| 1 | = Updating Users in Enmasse = |
| 2 | |
| 3 | = Overview = |
| 4 | Two circumstances prompt mass updates to user privileges in the ZUAUSR tables: 1) A Change is made in the structure of ZUAUSR classes for the sake of better management and 2) Banner functionality has increased and all users must be retroactively granted those roles in Banner as well as recording the same in ZUAUSR. |
| 5 | |
| 6 | = Structural Changes Made in the ZUAUSR Tables = |
| 7 | |
| 8 | |
| 9 | = Banner Functionality Necessitates Increased Roles = |
| 10 | |
| 11 | The process required to add scripts to ZUAUSR is discussed in [[https://iam.alaska.edu/trac/wiki/scriptHell|Creating, Modifying, or Deleting ZUAUSR Processing Scripts]] |
| 12 | {{{ |
| 13 | select 'alter user ' || username || ' grant connect through banproxy;' |
| 14 | from dba_users |
| 15 | where username not in |
| 16 | (select grantee from dba_role_privs where granted_role='TERMINATED') |
| 17 | and profile='USER_GENERAL' |
| 18 | and username not in ('BFINMGR','SYAUD01','SYFINEV') |
| 19 | and username not in (select client from sys.proxy_users); |
| 20 | }}} |
| 21 | |
| 22 | |
| 23 | To get a list of users needing the new class added in ZUAUSR, you can execute |
| 24 | the query and select just the usernames. I'd suggest verifying that there are no |
| 25 | unexpected IDs returned before adding the new class in ZUAUSR. |
| 26 | |
| 27 | {{{ |
| 28 | select username |
| 29 | from dba_users |
| 30 | where username not in |
| 31 | (select grantee from dba_role_privs where granted_role='TERMINATED') |
| 32 | and profile='USER_GENERAL' |
| 33 | and username not in ('BFINMGR','SYAUD01','SYFINEV') |
| 34 | and username not in (select client from sys.proxy_users); |
| 35 | }}} |