If MW_PLSQL_AET.MW_GRANTS_FLAG = "Y" Then rem Internal grants; rem Find all missing privileges and grant them; &SQL = CreateSQL(SQL.MW_PLSQL_CHECK_GRANTS); /* Select missing grants by comparing ALL_TAB_PRIVS with PS_MW_GRANTS */ While &SQL.Fetch(&SQLText) /* Loop through the missing grants */ &PS_SQLFile.WriteLine(&SQLText | ";"); /* Write the command out to the SQL file */ try SQLExec(&SQLText); /* Run the SQL */ catch Exception &OraError MessageBox(0, "", 0, 0, "Failed to execute grant: " | &ViewName); MessageBox(0, "", 0, 0, " ERROR: " | &OraError); &EndInError = True; end-try; End-While; rem Find all undocumented privileges and revoke them; &SQL = CreateSQL(SQL.MW_PLSQL_REVOKE_GRANTS); /* Select undocumented grants by comparing ALL_TAB_PRIVS with PS_MW_GRANTS */ While &SQL.Fetch(&SQLText) /* Loop through the undocumented grants */ &PS_SQLFile.WriteLine(&SQLText | ";"); /* Write the command out to the SQL file */ SQLExec(&SQLText); /* Run the SQL */ MW_PLSQL_AET.AE_APPSTATUS = 1; /* End this App Engine with a warning, since we found undocumented grants */ End-While; End-If; ******************************************************************************************************************* (SQL.MW_PLSQL_CHECK_GRANTS); SELECT 'GRANT SELECT ON ' || 'PS_' || RD.RECNAME || ' TO ' || G.ROLENAME FROM PS_MW_GRANTS G, PSRECDEFN RD WHERE RD.RECNAME = G.RECNAME AND ( END_DATE >= trunc( SYSDATE ) OR END_DATE IS NULL ) AND SELECT_FLAG = 'Y' UNION SELECT 'GRANT INSERT ON ' || 'PS_' || RD.RECNAME || ' TO ' || G.ROLENAME FROM PS_MW_GRANTS G, PSRECDEFN RD WHERE RD.RECNAME = G.RECNAME AND ( END_DATE >= trunc( SYSDATE ) OR END_DATE IS NULL ) AND INSERT_FL = 'Y' UNION SELECT 'GRANT UPDATE ON ' || 'PS_' || RD.RECNAME || ' TO ' || G.ROLENAME FROM PS_MW_GRANTS G, PSRECDEFN RD WHERE RD.RECNAME = G.RECNAME AND ( END_DATE >= trunc( SYSDATE ) OR END_DATE IS NULL ) AND UPDATE_FLAG = 'Y' UNION SELECT 'GRANT DELETE ON ' || 'PS_' || RD.RECNAME || ' TO ' || G.ROLENAME FROM PS_MW_GRANTS G, PSRECDEFN RD WHERE RD.RECNAME = G.RECNAME AND ( END_DATE >= trunc( SYSDATE ) OR END_DATE IS NULL ) AND DELETE_FLAG = 'Y' MINUS SELECT 'GRANT ' || PRIVILEGE || ' ON ' || TABLE_NAME || ' TO ' || GRANTEE FROM ALL_TAB_PRIVS A WHERE GRANTOR = 'SYSADM' Note: CASE WHEN RD.SQLTABLENAME = ' ' THEN 'PS_' || RD.RECNAME ELSE RD.SQLTABLENAME END ************************************************************************************************************************* MW_PLSQL_REVOKE_GRANTS SELECT 'REVOKE ' || PRIVILEGE || ' ON ' || TABLE_NAME ||' FROM ' || GRANTEE FROM ALL_TAB_PRIVS A WHERE GRANTOR = 'SYSADM' AND PRIVILEGE <> 'INHERIT PRIVILEGES' AND GRANTEE NOT IN ( 'PEOPLE','PEOPLE2' ) AND TABLE_NAME NOT LIKE 'BIN$%' MINUS SELECT 'REVOKE SELECT ON ' || 'PS_' || RD.RECNAME ||' FROM ' || G.ROLENAME FROM PS_MW_GRANTS G, PSRECDEFN RD WHERE RD.RECNAME = G.RECNAME AND ( END_DATE >= trunc( SYSDATE ) OR END_DATE IS NULL ) AND SELECT_FLAG = 'Y' MINUS SELECT 'REVOKE INSERT ON ' || 'PS_' || RD.RECNAME ||' FROM ' || G.ROLENAME FROM PS_MW_GRANTS G, PSRECDEFN RD WHERE RD.RECNAME = G.RECNAME AND ( END_DATE >= trunc( SYSDATE ) OR END_DATE IS NULL ) AND INSERT_FL = 'Y' MINUS SELECT 'REVOKE UPDATE ON ' || 'PS_' || RD.RECNAME ||' FROM ' || G.ROLENAME FROM PS_MW_GRANTS G, PSRECDEFN RD WHERE RD.RECNAME = G.RECNAME AND ( END_DATE >= trunc( SYSDATE ) OR END_DATE IS NULL ) AND UPDATE_FLAG = 'Y' MINUS SELECT 'REVOKE DELETE ON ' || 'PS_' || RD.RECNAME END ||' FROM ' || G.ROLENAME FROM PS_MW_GRANTS G, PSRECDEFN RD WHERE RD.RECNAME = G.RECNAME AND ( END_DATE >= trunc( SYSDATE ) OR END_DATE IS NULL ) AND DELETE_FLAG = 'Y'