Only integration administrators or users who have the Integration Administrator role can create security grants by authorizing the access permissions of interface methods (or procedures and functions) to a user, a user group, or all users. Similarly, the administrators can revoke the grants from an authorized user, user group, or all users on a selected method or service.
Interface types that have the security grant feature available are PL/SQL, Concurrent Program, Business Service Object, Java Bean Services, and Application Module Services.
Managing Grants in the Methods Region
For interfaces that can be exposed as SOAP services only, security grants are managed in the Methods region. For example, use the Methods region to manage security grants for Business Service Object interfaces.
Note: Security grants for XML Gateway interfaces are managed in the Trading Partner User Setup Form although XML Gateway interfaces can only be exposed as SOAP services. See Managing XML Gateway User Security in the Trading Partner User Setup Form.
Managing Grants in the Grants Tab
For interfaces that can be exposed as REST services, security grants are managed in the Grants tab. These interfaces include PL/SQL APIs, Concurrent Programs, Java Bean Services, and Application Module Services.
Please note that the grant feature applies to the interfaces that can be exposed as both SOAP and REST services. For example, when a user (OPERATIONS) is authorized to have access permission on a PL/SQL API method name called 'Change User Name', the user will have the permission to access the associated 'Change User Name' service operations of both SOAP and REST service types through the same grant.
Creating Security Grants
To create a grant, select appropriate method name check boxes in the Methods region or in the Grants tab if the selected interface can be exposed as a REST service. Click Create Grant to open the Create Grants page.
In the Create Grants page, select a grantee type and grantee name if it's applicable. Click Apply. This creates security grants for the selected methods.
Please note that the grant action applies to both SOAP and REST PL/SQL services.
Revoking Security Grants
To revoke a grant in the Methods region, select the Show link for the method that the administrator wants to view or revoke the grant. The Grant Details section of the selected method appears with the grantee and grantee type information. Click the Revoke icon for the grant that you want to revoke.
To revoke a grant in the Grants tab, the administrator can perform the action in two ways:
Revoking Grants for a Single Procedure and Function
Select a desired procedure and function from the Service Operations region first and then click Revoke Grant. The Revoke Grants page displays the existing grants details assigned to the selected procedure and function.
Select one or more existing grants from the table for the selected procedure, and click Revoke Grant to revoke the grants.
Revoking Commonly Assigned Grants to All Procedures
Select more than one procedure and function name that have grants created earlier, and click Revoke Grant in the Grants tab. The Revoke Grants page is displayed where the administrator can find existing grants that are commonly assigned to the selected procedures and functions.
For example, two procedures and functions (such as 'Create Credit Request' and 'Get Application Number') are assigned to the same User (grantee type) 'operations' (grantee name). This common grant User 'operations' is displayed in the second table of the Revoke Grants page.
The administrator should be able to select the desired common grant(s) (such as User 'operations' in the above example) and click Revoke Grant. The specified common grant(s) should be removed for the selected procedures and functions.
For more information about how to manage grants in the Methods region, see Managing Security Grants for the SOAP Web Services Only.
For more information about how to manage grants in the Grants tab, see Managing Security Grants for the SOAP and REST Web Services.
Managing XML Gateway User Security in the Trading Partner User Setup Form
For XML Gateway interfaces, authorizing users to perform XML Gateway inbound transactions with a trading partner is performed in Oracle XML Gateway instead. The administrator needs to:
Set the "ECX: Enable User Check for Trading Partner" profile option to "Yes" to enable trading partner specific security feature
Associate users with a trading partner
Log in to Oracle E-Business Suite as a user who has the XML Gateway responsibility. Navigate to Setup and then select Define Trading Partners from the navigation menu. In the Define Trading Partner Setup form, click the User Setup button to access the Trading Partner User Setup form where the administrator can associate users with a trading partner.
For more information about trading partner user security, refer to Trading Partner Setup, XML Gateway Setup chapter, Oracle XML Gateway User's Guide.