1.
Create User Profile
First, craft your perfect
‘read/write’ user profile ‘TEST’. Now clone it using the ‘Copy User Profile’
functionality in the PIA. This creates a new user profile (in this case ‘TEST_R’)
with the same Roles, and this is the one we’re going to turn read-only.
2.
Create new Read-Only Permission Lists
First create the Permission Lists by
cloning those that are currently against the User Profile:
INSERT INTO PSCLASSDEFN
(CLASSID, VERSION, CLASSDEFNDESC, TIMEOUTMINUTES, DEFAULTBPM,
STARTAPPSERVER, ALLOWPSWDEMAIL, LASTUPDDTTM, LASTUPDOPRID)
(SELECT CLASSID || '_R'
, VERSION
, CLASSDEFNDESC
, TIMEOUTMINUTES
, DEFAULTBPM
, STARTAPPSERVER
, ALLOWPSWDEMAIL
, SYSDATE
, 'TEST'
FROM PSCLASSDEFN
WHERE CLASSID IN (
SELECT DISTINCT CLASSID
FROM PSROLECLASS
WHERE ROLENAME IN (
SELECT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER = 'TEST_R')))
(CLASSID, VERSION, CLASSDEFNDESC, TIMEOUTMINUTES, DEFAULTBPM,
STARTAPPSERVER, ALLOWPSWDEMAIL, LASTUPDDTTM, LASTUPDOPRID)
(SELECT CLASSID || '_R'
, VERSION
, CLASSDEFNDESC
, TIMEOUTMINUTES
, DEFAULTBPM
, STARTAPPSERVER
, ALLOWPSWDEMAIL
, SYSDATE
, 'TEST'
FROM PSCLASSDEFN
WHERE CLASSID IN (
SELECT DISTINCT CLASSID
FROM PSROLECLASS
WHERE ROLENAME IN (
SELECT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER = 'TEST_R')))
Don’t forget to add the sign-on
times:
INSERT INTO PSAUTHSIGNON (CLASSID, DAYOFWEEK, STARTTIME,
ENDTIME)
SELECT CLASSID || '_R'
, DAYOFWEEK
, STARTTIME
, ENDTIME
FROM PSAUTHSIGNON
WHERE CLASSID IN (
SELECT DISTINCT CLASSID
FROM PSROLECLASS
WHERE ROLENAME IN (
SELECT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER = 'TEST_R'))
SELECT CLASSID || '_R'
, DAYOFWEEK
, STARTTIME
, ENDTIME
FROM PSAUTHSIGNON
WHERE CLASSID IN (
SELECT DISTINCT CLASSID
FROM PSROLECLASS
WHERE ROLENAME IN (
SELECT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER = 'TEST_R'))
3. Make
the Permission Lists Display Only
We add the pages to the new permission lists, but set Display Only to 1:
INSERT INTO PSAUTHITEM (CLASSID, MENUNAME, BARNAME, BARITEMNAME,
PNLITEMNAME, DISPLAYONLY, AUTHORIZEDACTIONS)
(SELECT CLASSID || '_R'
, MENUNAME
, BARNAME
, BARITEMNAME
, PNLITEMNAME
, 1 DISPLAYONLY
, AUTHORIZEDACTIONS
FROM PSAUTHITEM
WHERE CLASSID IN (
SELECT DISTINCT CLASSID
FROM PSROLECLASS
WHERE ROLENAME IN (
SELECT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER = 'TEST_R')))
(SELECT CLASSID || '_R'
, MENUNAME
, BARNAME
, BARITEMNAME
, PNLITEMNAME
, 1 DISPLAYONLY
, AUTHORIZEDACTIONS
FROM PSAUTHITEM
WHERE CLASSID IN (
SELECT DISTINCT CLASSID
FROM PSROLECLASS
WHERE ROLENAME IN (
SELECT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER = 'TEST_R')))
4.
Create the new Read-Only Roles
INSERT INTO PSROLEDEFN
(ROLENAME, VERSION, ROLETYPE, DESCR, QRYNAME, ROLESTATUS, RECNAME, FIELDNAME, PC_EVENT_TYPE, QRYNAME_SEC, PC_FUNCTION_NAME, ROLE_PCODE_RULE_ON, ROLE_QUERY_RULE_ON, LDAP_RULE_ON, ALLOWNOTIFY, ALLOWLOOKUP, LASTUPDDTTM, LASTUPDOPRID, DESCRLONG)
(SELECT SUBSTR(ROLENAME, 1,28) || '_R'
, VERSION
, ROLETYPE
, DESCR
, QRYNAME
, ROLESTATUS
, RECNAME
, FIELDNAME
, PC_EVENT_TYPE
, QRYNAME_SEC
, PC_FUNCTION_NAME
, ROLE_PCODE_RULE_ON
, ROLE_QUERY_RULE_ON
, LDAP_RULE_ON
, ALLOWNOTIFY
, ALLOWLOOKUP
, SYSDATE
, 'TEST'
, DESCRLONG
FROM PSROLEDEFN
WHERE ROLENAME IN (
SELECT DISTINCT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER = 'TEST_R'))
(ROLENAME, VERSION, ROLETYPE, DESCR, QRYNAME, ROLESTATUS, RECNAME, FIELDNAME, PC_EVENT_TYPE, QRYNAME_SEC, PC_FUNCTION_NAME, ROLE_PCODE_RULE_ON, ROLE_QUERY_RULE_ON, LDAP_RULE_ON, ALLOWNOTIFY, ALLOWLOOKUP, LASTUPDDTTM, LASTUPDOPRID, DESCRLONG)
(SELECT SUBSTR(ROLENAME, 1,28) || '_R'
, VERSION
, ROLETYPE
, DESCR
, QRYNAME
, ROLESTATUS
, RECNAME
, FIELDNAME
, PC_EVENT_TYPE
, QRYNAME_SEC
, PC_FUNCTION_NAME
, ROLE_PCODE_RULE_ON
, ROLE_QUERY_RULE_ON
, LDAP_RULE_ON
, ALLOWNOTIFY
, ALLOWLOOKUP
, SYSDATE
, 'TEST'
, DESCRLONG
FROM PSROLEDEFN
WHERE ROLENAME IN (
SELECT DISTINCT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER = 'TEST_R'))
5.
Add the read only permission lists to the read only roles
INSERT INTO PSROLECLASS(ROLENAME, CLASSID)
(SELECT SUBSTR(ROLENAME, 1,28) || '_R'
, CLASSID || '_R'
FROM PSROLECLASS
WHERE ROLENAME IN (
SELECT DISTINCT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER = 'TEST_R'))
(SELECT SUBSTR(ROLENAME, 1,28) || '_R'
, CLASSID || '_R'
FROM PSROLECLASS
WHERE ROLENAME IN (
SELECT DISTINCT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER = 'TEST_R'))
6.
Update the user profile with the new read only role names
UPDATE PSROLEUSER
SET ROLENAME = SUBSTR(ROLENAME, 1,28) || '_R'
WHERE ROLEUSER = 'TEST_R'
SET ROLENAME = SUBSTR(ROLENAME, 1,28) || '_R'
WHERE ROLEUSER = 'TEST_R'
Also need to perform the following:
- Run Portal Security Sync (to sync security up).
- Bounce the App Server and clear cache.
- Run SJT_OPR_CLS (Refresh the Security Join Table that contains the Operator and Classid data)
- Close and reopen your Web Browser and clear its local cache.
No comments :
Post a Comment