,40);
9224 --
9225 FOR pevrec IN pev LOOP
9226 DELETE FROM per_person_list pl
9227 WHERE pl.person_id = pevrec.person_id;
9228 END LOOP;
9229 hr_utility.set_location(l_proc,50);
9230 --
9231 -- Changes 02-Oct-99 SCNair (per_positions to hr_all_positions_f) date track position req.
9232 --
9233 DELETE FROM per_position_list pol
9234 WHERE EXISTS ( SELECT ''
9235 FROM hr_all_positions_f pos
9236 WHERE pos.position_id = pol.position_id
9237 AND pos.business_group_id = p_business_group_id);
9238 --
9239 hr_utility.set_location('hr_delete.delete_security_list_for_bg',6);
9240
9241 -- Bug fix 3622082.
9242 -- Delete statement modified to improve performance.
9243
9244 -- Bug fix 4889068.
9245 -- SQL Tuned to improve performance.
9246 DELETE FROM per_organization_list ol
9247 WHERE EXISTS ( SELECT null
9248 FROM hr_all_organization_units ou
9249 WHERE ou.business_group_id = p_business_group_id
9250 and ou.organization_id = ol.organization_id);
9251 --
9252 hr_utility.set_location('hr_delete.delete_security_list_for_bg',7);
9253 DELETE FROM per_security_profiles psp
9254 WHERE psp.business_group_id = p_business_group_id
9255 AND psp.view_all_flag = 'N';
9256 --
9257 hr_utility.set_location('hr_delete.delete_security_list_for_bg',8);
9258
9259 -- Bug fix 4889068.
9260 -- SQL Tuned to improve performance.
9261 DELETE FROM per_security_organizations pso
9262 WHERE EXISTS( SELECT null
9263 FROM hr_all_organization_units ou
9264 WHERE ou.business_group_id = p_business_group_id
9265 and ou.organization_id = pso.organization_id);
9266 --
9267 hr_utility.set_location('hr_delete.delete_security_list_for_bg',9);
9268 DELETE FROM per_security_users psu
9269 WHERE psu.security_profile_id IN (SELECT sp.security_profile_id
9270 FROM per_security_profiles sp
9271 WHERE sp.business_group_id = p_business_group_id);
9272 --
9273 END delete_security_list_for_bg;
9274 --
9275 --
9276 -- ----------------------------------------------------------------------------
9277 -- |------------------< delete_per_from_security_list >-----------------------|
9278 -- ----------------------------------------------------------------------------
9279 PROCEDURE delete_per_from_security_list(P_PERSON_ID IN number)
9280 IS
9281 --
9282 -- bug fix 3760559. l_proc size increased to 80.
9283 l_proc varchar2(80) := 'HR_SECURITY_INTERNAL.DELETE_PER_FROM_SECURITY_LIST';
9284 begin
9285 hr_utility.set_location('Entering:'|| l_proc, 10);
9286 delete from per_person_list l
9287 where l.person_id = P_PERSON_ID;
9288 exception
9289 when NO_DATA_FOUND then
9290 hr_utility.set_location(l_proc, 20);
9291 end delete_per_from_security_list;
9292 --
9293 --
9294 -- ----------------------------------------------------------------------------
9295 -- |---------------------< add_org_to_security_list >--------------------------|
9296 -- ----------------------------------------------------------------------------
9297 PROCEDURE add_org_to_security_list(p_security_profile_id in number,
9298 p_organization_id in number)
9299 IS
9300 --
9301 l_proc varchar2(80) := 'HR_SECURITY_INTERNAL.ADD_ORG_TO_SECURITY_LIST';
9302 --
9303 p_program_id number;
9304 p_request_id number;
