Changes between Version 1 and Version 2 of banScriptHell


Ignore:
Timestamp:
06/20/17 15:58:32 (7 years ago)
Author:
lttoth@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • banScriptHell

    v1 v2  
    44Two circumstances prompt mass updates to user privileges in the ZUAUSR tables:  1) A Change is made in the structure of ZUAUSR classes for the sake of better management and 2) Banner functionality has increased and all users must be retroactively granted those roles in Banner as well as recording the same in ZUAUSR. 
    55 
    6 = Structural Changes Made in the ZUAUSR Tables = 
     6== Structural Changes Made in the ZUAUSR Tables == 
    77 
    88 
    9 = Banner Functionality Necessitates Increased Roles = 
     9== Banner Functionality Necessitates Increased Roles == 
    1010 
    11 The process required to add scripts to ZUAUSR is discussed in [[https://iam.alaska.edu/trac/wiki/scriptHell|Creating, Modifying, or Deleting ZUAUSR Processing Scripts]] 
    12 {{{ 
    13 select 'alter user ' || username || ' grant connect through banproxy;' 
    14 from dba_users 
    15 where username not in 
    16 (select grantee from dba_role_privs where granted_role='TERMINATED') 
    17 and profile='USER_GENERAL' 
    18 and username not in ('BFINMGR','SYAUD01','SYFINEV') 
    19 and username not in (select client from sys.proxy_users); 
    20 }}} 
    21  
    22  
     11The process required to add scripts to ZUAUSR is discussed in [[https://iam.alaska.edu/trac/wiki/scriptHell|Creating, Modifying, or Deleting ZUAUSR Processing Scripts]].  The process to add new Banner classes to ZUAUSR is discussed at [[https://iam.alaska.edu/trac/wiki/bannerRoleSteps|Integrating a New Banner Role into ZUAUSR]]. 
    2312To get a list of users needing the new class added in ZUAUSR, you can execute  
    2413the query and select just the usernames.  I'd suggest verifying that there are no  
     
    3423and username not in (select client from sys.proxy_users); 
    3524}}} 
     25 
     26To add the privilege in Banner: 
     27{{{ 
     28select 'alter user ' || username || ' grant connect through banproxy;' 
     29from dba_users 
     30where username not in 
     31(select grantee from dba_role_privs where granted_role='TERMINATED') 
     32and profile='USER_GENERAL' 
     33and username not in ('BFINMGR','SYAUD01','SYFINEV') 
     34and username not in (select client from sys.proxy_users); 
     35}}} 
     36 
     37