Good Morning Shubha.
Please check on the below and let me know your findings.
Thanks and kind regards, Louis van Amelsfort.
What happens when you alter permissions of a service offering or SOG or a service option?
First of all, permissions are entirely persisted in EEM.
When you change permissions of a service offering, it creates an ACL in offering folder on EEM and attached all the affected resources(Service offering, SOG and Service option).
For example, by assigning permission to a group 'Domain Admins' for the service offering 'Monitor accessories', the following ACLs are created. (Refer to screenshot at bottom too),
The code finds the list of all Rate plans (SOG) and service options, using the following queries:
SQL> select id, child_id from usm_offering_rplan_inclusion where parent_id = 10060;
ID CHILD_ID ---------- ---------- 10043 10045 10042 10046 10041 10047 10044 10048
SQL> select usm_offering_ratedef_inclusion.child_id id
from usm_offering_ratedef_inclusion,usm_rate_definition
where usm_offering_ratedef_inclusion.child_id = usm_rate_definition.item_id
and usm_rate_definition.rate_col = 0
and usm_offering_ratedef_inclusion.parent_id = 10060
and usm_offering_ratedef_inclusion.rate_plan_id = 10045;
ID ---------- 13354
SQL> select usm_offering_ratedef_inclusion.child_id id
from usm_offering_ratedef_inclusion,usm_rate_definition
where usm_offering_ratedef_inclusion.child_id = usm_rate_definition.item_id
and usm_rate_definition.rate_col = 0
and usm_offering_ratedef_inclusion.parent_id = 10060
and usm_offering_ratedef_inclusion.rate_plan_id = 10046;
ID ---------- 13555 13567 13643 13647 13684 13688 13733 13737 13741 13748 13751
ID ---------- 13758 13768 13777 13784 13788 13792 13796 13800 13810 13814 13818
ID ---------- 13831 13864 13888
25 rows selected.
SQL> select usm_offering_ratedef_inclusion.child_id id
from usm_offering_ratedef_inclusion,usm_rate_definition
where usm_offering_ratedef_inclusion.child_id = usm_rate_definition.item_id
and usm_rate_definition.rate_col = 0
and usm_offering_ratedef_inclusion.parent_id = 10060
and usm_offering_ratedef_inclusion.rate_plan_id = 10047;
ID ---------- 13835
SQL> select usm_offering_ratedef_inclusion.child_id id
from usm_offering_ratedef_inclusion,usm_rate_definition
where usm_offering_ratedef_inclusion.child_id = usm_rate_definition.item_id
and usm_rate_definition.rate_col = 0
and usm_offering_ratedef_inclusion.parent_id = 10060
and usm_offering_ratedef_inclusion.rate_plan_id = 10048;
ID ---------- 13843
After getting this data, a new ACL is created (refer diagram below) with following resources includedoffering__10060 | offering_rplan_inclusion__10060*10045 | offering_ratedef_inclusion__10060*13354 | offering_rplan_inclusion__10060*10046 | offering_ratedef_inclusion__10060*13555 | offering_ratedef_inclusion__10060*13567 | offering_ratedef_inclusion__10060*13643 | offering_ratedef_inclusion__10060*13647 | offering_ratedef_inclusion__10060*13684 | offering_ratedef_inclusion__10060*13688 | offering_ratedef_inclusion__10060*13733 | offering_ratedef_inclusion__10060*13737 | offering_ratedef_inclusion__10060*13741 | offering_ratedef_inclusion__10060*13748 | offering_ratedef_inclusion__10060*13751 | offering_ratedef_inclusion__10060*13758 | offering_ratedef_inclusion__10060*13768 | offering_ratedef_inclusion__10060*13777 | offering_ratedef_inclusion__10060*13784 | offering_ratedef_inclusion__10060*13788 | offering_ratedef_inclusion__10060*13792 | offering_ratedef_inclusion__10060*13796 | offering_ratedef_inclusion__10060*13800 | offering_ratedef_inclusion__10060*13810 | offering_ratedef_inclusion__10060*13814 | offering_ratedef_inclusion__10060*13818 | offering_ratedef_inclusion__10060*13831 | offering_ratedef_inclusion__10060*13864 | offering_ratedef_inclusion__10060*13888 | offering_rplan_inclusion__10060*10047 | offering_ratedef_inclusion__10060*13835 | offering_rplan_inclusion__10060*10048 | offering_ratedef_inclusion__10060*13843 |
|
Rationale:
Catalog has a logic to create an ACL object in EEM whenever permission for a service offering changes.
These objects use a numbered sequence such as 'ACL_10001_Offerings' ACL_10002_Offerings
The next available number is stored in usm_lastid table.
For this specific case, the next available number is stored against name 'eiam_acl_id'.
This information is stored in EEM and it's not a trivial task to get this information.
When in the SC-UI for a service/offering/option and you click on the permissions tab, it goes to EEM and gathers the information from there.
This information is stored in a proprietary database for EEM.
This data is not stored in an MDB table anywhere.
Getting this information from EEM is not a trivial task, I'm afraid as this is done in the Service Catalog code.
You may be able to get this information from EEM using EEM web services, but that is outside the scope of support.