6. Manage User Access to an Object Group¶
Maje sure that user and object group exist:
6.1. Granting Access to an Object Group for a User¶
Grant access to an object group for a user by using the script API_SCURTY.GRANT_USER_OG_ACCESS. Set the parameter p_rw_access to ture if read/write access should be granted. The parameter p_scol_access controls sensitive column access.
Important
If the object group itself is already set to read only access setting the parameter p_rw_access to true will have no impact at all.
In the example below user ‘testuser’ is granted read access to OG ‘TEST_OG’. The user cannot see any sensitive columns.
Example
1EXECUTE SCRIPT API_SCURTY.GRANT_USER_OG_ACCESS (
2 'TEST_OG' -- p_object_group
3 ,'testuser' -- p_user_name
4 ,null -- p_rw_access
5 ,null -- p_scol_access
6);
After successfully granting access to the object group ‘TEST_OG’ for the user ‘testuser’ you can see this entry in the table REP_USER_OG_ACCESS.
OBJECT_GROUP |
USER_NAME |
RW_ACCESS |
SCOL_ACCESS |
|---|---|---|---|
TEST_OG |
TESTUSER |
false |
false |
6.2. Revoking Access on an Object Group from a User¶
To revoke access on an object group from a user use the script API_SCURTY.REVOKE_USER_OG_ACCESS.
Example
1EXECUTE SCRIPT API_SCURTY.REVOKE_USER_OG_ACCESS (
2 'TEST_OG' -- p_object_group
3 ,'testuser' -- p_user_name
4);
After issuing the command above, the access to the object group is revoked for the user provided in the statement above. Therefore, the entry of the table REP_USER_OG_ACCESS is gone as well.