26 Security Policy
This is a public interface for object security-related operations. You need the application role CDR_SECURITY_ADMIN or CDR_DATA_SECURITY_ADMIN to use any of these APIs.
This chapter contains the following section:
Parent topic: Common APIs
Create and Modify Security Policies
This section contains the following topics:
- Create a Subtype
- Copy a Subtype
- Modify a Subtype
- Assign Roles to a Subtype Operation
- Assign Operations to a Subtype Role
- Remove a Subtype
- Create a Role
- Modify a Role
- Add a Group Role
- Get Roles for a User
- Remove a Role
- Remove a Group Role
- Create a User Group
- Add Users to a Group
- Remove Users from a Role in a User Group
- Assign a User Group to an Object
- Copy a User Group
- Copy a User Group with its Users
- Modify a User Group
- Remove All Group Roles from a User Group
- Remove All Users in a Group
- Revoke a User Group From an Object
- Undo a Revoke a User Group Action
- Remove a User Group
- Unassign a User Group From an Object
- Unassign Roles from an Operation on an Object's Subtype
- Unassign Operations on an Object Subtype's Role
- Initialize Access to a Security View
- Prevent Access to a Security View
Parent topic: Security Policy
Create a Subtype
Use this API to create a new subtype.
Name
CDR_PUB_SECURITY_PKG.CreateSubtype
Signature
PROCEDURE CREATESUBTYPE( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_SUBTYPE IN OUT CDR_SUBTYPE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_SUBTYPE (Mandatory) This is a collection of CDR_USER_GROUPS_OBJ_TYPE that contain attributes related to User Groups.
The required attributes are: NAME,OBJECT_SUBTYPE_ID,OBJECT_TYPE_RC.
Parent topic: Create and Modify Security Policies
Copy a Subtype
Use this API to make a copy of a subtype.
Name
CDR_PUB_SECURITY_PKG.CopySubtype
Signature
PROCEDURE COPYSUBTYPE( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PI_SUBTYPE IN CDR_SUBTYPE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PI_SUBTYPE (Mandatory) This a parameter of table type CDR_SUBTYPE_OBJ_TYPE that contains information about the subtype.
Parent topic: Create and Modify Security Policies
Modify a Subtype
Use this API to update a subtype.
Name
CDR_PUB_SECURITY_PKG.ModifySubtype
Signature
PROCEDURE MODIFYSUBTYPE( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_SUBTYPE IN OUT CDR_SUBTYPE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_SUBTYPE (Mandatory) This is a parameter of table type CDR_SUBTYPE_OBJ_TYPE that contains information about the object subtype.
Parent topic: Create and Modify Security Policies
Assign Roles to a Subtype Operation
Use this API to assign a role to an operation for a subtype of an object.
Name
CDR_PUB_SECURITY_PKG.AssignRolesToSubtypeOperation
Signature
PROCEDURE ASSIGNROLESTOSUBTYPEOPERATION( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_ROLESTOOPR IN OUT CDR_SUBTYPE_OPR_ROLES_COLL );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
- PIO_ROLESTOOPR (Mandatory) This is a collection of CDR_SUBTYPE_OPR_ROLE_OBJ_TYPE.
- PI_REPLACEALL This parameter allows you to choose either replace the role(s)
already assigned with a new list of roles or to add new assignments to the existing ones.
If you do not specify a value for this parameter, the existing assignments are replaced by
default.
- Set to T to unassign all currently assigned roles when the new role is assigned.
- Set to F to retain all currently assigned roles when the new role is assigned.
Parent topic: Create and Modify Security Policies
Assign Operations to a Subtype Role
Use this API to assign an operation to a role of an object subtype.
Name
CDR_PUB_SECURITY_PKG.AssignOprToSubtypeRole
Signature
PROCEDURE ASSIGNOPRTOSUBTYPEROLE( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_ROLESTOOPR IN OUT CDR_SUBTYPE_OPR_ROLES_COLL );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_ROLESTOOPR (Mandatory) This is a collection of CDR_SUBTYPE_OPR_ROLE_OBJ_TYPE.
Parent topic: Create and Modify Security Policies
Remove a Subtype
Use this API to delete a subtype that is not Active. If objects are assigned to the subtype, you cannot delete it even if it is Inactive.
