Permissions for user to create/edit View and to relabel columns on a single table.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2022 08:48 AM
I have two questions.
We have a user who is requesting to have the ability to create/edit views on a single table.
Also, the same user, would like to have rights to edit columns on a single table.
Are either of these possible to address?
We want to avoid granting the admin role to this user.
I'm not finding a solution with using ACLs, but maybe I am missing something.
Thank you.
Melinda
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2022 09:10 AM
For views, the personalize role would be something to look into. For the views themselves, consider writing custom ACLs that limits which views can be edited by the user. In this case, the ACLs would include read, write, create, and delete where the user has a specific role, the view is applied to a specific table (seen in the sys_ui_list table), and is not the Default view (my suggestion but something to consider.)
For editing a specific column, you would be doing pretty much the same thing but for a write permission. The ACL would be written such that table.field write permission evaluates to true for the user.
I hope I understood that correctly and this helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2022 09:13 AM - edited 10-13-2022 09:15 AM
Hello,
personalize_form
personalize_dictionary
personalize_form role he will be able to personalize a form and even create new section and view as well But that will give him access of form layout of every table.
And personalize_dictionary will give him the access to edit fields on all the table.
What you can do is on the sys_dictionary table yo can create a create and write ACL , and in the script just mentione if table is you table and user is the particular user then answer = true; this way the user will only get field edit and form edit access on that table.
Please mark my answer as correct based on Impact.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2022 07:55 AM
Hello,
Thank you for this suggestion. I followed your suggestion as how I understood it by the following:
Add personalize_dictionary and personalize_form roles to user.
Then, create two ACLs - write and create.
Attached are screenshots of the two ACLs with a script that I built based off your recommendation. As I am new to scripting, this could be incorrect. Can you verify if this is correct?
When I impersonate this user, I do not see a limit on dictionary (instead they have access to all tables) nor permission to the form to create/edit views.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2022 07:59 AM
hello,
No you should not give personalize_dictionary and personalize_form roles to user as it will give them access to all the tables. You need to control it completely via ACL.
