Users who have the Integration Administrator role can create grants to a specific user, users, or a group of users. Grants given to a user for specific services or operations are applicable for both SOAP and REST services.
Note: In this release, only PL/SQL APIs and Concurrent Programs can be exposed as both SOAP and REST services. Java Bean Services and Application Module Services can be exposed as REST services only.
Managing Grants in the Grants Tab for PL/SQL APIs, Concurrent Programs, Java Bean Services, and Application Module Services
Security grants for PL/SQL APIs, Concurrent Programs, Java Bean Services, and Application Module Services are managed in the Grants tab of the interface details page.
For interfaces with the support for SOAP services only, security grants are managed in the Methods region instead. See: Managing Security Grants for SOAP Web Services Only.
Creating Security Grants
The administrator can select one or more procedures and functions or methods contained in the selected interface, and then click Create Grant. The Create Grants page is displayed where the administrator can grant the selected method access permissions to a user, user group, or all users.
Once a method access permission is authorized to a grantee, it grants the permission to access the associated SOAP and REST service operations simultaneously. For example, when a user (OPERATIONS) is authorized to have access permission on a method called 'Change User Name', regardless if the method has been exposed as a SOAP or REST service operation or not, the user OPERATIONS has the permission to access the 'Change User Name' operation of BOTH service types through the same grant.
PL/SQL interfaces can be exposed as SOAP services with the support for both synchronous and asynchronous patterns. The security grants given for the selected method names would be applicable to the generated services of both patterns.
If a selected interface contains overloaded functions, each of them can be uniquely granted through the create grant feature. If you select more than one overloaded function for the grant, an Overloaded column appears in the table with the selected function names checked.
Revoking Security Grants
The administrator can revoke security grants in the following ways:
Revoking Commonly Assigned Grants to All Selected Procedures or Methods
Select more than one procedure and function or method that you want to revoke the grants created earlier, and click Revoke Grant. This opens the Revoke Grants page where you can find the existing grants that are commonly assigned to the selected methods.
For example, a selected interface has the following grants:
| Method Names | Grantee |
|---|---|
| Change User Name | SYSADMIN OPERATIONS |
| Test User Name | OPERATIONS MKTMGR BUSER |
| Validate User Name | BUSER OPERATIONS |
A specific User (grantee type) 'OPERATIONS' (grantee name) is commonly authorized to all the methods contained in the selected interface. Therefore, only User 'OPERATIONS' is listed as the common grant for all the methods.
To revoke this common grant, select these three method check boxes first, and then click Revoke Grant. This revokes the common grant, User 'OPERATIONS, assigned to these selected methods.
If there is more than one common grant listed in the table, select desired common grants from the table before clicking Revoke Grant.
Revoking Grants for a Single Procedure and Function or Method
In the Grants tab of the interface details page, select a desired method and then click Revoke Grant. The Revoke Grants page displays the existing grants that have been created for the selected method.
Select the grants that you want to revoke from the table, and click Revoke Grant to revoke the selected grants.
Viewing Grant Details
Each grant contains information about grantee type, grantee name, and whether the grant is authorized through a direct grant (such as a specific user 'OPERATIONS') or other grant method (such as through a user group 'Marketing Group').
To view grant details, click the Grant icon for the method that you want to view. A pop-up window appears with the grant details.
In addition to the Grants tab, you can view the grant details for a desired method from the SOAP Web Service tab and the REST Web Service tab.
To create grants:
Log in to Oracle E-Business Suite as a user who has the Integration Administrator role. Select the Integrated SOA Gateway responsibility and the Integration Repository link.
In the Integration Repository tab, select 'Interface Type' from the View By drop-down list.
Expand an interface type node and click an interface definition (such as a PL/SQL API or concurrent program) that can be exposed as both SOAP and REST services.
The interface details page appears.
In the Grants tab, select one or more procedure and function or method names for which you want to create grants.
Click Create Grant. The Create Grants page appears.
Select a grantee type:
Specific User
Group of Users
All Users
If you select Specific User or Group of Users, specify the user or group for which to create the grants in the Grantee Name field.
Click Create Grant.
The interface details page reappears.
To view or revoke grants:
You can view and revoke existing grants directly in the methods list on the interface details page.
Navigate to the selected interface that can be exposed as REST services.
To view grant details:
In the Grants tab, the SOAP Web Service tab, or the REST Web Service tab, click the Grant icon for a given operation. A pop-up window appears allowing you to view the grant details for the selected operation.
To revoke grants in the Grants tab:
To revoke common grants for all selected methods
Select more than one method from the table and click Revoke Grant. The Revoke Grants page appears. Select one or more common grants from the table and click Revoke Grant.
To revoke grants for a single method
Select a desired method from the table and then click Revoke Grant.
Select one or more existing grants from the table and click Revoke Grant to revoke the grants.