Contextual Security: Role Management Enhancements

Contextual Security: Role Management Enhancements prevents duplicate entries in the User Roles [sys_user_has_role] table.

Contextual Security: Role Management Enhancements is automatically installed on new instances starting with the Geneva release and can be activated for upgrades. When activated, Contextual Security: Role Management Enhancements replaces the legacy version.

Eliminate duplicate entries through inheritance count

The Contextual Security: Role Management Enhancements uses the inheritance count (inh_count) column to track the number of times a role is inherited from another role or group. In the User Roles [sys_user_has_role] table, a user can inherit a specific role only one time, eliminating duplicate entries. The inheritance count (inh_count) column is read-only and is calculated by the number of times the role is inherited by the user. If the inh_count value is 0, the inherited role is removed from the user.

When Contextual Security: Role Management Enhancements is activated, the following columns are deprecated, but remain in the User Roles table for backward compatibility:
  • granted_by
  • included_in_role
  • included_in_role_instance

Visualize role inheritance through the Role Inheritance Map

The Role Inheritance Map displays a visual representation of inherited roles. To view the Role Inheritance Map, configure the User Roles [sys_user_has_role] table to display the Role Inheritance Map column.
Figure 1. Role Inheritance Map