Name
CDR_PUB_SECURITY_PKG.RemoveSubtype
Signature
PROCEDURE REMOVESUBTYPE( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PI_SUBTYPEID IN CDR_OBJECT_SUBTYPES_B.OBJECT_SUBTYPE_ID%TYPE, PI_COMPANYID IN CDR_OBJECT_SUBTYPES_B.COMPANY_ID%TYPE, PI_OBJECTTYPERC IN CDR_OBJECT_SUBTYPES_B.OBJECT_TYPE_RC%TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
- PI_SUBTYPEID (Mandatory) Enter the OBJECT_SUBTYPE_ID of the subtype you want to delete.
- PI_COMPANYID (Mandatory) Enter the COMPANY_ID associated with the OBJ_SUBTYPE_ID.
- PI_OBJECTTYPERC (Mandatory) Enter the OBJECT_TYPE_RC value for the object type associated with the subtype.
Parent topic: Create and Modify Security Policies
Create a Role
Use this API to create a new Role.
Name
CDR_PUB_SECURITY_PKG.CreateRole
Signature
PROCEDURE CREATEROLE( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_ROLE IN OUT CDR_ROLE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
PIO_ROLE (Mandatory) This is a parameter of table type CDR_ROLE_OBJ_TYPE that contains attributes related to a Role.
Required Attributes are: NAME, CODE, OBJECT VERSION NUMBER.
Parent topic: Create and Modify Security Policies
Modify a Role
Use this API to update a Role. You can change the name, description, and Active status of a Role.
Name
CDR_PUB_SECURITY_PKG.ModifyRole
Signature
PROCEDURE MODIFYROLE( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_ROLE IN OUT CDR_ROLE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_ROLE (Mandatory) This is a parameter of table type CDR_ROLE_OBJ_TYPE that contains attributes related to a Role.
Required Attributes are: NAME,CODE,OBJECT VERSION NUMBER (pass 1 for this).
Parent topic: Create and Modify Security Policies
Add a Group Role
Use this API to create roles for a User Group.
Name
CDR_PUB_SECURITY_PKG.AddGrpRoles
Signature
PROCEDURE ADDGRPROLES( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_ROLES IN OUT CDR_UG_ROLE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_ROLES (Mandatory) This is a parameter of table type CDR_UG_ROLE_OBJ_TYPE.
Following attributes are required: COMPANY_ID,USER_GROUP_ID,ROLE_ID,OBJECT_VERSION_NUMBER
Parent topic: Create and Modify Security Policies
Get Roles for a User
Use this API to retrieve all Roles assigned to a user.
Name
CDR_PUB_SECURITY_PKG.GetRolesForUser
Signature
FUNCTION GETROLESFORUSER( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, P_USERID IN VARCHAR2 ) RETURN CLOB;
Return
Type CLOB
Description CLOB for all roles for given user.
Parameters
This API has standard parameters. See Standard Parameters) for details.
Parent topic: Create and Modify Security Policies
Remove a Role
Use this API to delete a role.
Name
CDR_PUB_SECURITY_PKG.RemoveRole
Signature
PROCEDURE REMOVEROLE( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PI_COMPANYID IN NUMBER, PI_ROLEID IN NUMBER );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
- PI_COMPANYID (Mandatory) Enter the COMPANY_ID associated with the Role.
- PI_ROLEID (Mandatory) Enter the ROLE_ID of the Role that you want to delete.
Parent topic: Create and Modify Security Policies
Remove a Group Role
Use this API to remove a single Role from a User Group. You can remove all Roles from the User Group at the same time by using the Remove All Group Roles API.
Name
CDR_PUB_SECURITY_PKG.RemoveGrpRoles
Signature
PROCEDURE REMOVEGRPROLES( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_ROLES IN CDR_UG_ROLE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_ROLES (Mandatory) This parameter is of table type CDR_UG_ROLE_OBJ_TYPE that contains information about User Groups and Roles.
Parent topic: Create and Modify Security Policies
Create a User Group
Use this API to create a new User Group.
Name
CDR_PUB_SECURITY_PKG.CreateUserGroup
Signature
PROCEDURE CREATEUSERGROUP( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_USERGRP IN OUT CDR_USER_GROUP_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
PIO_USERGRP (Mandatory) This is a collection of CDR_USER_GROUPS_OBJ_TYPE that contains attributes related to User Groups.
Required attributes are: USER_GROUP_ID,COMPANY_ID, NAME.
Parent topic: Create and Modify Security Policies
Add Users to a Group
Use this API to add users to a User Group.
