Search Results fnd_grants

Overview

The FND_GRANTS table is a core security repository within the Application Object Library (FND) of Oracle E-Business Suite (EBS) 12.1.1 and 12.2.2. It functions as the central data store for the Function Security model, which governs user access to application menus and functions. As per its official description, each row in this table represents a grant, which is a permission for a specific user or group to execute a defined menu (or role) of functions within a particular context. This mechanism enables the implementation of flexible, data-aware security policies, moving beyond simple menu-level access to control permissions based on specific instances of data or organizational parameters.

Key Information Stored

The table's structure is designed to capture the essential components of a security grant. While the full column list is extensive, the critical fields include GRANT_ID (a unique numeric identifier) and GRANT_GUID (a globally unique identifier), both serving as primary keys. The GRANTEE_TYPE and GRANTEE_KEY columns identify the recipient of the permission (e.g., a user, responsibility, or group). The MENU_ID specifies the menu or role being granted. Crucially, the INSTANCE_TYPE and INSTANCE_SET_ID columns define the context or data instance under which the grant is valid, enabling security rules like "User X can approve invoices only for their own business unit." Other important columns track the grant's creation and update metadata, its effective dates, and its status.

Common Use Cases and Queries

This table is central to security administration and troubleshooting. Common scenarios include auditing user permissions, diagnosing access issues, and generating security reports. A typical query to list all grants for a specific user would join FND_GRANTS with FND_USER and FND_MENUS. For example:

• Identifying effective grants: SELECT g.grant_guid, m.user_menu_name FROM fnd_grants g, fnd_menus m WHERE g.menu_id = m.menu_id AND g.grantee_key = '&USER_NAME' AND SYSDATE BETWEEN g.start_date AND NVL(g.end_date, SYSDATE+1);
• Analyzing grants for a specific responsibility or role (menu).
• Investigating context-specific security setups by filtering on INSTANCE_TYPE and INSTANCE_SET_ID.

Direct DML on this table is strongly discouraged; modifications should be performed via the dedicated security APIs such as FND_GRANT.ADMINISTER.

Related Objects

FND_GRANTS is a foundational table with numerous dependencies. Key related objects include:

• FND_MENUS: Stores the definition of the menus (roles) referenced by the MENU_ID column.
• FND_GRANT_OBJECT_INSTANCE_SETS: Defines the specific data instances (contexts) referenced by INSTANCE_SET_ID.
• PA_PROJECT_PARTIES: As indicated in the metadata, this table holds a foreign key (GRANT_ID) to FND_GRANTS, linking project security to the central grants model.
• APIs: The FND_GRANT and FND_FUNCTION_SECURITY packages provide the official interfaces for creating, modifying, and querying grants.
• Views: Security administrators often use summary views like FND_GRANTS_VL for reporting purposes.