0 Replies Latest reply on Nov 18, 2010 12:16 PM by Carolin

    Questions about User Access Control for Web Service Calls

      Hi All,

      I have some questions about how to control user access for transactions called by web service:

      1. When calling ENG_ECO_PUB.PROCESS_ECO via web service (e.g. submitting in soapUI) it seems that the PL/SQL API only checks the value of profile option ENG:ENG_ITEM_ECN_ACCESS, but nothing else.
      Securing ECOs to departments for example, seems to remain out of consideration in PROCESS_ECO call: A User who isn't allowed to view/update an ECO for a special deapartment in apps forms, however is allowed to update this ECO when called by web service (PROCESS_ECO).
      Are there any PL/SQL APIs for achieving same behaviour for user access validation (for PROCESS_ECO Call) as behaviour when updating ECOs via apps forms?
      2. Generally - as I have implemented some custom PL/SQLs for reading ECOs and Items - are there any PL/SQL APIs available for checking user access, to get the same access validation behavior as when quering for ECOs/Items in forms?
      I found public API BOM_SECURITY_PUB.CHECK_USER_PRIVILEGE and tried to implement this one in my custom ECO Read PL/SQL, but I don't get correct ECO validation for departments with this one.
      Isn't it the correct API for checking ECO Access? Is it only used for checking Item or BOM Access? What else APIs are available?

      Please, could you give me some suggestions of how to control user access for both, already existing PL/SQL APIs and own customized PL/SQLs ?