Name
CDR_PUB_SECURITY_PKG.AddUserToGrp
Signature
PROCEDURE ADDUSERTOGRP( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_USERUGROLES IN OUT CDR_USER_UG_ROLE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
PIO_USERUGROLES (Mandatory) This is a parameter of table type CDR_USER_UG_ROLE_OBJ_TYPE.
Required Attributes are: UG_COMPANY_ID, USER_GROUP_ID, ROLE_ID, USER_ID, ROLE_ID
Parent topic: Create and Modify Security Policies
Remove Users from a Role in a User Group
Use this API to delete users from a Role in a User Group.
Name
CDR_PUB_SECURITY_PKG.RemoveUsersInGrp
Signature
PROCEDURE REMOVEUSERSINGRP( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_USERUGROLES IN OUT CDR_USER_UG_ROLE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_USERUGROLES (Mandatory) This parameter is of table type CDR_USER_UG_ROLE_OBJ_TYPE that contains information about user, User Groups, and Roles.
Parent topic: Create and Modify Security Policies
Assign a User Group to an Object
Use this API to assign a User Group to an object.
Name
CDR_PUB_SECURITY_PKG.AssignUsrGrpToObJ
Signature
PROCEDURE ASSIGNUSRGRPTOOBJ( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PI_BASEOBJECTTYPE IN OUT CDR_BASE_OBJ_TYPE, PI_CDROBJUGCOLL IN CDR_OBJ_UG_COLL );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
- PI_BASEOBJECTTYPE (Mandatory) This is a parameter of table type
CDR_BASE_OBJ_TYPE.
Provide the basic naming attributes for the object to which you want to assign the User Group. (COMPANY_ID, OBJECT_ID, OBJECT_VER, NAMESPACE_OBJ_ID, NAMESPACE_OBJ_VER, OBJECT_VERSION_NUMBER). Initialize these attributes in CDR_BASE_OBJ_TYPE.
- PI_CDROBJUGCOLL (Mandatory) This is a collection of CDR_OBJ_UG_OBJ_TYPE.
Enter User Group details in this parameter.
The following are required parameters: UG_COMPANY_ID,OBJ_COMPANY_ID,USER_GROUP_ID,OBJ_ID and EXCLUSION_FLAG.
Parent topic: Create and Modify Security Policies
Copy a User Group
Use this API to make a copy of a User Group including its Roles but not its users.
Name
CDR_PUB_SECURITY_PKG.CopyUserGroup
Signature
PROCEDURE COPYUSERGROUP( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_USERGRP IN OUT CDR_USER_GROUPS_COLL );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_USERGRP (Mandatory) This is a collection of CDR_USER_GROUPS_OBJ_TYPE that contains attributes related to User Groups.
Required attributes are: USER_GROUP_ID,COMPANY_ID, NAME.
Parent topic: Create and Modify Security Policies
Copy a User Group with its Users
Use this API to make a copy of a User Group including its roles and users.
Name
CDR_PUB_SECURITY_PKG.CopyUserGroupWithUsers
Signature
PROCEDURE COPYUSERGROUPWITHUSERS( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_USERGRP IN OUT CDR_USER_GROUPS_COLL );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_USERGRP (Mandatory) This is a collection of CDR_USER_GROUPS_OBJ_TYPE that contains attributes related to User Groups. Enter the attribute values of the user group you want to copy.
Required attributes are: USER_GROUP_ID,COMPANY_ID, NAME.
This parameter does not return any values.
Parent topic: Create and Modify Security Policies
Modify a User Group
Use this API to modify a User Group.
Name
CDR_PUB_SECURITY_PKG.ModifyUserGroup
Signature
PROCEDURE MODIFYUSERGROUP( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_USERGRP IN OUT CDR_USER_GROUP_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
PIO_USERGRP (Mandatory) This is a collection of CDR_USER_GROUPS_OBJ_TYPE that contains attributes related to User Groups.
Required attributes are: USER_GROUP_ID,COMPANY_ID, NAME.
Parent topic: Create and Modify Security Policies
Remove All Group Roles from a User Group
Use this API to remove all Roles from the User Group.
Name
CDR_PUB_SECURITY_PKG.RemoveAllGrpRoles
Signature
PROCEDURE REMOVEALLGRPROLES( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PI_USERGRPID IN NUMBER, PI_COMPANY_ID IN NUMBER );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
- PI_USERGRPID (Mandatory) Enter the numeric ID to identify the User Group. This parameter is of type Number and corresponds to the CDR_UG_ROLES.USER_GROUP_ID%TYPE column.