9305 p_program_application_id number;
9306 p_update_date date;
9307 --
9308 BEGIN
9309 -- Set WHO columns
9310 p_update_date := trunc(sysdate);
9311 p_request_id := fnd_profile.value('CONC_REQUEST_ID');
9312
9313 -- If called from concurrent request then get other values
9314 IF (p_request_id > 0) THEN
9315 p_program_id := fnd_profile.value('CONC_PROGRAM_ID');
9316 p_program_application_id := fnd_profile.value('CONC_PROGRAM_APPLICATION_ID');
9317 END IF;
9318
9319 insert into per_organization_list
9320 (organization_id
9321 ,security_profile_id
9322 ,request_id
9323 ,program_application_id
9324 ,program_id
9325 ,program_update_date)
9326 select
9327 p_organization_id
9328 ,p_security_profile_id
9329 ,p_request_id
9330 ,p_program_application_id
9331 ,p_program_id
9332 ,p_update_date
9333 from sys.dual
9334 where not exists(select 1
9335 from per_organization_list pol
9336 where pol.organization_id = p_organization_id
9337 and pol.security_profile_id = p_security_profile_Id
9338 );
9339 --
9340 END add_org_to_security_list;
9341
9342
9343 --
9344 -- ----------------------------------------------------------------------------
9345 -- |------------------< delete_org_from_security_list >-----------------------|
9346 -- ----------------------------------------------------------------------------
9347 PROCEDURE delete_org_from_security_list(P_Organization_Id in number)
9348 IS
9349 --
9350 l_proc varchar2(80) := 'HR_SECURITY_INTERNAL.DELETE_ORG_FROM_SECURITY_LIST';
9351 begin
9352 hr_utility.set_location('Entering:'|| l_proc, 10);
9353 DELETE FROM PER_ORGANIZATION_LIST
9354 WHERE organization_id = P_Organization_Id;
9355 exception
9356 when NO_DATA_FOUND then
9357 hr_utility.set_location(l_proc, 20);
9358 end delete_org_from_security_list;
9359 --
9360 --
9361 --
9362 -- ----------------------------------------------------------------------------
9363 -- |---------------------< add_pos_to_security_list >--------------------------|
9364 -- ----------------------------------------------------------------------------
9365 PROCEDURE add_pos_to_security_list(p_security_profile_id in number,
9366 p_position_id in number)
9367 IS
9368 --
9369 l_proc varchar2(80) := 'HR_SECURITY_INTERNAL.ADD_POS_TO_SECURITY_LIST';
9370 --
9371 begin
9372 --
9373 insert into per_position_list
9374 (security_profile_id, position_id)
9375 values (p_Security_Profile_Id, p_position_id);
9376 --
9377 end add_pos_to_security_list;
9378 --
9379
9380 --
9381 -- ----------------------------------------------------------------------------
9382 -- |------------------< delete_pos_from_security_list >-----------------------|
9383 -- ----------------------------------------------------------------------------
9384 PROCEDURE delete_pos_from_security_list(p_position_Id in number)
9385 IS
9386 --
9387 l_proc varchar2(80) := 'HR_SECURITY_INTERNAL.DELETE_POS_FROM_SECURITY_LIST';
9388 begin
9389 hr_utility.set_location('Entering:'|| l_proc, 10);
9390 DELETE FROM PER_POSITION_LIST
9391 WHERE position_id = p_position_Id;
9392 exception
9393 when NO_DATA_FOUND then
9394 hr_utility.set_location(l_proc, 20);
9395 end delete_pos_from_security_list;
9396 --
