There are three methods:
1. Standard
method
1. Identify the menu that is
attached to the responsibility, for example GL super user.
2. Identify the form functions
that are attached to this menu.
3. Now create a new form
function exactly similar to the standard one but with the option
QUERY_ONLY="YES" in
the location
"Application"-->"function"-->"Form"-->"Parameter".
4. This makes the function read
only.
5. Now create a new menu with
these read-only functions and attach the menu to the new responsibility.
2. Create a
read-only DB user
1. Create the user for the required schema:
SQL> connect system/manager
SQL> create user
<your_user> identified by <your_user_password> default tablespace
<tablespace_to_assign_to_user>
temporary tablespace temp;
2. Grant connect and resource privileges to your user:
SQL> connect system/manager
SQL> grant connect, resource
to <your_user>;
3. Use the following select statements to generate a script
that will grant privileges on APPS objects to your user.
Note the following:
a. This select statement should
generate a script that will grant almost all required permissions to a user
called MYUSER.
Note: please replace MYUSER with
<your_user> in the following SQL statements.
b. This select statement is a
guide only and may not work for some EBS versions. You should work with your
DBA to enhance it according to your requirements.
c. Run the two scripts as SYS
user.
SELECT 'GRANT '
||
DECODE(O.OBJECT_TYPE,'TABLE','SELECT',
'VIEW','SELECT',
'EXECUTE')
|| ' ON '
||
DECODE(O.Owner,'PUBLIC','',O.Owner || '.')
|| '"'
|| O.OBJECT_NAME
|| '"'
|| ' TO MYUSER;' COMMAND
FROM ALL_OBJECTS O
WHERE O.OBJECT_TYPE IN
('TABLE','PACKAGE','PACKAGE BODY','PROCEDURE', 'VIEW','FUNCTION')
UNION
SELECT 'GRANT '
|| DECODE (O2.object_type,
'TABLE', 'SELECT',
'VIEW', 'SELECT',
'EXECUTE')
|| ' ON '
||
DECODE(O.Owner,'PUBLIC','',O.Owner || '.')
|| '"'
|| O.object_name
|| '"'
|| ' TO MYUSER;' COMMAND
FROM ALL_OBJECTS O, ALL_OBJECTS
O2, DBA_SYNONYMS S
WHERE O.object_type = 'SYNONYM'
AND O.object_name =
S.synonym_name
AND O2.object_name =
S.table_name
AND O2.OBJECT_TYPE IN
('TABLE','PACKAGE','PACKAGE BODY','PROCEDURE', 'VIEW','FUNCTION')
4. Use the following select statement to generate a script
that will create synonyms in <your_user> schema for all objects owned by
APPS.
SELECT 'CREATE SYNONYM MYUSER.'
|| O.OBJECT_NAME
|| ' FOR APPS.'
|| O.OBJECT_NAME
|| ';' COMMAND
FROM DBA_OBJECTS O
WHERE O.Owner = 'APPS'
5. In Oracle apps, register the new DB users as a user and
Datagroup (Similar to apps)
a. Register Oracle User
Naviate to
(N)Security-->Oracle-->Register
Database User Name =
<your_user>
Password = <your_password>
Privilege = Enabled
Install Group = 0
Description = Read-only
Application User
b.Register a Data Group
Navigate to
(N)Security-->Oracle-->DataGroup
Data Group = <your_group>
Description = Read-only Data
Group
Click on "Copy Applications
from" and pick Standard data Group, then change the ORACLE ID from
"APPS" to "<your_user>
6. Create a responsibility and attach it to the new created
data group.
3. Modify
Custom.pll
Refer to Note 363298.1 - 'How To Make All The
Responsibilities Read Only For A User to develop your own custom code'.
+++++++++++++++Doc ID 1290228.1+++++++++++++++
great
ReplyDelete