Previous
2.6.5 Internal System User
During installation, an account for the Internal System User is created in the OHI_USERS table with the following characteristics:
- ID=10
- IND_ACTIVE=Y
- DISPLAY_NAME='Internal System User'
- LOGIN_NAME=null
This user cannot be used to log in to the application via the UI pages, because the LOGIN_NAME is null. The Internal System User is used for the internal processing. For example, records created or updated by an Integration Point, will have CREATED_BY and/or LAST_UPDATED_BY = 10 (the id of the internal system user).
2.6.5.1 Seeded access roles
As said in the previous section, the seeded Internal System User cannot be used to log in to the application to use the UI pages. So after installation, new users should be created with appropriate roles.
There is a bootstrap issue here: new roles should be defined first in an OHI Components application using the Setup access role page. To be able to access the setup access role page, a user should exists with a role that gives access to this page.
To solve the bootstrap issue, role SETUP_ACCESS_ROLE is seeded during installation as follows:
|
Access Role Attribute |
Value |
|---|---|
|
Code |
SETUP_ACCESS_ROLE |
|
Name |
Setup Access Role |
|
Description |
System role that gives access to setup access role page only. |
|
Active |
Y |
|
Enabled |
Y |
|
Ohi specific? |
Y |
|
Access Restriction Grant Attribute |
Value |
|---|---|
|
Access Restriction |
AccessRoles |
|
Create? |
Y |
|
Retrieve? |
Y |
|
Update? |
Y |
|
Delete? |
Y |
|
OHI specific? |
Y |
The role SETUP_ACCESS_ROLE gives access to the setup access role page only.
After installation, the following steps needs to be taken to setup a new user with the SETUP_ACCESS_ROLE granted:
- Create a new access role SETUP_ACCESS_ROLE in the external identity store.
- Create a new user in the external identity store and grant the SETUP_ACCESS_ROLE to that user.
- Provision the user with the SETUP_ACCESS_ROLE granted to the OHI Components application.
For explanation of these steps, see
To facilitate testing, role ALL_FUNCTIONS_ACCESS_ROLE is seeded also. This role gives access to all pages of the application. This role is not intended to be used in production environments, therefore it is disabled by default.
|
Access Role Attribute |
Value |
|---|---|
|
Code |
ALL_FUNCTIONS_ACCESS_ROLE |
|
Name |
All Functions Access Role |
|
Description |
System role that gives access to all pages (disabled by default) |
|
Active |
Y |
|
Enabled |
N |
|
Ohi specific? |
Y |
|
Access Restriction Grant Attribute |
Value |
|---|---|
|
Access Restriction |
All access restrictions of type 'Function' |
|
Create? |
Y |
|
Retrieve? |
Y |
|
Update? |
Y |
|
Delete? |
Y |
|
OHI specific? |
Y |
After installation, the following steps needs to be taken to setup a new user with the ALL_FUNCTIONS_ACCESS_ROLE granted:
- Create a new access role ALL_FUNCTIONS_ACCESS_ROLE in the external identity store.
- Create a new user in the external identity store and grant the ALL_FUNCTIONS_ACCESS_ROLE to that user.
- Provision the user with the ALL_FUNCTIONS_ACCESS_ROLE granted to the OHI Components application.
- Enable to access role ALL_FUNCTIONS_ACCESS_ROLE.