9397 -- ----------------------------------------------------------------------------
9398 -- |----------------- delete_pay_from_security_list >---------------------|
9399 -- ----------------------------------------------------------------------------
9400 PROCEDURE delete_pay_from_security_list(p_payroll_id number)
9401 IS
9402 --
9403 l_proc varchar2(80) := 'HR_SECURITY_INTERNAL.DELETE_PAY_FROM_SECURITY_LIST';
9404 begin
9405 hr_utility.set_location('Entering:'|| l_proc, 10);
9406 DELETE FROM PAY_PAYROLL_LIST
9407 WHERE payroll_id = p_payroll_id;
9408 exception
9409 when NO_DATA_FOUND then
9410 hr_utility.set_location(l_proc, 20);
9411 end delete_pay_from_security_list;
9412 --
9413 -- ----------------------------------------------------------------------------
9414 -- |----------------------- populate_asg_perf_table >-------------------------|
9415 -- ----------------------------------------------------------------------------
9416 PROCEDURE populate_asg_perf_table(errbuf OUT NOCOPY VARCHAR2
9417 ,retcode OUT NOCOPY VARCHAR2
9418 ,p_table IN VARCHAR2)
9419 IS
9420 --
9421 l_proc varchar2(80) := 'HR_SECURITY_INTERNAL.POPULATE_ASG_PERF_TABLE';
9422 begin
9423 fnd_file.put_line(fnd_file.log,'==========================================');
9424 fnd_file.put_line(fnd_file.log,' Synchronize Security Performance Tables ');
9425 fnd_file.put_line(fnd_file.log,'==========================================');
9426 fnd_file.put_line(fnd_file.log,'----------');
9427 fnd_file.put_line(fnd_file.log,'Parameters');
9428 fnd_file.put_line(fnd_file.log,'----------');
9429 fnd_file.put_line(fnd_file.log,'p_table: '||p_table);
9430 hr_utility.set_location('Entering:'|| l_proc, 10);
9431 hr_utility.set_location('p_table:'|| p_table, 15);
9432 if p_table = 'ASG_PERF' then
9433 DELETE FROM PER_ALL_ASSIGNMENTS_F_PERF;
9434 hr_utility.set_location(SQL%ROWCOUNT ||' Rows Deleted from PER_ALL_ASSIGNMENTS_F_PERF', 20);
9435 fnd_file.put_line(fnd_file.log,'Rows Deleted into PER_ALL_ASSIGNMENTS_F_PERF');
9436 INSERT INTO PER_ALL_ASSIGNMENTS_F_PERF
9437 (ASSIGNMENT_ID, EFFECTIVE_START_DATE,EFFECTIVE_END_DATE,PERSON_ID,ASSIGNMENT_TYPE, PAYROLL_ID,
9438 POSITION_ID,SUPERVISOR_ID,ORGANIZATION_ID,ASSIGNMENT_STATUS_TYPE_ID,PRIMARY_FLAG,
9439 SUPERVISOR_ASSIGNMENT_ID,BUSINESS_GROUP_ID)
9440 SELECT ASSIGNMENT_ID, EFFECTIVE_START_DATE,EFFECTIVE_END_DATE,PERSON_ID,ASSIGNMENT_TYPE, PAYROLL_ID,
9441 POSITION_ID,SUPERVISOR_ID,ORGANIZATION_ID,ASSIGNMENT_STATUS_TYPE_ID,PRIMARY_FLAG,SUPERVISOR_ASSIGNMENT_ID,
9442 BUSINESS_GROUP_ID FROM PER_ALL_ASSIGNMENTS_F;
9443 hr_utility.set_location(SQL%ROWCOUNT ||' Rows Inserted into PER_ALL_ASSIGNMENTS_F_PERF', 30);
9444 fnd_file.put_line(fnd_file.log,'Rows Inserted into PER_ALL_ASSIGNMENTS_F_PERF');
9445 end if;
9446 hr_utility.set_location('Leaving:'|| l_proc, 90);
9447 exception
9448 when others then
9449 fnd_file.put_line(fnd_file.log,'Error Occured');
9450 fnd_file.put_line(fnd_file.log,'Error: '|| SQLERRM);
9451 hr_utility.set_location('Error Occured In:'|| l_proc, 80);
9452 hr_utility.set_location('Error:'|| SQLERRM, 85);
9453 retcode := 2;
9454 errbuf := errbuf||SQLERRM;
9455 END populate_asg_perf_table;
9456 --
9457
9458 END hr_security_internal;