- PI_COMPANY_ID (Mandatory) Enter the Company Id.
Parent topic: Create and Modify Security Policies
Remove All Users in a Group
Use this API to remove all users from a Role in a User Group.
Name
CDR_PUB_SECURITY_PKG.RemoveAllUsersInGrp
Signature
PROCEDURE REMOVEALLUSERSINGRP( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_USERUGROLES IN OUT CDR_USER_UG_ROLE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_USERUGROLES (Mandatory) This parameter is of table type CDR_USER_UG_ROLE_OBJ_TYPE that contains information about users, User Groups, and Roles.
Parent topic: Create and Modify Security Policies
Revoke a User Group From an Object
Use this API to revoke a User Group from an object.
To remove access to an object through an inheritedUser Group, you must revoke the User Group assignment.
Use Unassign User Group from Object (UNASSIGNUSRGRPFROMOBJ) for User Groups assigned explicitly.)
Name
CDR_PUB_SECURITY_PKG.RevokeUsrGrpFromObJ
Signature
PROCEDURE REVOKEUSRGRPFROMOBJ( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PI_BASEOBJECTTYPE IN OUT CDR_BASE_OBJ_TYPE, PI_CDROBJUGOBJTYPE IN CDR_OBJ_UG_OBJ_TYPE, PO_HASVIEWPERMAFTERREVOKE OUT VARCHAR2 );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
- PI_BASEOBJECTTYPE (Mandatory) This is a parameter of table type
CDR_BASE_OBJ_TYPE. Enter values to identify the object from which the User Group is to be
revoked.
The following attributes are required: COMPANY_ID,OBJ_ID,OBJ_VER,OBJECT_VERSION_NUMBER,NAMESPACE_OBJ_ID,NAMESPACE_OBJ_VER.
- PI_CDROBJUGOBJTYPE (Mandatory) This is a parameter of table type CDR_OBJ_UG_OBJ_TYPE that contains information about the object and the User Group.
- PO_HASVIEWPERMAFTERREVOKE (Mandatory) Enter appropriate values for this parameter to specify whether view permissions exist after the revoking of the User Group from the object.
Parent topic: Create and Modify Security Policies
Undo a Revoke a User Group Action
Use this API to undo the revoking of a User Group from an object.
Name
CDR_PUB_SECURITY_PKG.UnrevokeUsrGrpFromObj
Signature
PROCEDURE UNREVOKEUSRGRPFROMOBJ( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PI_BASEOBJECTTYPE IN OUT CDR_BASE_OBJ_TYPE, PI_CDROBJUGOBJTYPE IN CDR_OBJ_UG_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
- PI_BASEOBJECTTYPE (Mandatory) This is a parameter of table type
CDR_BASE_OBJ_TYPE. Enter values to identify the object.
The following attributes are required: COMPANY_ID,OBJ_ID,OBJ_VER,OBJECT_VERSION_NUMBER,NAMESPACE_OBJ_ID,NAMESPACE_OBJ_VER.
- PI_CDROBJUGOBJTYPE (Mandatory) This is a parameter of table type CDR_OBJ_UG_OBJ_TYPE that contains information about the object and the User Group.
Parent topic: Create and Modify Security Policies
Remove a User Group
Use this API to delete a User Group from the system. Once deleted, a User Group cannot be reactivated.
Name
CDR_PUB_SECURITY_PKG.RemoveUserGroup
Signature
PROCEDURE REMOVEUSERGROUP( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PIO_USERGRP IN OUT CDR_USER_GROUPS_COLL );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PIO_USERGRP (Mandatory) This is a collection of CDR_USER_GROUPS_OBJ_TYPE that contains attributes related to User Groups.
The required attributes are: USER_GROUP_ID, COMPANY_ID.
Parent topic: Create and Modify Security Policies
Unassign a User Group From an Object
Use this API to unassign a User Group from an object. You can unassign User Groups explicitly assigned to the Object. You have to revoke User Groups that are inherited.
Name
CDR_PUB_SECURITY_PKG.UnassignUsrGrpFromObj
Signature
PROCEDURE UNASSIGNUSRGRPFROMOBJ( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PI_BASEOBJECTTYPE IN OUT CDR_BASE_OBJ_TYPE, PI_CDROBJUGOBJTYPE IN CDR_OBJ_UG_OBJ_TYPE, PO_HASVIEWPERMAFTERUNASSIGN OUT VARCHAR2 );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameters:
- PI_BASEOBJECTTYPE (Mandatory) This is a parameter of table type
CDR_BASE_OBJ_TYPE. Enter values to identify the object.
