Creation of Read Only User Profile

1. Create User Profile

First, craft your perfect ‘read/write’ user profile ‘TEST’. Now clone it using the ‘Copy User Profile’ functionality in the PIA. This creates a new user profile (in this case ‘TEST_R’) with the same Roles, and this is the one we’re going to turn read-only.

2. Create new Read-Only Permission Lists

First create the Permission Lists by cloning those that are currently against the User Profile:

INSERT INTO PSCLASSDEFN
(CLASSID, VERSION, CLASSDEFNDESC, TIMEOUTMINUTES, DEFAULTBPM,
STARTAPPSERVER, ALLOWPSWDEMAIL, LASTUPDDTTM, LASTUPDOPRID)
(SELECT CLASSID || '_R'
      , VERSION
      , CLASSDEFNDESC
      , TIMEOUTMINUTES
      , DEFAULTBPM
      , STARTAPPSERVER
      , ALLOWPSWDEMAIL
      , SYSDATE
      , 'TEST'
   FROM PSCLASSDEFN
  WHERE CLASSID IN (
      SELECT DISTINCT CLASSID
        FROM PSROLECLASS
       WHERE ROLENAME IN (
           SELECT ROLENAME
             FROM PSROLEUSER
            WHERE ROLEUSER = 'TEST_R')))

Don’t forget to add the sign-on times:

INSERT INTO PSAUTHSIGNON (CLASSID, DAYOFWEEK, STARTTIME, ENDTIME)
SELECT CLASSID || '_R'
     , DAYOFWEEK
     , STARTTIME
     , ENDTIME
  FROM PSAUTHSIGNON
 WHERE CLASSID IN (
     SELECT DISTINCT CLASSID
       FROM PSROLECLASS
      WHERE ROLENAME IN (
          SELECT ROLENAME
            FROM PSROLEUSER
           WHERE ROLEUSER = 'TEST_R'))

3. Make the Permission Lists Display Only

We add the pages to the new permission lists, but set Display Only to 1:

INSERT INTO PSAUTHITEM (CLASSID, MENUNAME, BARNAME, BARITEMNAME, PNLITEMNAME, DISPLAYONLY, AUTHORIZEDACTIONS)
(SELECT CLASSID || '_R'
      , MENUNAME
      , BARNAME
      , BARITEMNAME
      , PNLITEMNAME
      , 1 DISPLAYONLY
      , AUTHORIZEDACTIONS
   FROM PSAUTHITEM
  WHERE CLASSID IN (
      SELECT DISTINCT CLASSID
        FROM PSROLECLASS
       WHERE ROLENAME IN (
           SELECT ROLENAME
             FROM PSROLEUSER
            WHERE ROLEUSER = 'TEST_R')))

4. Create the new Read-Only Roles

INSERT INTO PSROLEDEFN
(ROLENAME, VERSION, ROLETYPE, DESCR, QRYNAME, ROLESTATUS, RECNAME, FIELDNAME, PC_EVENT_TYPE, QRYNAME_SEC, PC_FUNCTION_NAME, ROLE_PCODE_RULE_ON, ROLE_QUERY_RULE_ON, LDAP_RULE_ON, ALLOWNOTIFY, ALLOWLOOKUP, LASTUPDDTTM, LASTUPDOPRID, DESCRLONG)
(SELECT SUBSTR(ROLENAME, 1,28) || '_R'
      , VERSION
      , ROLETYPE
      , DESCR
      , QRYNAME
      , ROLESTATUS
      , RECNAME
      , FIELDNAME
      , PC_EVENT_TYPE
      , QRYNAME_SEC
      , PC_FUNCTION_NAME
      , ROLE_PCODE_RULE_ON
      , ROLE_QUERY_RULE_ON
      , LDAP_RULE_ON
      , ALLOWNOTIFY
      , ALLOWLOOKUP
      , SYSDATE
      , 'TEST'
      , DESCRLONG
   FROM PSROLEDEFN
  WHERE ROLENAME IN (
      SELECT DISTINCT ROLENAME
        FROM PSROLEUSER
       WHERE ROLEUSER = 'TEST_R'))

5. Add the read only permission lists to the read only roles

INSERT INTO PSROLECLASS(ROLENAME, CLASSID)
(SELECT SUBSTR(ROLENAME, 1,28) || '_R'
      , CLASSID || '_R'
   FROM PSROLECLASS
  WHERE ROLENAME IN (
      SELECT DISTINCT ROLENAME
        FROM PSROLEUSER
       WHERE ROLEUSER = 'TEST_R'))

6. Update the user profile with the new read only role names

UPDATE PSROLEUSER
   SET ROLENAME = SUBSTR(ROLENAME, 1,28) || '_R'
 WHERE ROLEUSER = 'TEST_R'

Also need to perform the following:

• Run Portal Security Sync (to sync security up).
• Bounce the App Server and clear cache.
• Run SJT_OPR_CLS (Refresh the Security Join Table that contains the Operator and Classid data)
• Close and reopen your Web Browser and clear its local cache.