Applications Security

Get Involved. Join the Conversation.

Topic

    Gopinath Kartheesan
    How to Mass "Revoke" data access in Manage Data...
    Topic posted December 18, 2017 by Gopinath KartheesanBronze Trophy: 5,000+ Points, tagged HCM, Security 
    541 Views, 12 Comments
    Title:
    How to Mass "Revoke" data access in Manage Data access for Users?
    Summary:
    How to Mass "Revoke" data access in Manage Data access for Users if the roles are not auto provisioned and revoked later
    Content:

    We have a situation where we have assigned roles manually to the user profile through security console.  Later we provided Data access to those users.  Now when we revoke the roles for the user, the Data access is not getting revoked for the user.

    We have many users who has the same situation.  In Manage Data access for users UI, I can revoke the data access one by one.  But how can I mass revoke data access like Authorize data access using spreadsheet upload?

    Regards

    Gopi

    Comment

     

    • Volodymyr Faranosov
      Hi, Have you considered an HDL. There is a template to add/remove roles. Best regards, Volodymyr
      • Younes Akhouili

        HDL can absolutely add/remove roles, however Data Access Set is is different than roles. It's an additional access to data after assigning roles.

    • Gopinath Kartheesan

      That's correct.  We are using HDL for mass Add or Revoke roles but we don't know how to mass remove Data access from the user.  The excel spreadsheet allows user to mass authorize data access. 

      • Naveen BITRA

        Hi Gopinath - Can you please let me know on how to use HDL to provision and revoke roles?

        • Ahmed

          Hi Naveen,

          You can use RoleMapping.dat file to autoprovision roles to users based on criteria. For adding/ removing roles you can user User.dat file.

          METADATA|User|PersonNumber|RoleCommonName|AddRemoveRole
          MERGE|User|12312|PER_EMPLOYEE_ABSTRACT|ADD

          METADATA|User|PersonNumber|RoleCommonName|AddRemoveRole
          MERGE|User|12312|PER_EMPLOYEE_ABSTRACT|REMOVE

    • Yousif Badawi

      I am struggling with the right way to fill the excel sheet to give many users some data access, is there any video or step-by-step manual with screenshot so that I can understand how I can copy one staff data-access roles to other team in his department, all at once. Thanks!

      Reference:
      Assigning Data Access to Users Using a Spreadsheet:
      https://docs.oracle.com/cloud/farel12/common/FASER/FASER1345798.htm#FASER1345779

    • Larry Gabucan

      Hi,

      We have a requirement to remove the old data access set and replace it with new roles. The existing template can be used to add data access assignment but it cannot be used to revoke the roles. If someone has done revoking data access set in bulk load please share it with us. :Thank you. :-)

    • Jenny Jackson

      Hi Gopi - Did you ever find a solution to this issue? We are in a similar situation and wish to mass revoke data security contexts for a large number of users. 

      Thanks!

      • Gopinath Kartheesan

        No Jenny.  All we did is, unassign / remove the roles automatically using the HDL spreadsheet upload and that removed some of the data access as well.  But few were still remaining.  The users were not impacted since they didn't have the roles assigned and hence the data access that exist didn't impact them.

        Regards

        Gopi

        • Jenny Jackson

          Thanks, Gopi. I have opened an SR with Oracle to see if I can get their assistance with this. I will update this thread with any information they provide.

    • Larry Gabucan

      Someone familiar with REST API? 

      What does this mean? Please copy paste the link below taken from the document repository

      https://docs.oracle.com/en/cloud/saas/financials/18c/farfa/op-datasecurities-userroledataassignmentid-patch.html