The required attributes are COMPANY_ID,OBJ_ID,OBJ_VER,OBJECT_VERSION_NUMBER,NAMESPACE_OBJ_ID,NAMESPACE_OBJ_VER.
- PI_CDROBJUGOBJTYPE (Mandatory) This is a parameter of table type CDR_OBJ_UG_OBJ_TYPE that contains information about the object and the User Group.
- PO_HASVIEWPERMAFTERUNASSIGN (Mandatory) Enter appropriate values for this parameter to specify whether view permissions exist after unassigning the User Group from the object.
Parent topic: Create and Modify Security Policies
Unassign Roles from an Operation on an Object's Subtype
Use this API to unassign Roles from an Operation on an object's subtype.
Name
CDR_PUB_SECURITY_PKG.UnassignRoleToSubtypeOperation
Signature
PROCEDURE UNASSIGNROLETOSUBTYPEOPERATION( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PI_STOPROLE IN OUT CDR_SUBTYPE_OPR_ROLE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PI_STOPROLE (Mandatory) This parameter is of table type CDR_SUBTYPE_OPR_ROLE_OBJ_TYPE that contains information about object subtype, Role, and operation.
Parent topic: Create and Modify Security Policies
Unassign Operations on an Object Subtype's Role
Use this API to unassign operations on an object subtype's role.
Name
CDR_PUB_SECURITY_PKG.UnassignOprToSubtypeRole
Signature
PROCEDURE UNASSIGNOPRTOSUBTYPEROLE( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, X_RETURN_STATUS OUT VARCHAR2, X_MSG_COUNT OUT NUMBER, X_MSG_DATA OUT VARCHAR2, PI_STOPROLE IN OUT CDR_SUBTYPE_OPR_ROLE_OBJ_TYPE );
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
PI_STOPROLE (Mandatory) This parameter is of table type CDR_SUBTYPE_OPR_ROLE_OBJ_TYPE that contains information about object subtype, Role, and operation.
Parent topic: Create and Modify Security Policies
Initialize Access to a Security View
Use this API to initialize access to a Security View for a certain session, to a specific application user.
The API also checks whether the application user has relevant LSH functional security permission to access the Security View data. If the validation is successful, access permission is granted for a given session.
Name
CDR_PUB_SECURITY_PKG.InitializeAccessToSecView
Return
Boolean
- True: The user has the functional security permission.
- False: The user does not have the functional security permission.
Signature
FUNCTION INITIALIZEACCESSTOSECVIEW( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, P_VIEW_NAME VARCHAR2) RETURN BOOLEAN;
Parameters
This API has standard parameters (see Standard Parameters) and the following parameter:
- P_VIEW_NAME (Mandatory) Enter the public Security View name you need access
for:
- CDR_PUB_UG_ROLES_V
- CDR_PUB_USER_UG_ROLES_V
- CDR_PUB_SUBTYPE_OPR_ROLES_V
- CDR_PUB_OBJ_UG_V
To access all security views in given session, enter CDR_ALL_PUB_SEC_V.
The following attributes are required: COMPANY_ID, OBJ_ID, OBJ_VER, OBJECT_VERSION_NUMBER, NAMESPACE_OBJ_ID, NAMESPACE_OBJ_VER.
Parent topic: Create and Modify Security Policies
Prevent Access to a Security View
Use this API to check the functional security permissions of an application user and prevent access to a Security View if the user does not have the required permissions.
Name
CDR_PUB_SECURITY_PKG.uninitializeAccessToSecView
Return
Boolean
- True: The user has the functional security permission.
- False: The user does not have the functional security permission.
Signature
FUNCTION UNINITIALIZEACCESSTOSECVIEW( P_API_VERSION IN NUMBER, P_INIT_MSG_LIST IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_COMMIT IN VARCHAR2 := CDR_PUB_DEF_CONSTANTS.G_FALSE, P_VALIDATION_LEVEL IN NUMBER := CDR_PUB_DEF_CONSTANTS.G_VALID_LEVEL_FULL, PIO_BASEOBJECT IN OUT CDR_BASE_OBJ_TYPE, PI_COMMENT IN VARCHAR2 RETURN BOOLEAN;
Parameters
This API has standard parameters (see Standard Parameters).
Parent topic: Create and Modify Security Policies