Академический Документы
Профессиональный Документы
Культура Документы
securityAuthorizationanduserrolesinOracleApex?StackOverflow
StackOverflowisacommunityof4.7
millionprogrammers,justlikeyou,
helpingeachother.
signup
login
tour
help
JointheStackOverflowcommunityto:
Jointhemitonlytakesaminute:
Signup
Askprogramming
questions
Answerandhelp
yourpeers
Getrecognizedforyour
expertise
AuthorizationanduserrolesinOracleApex?
SoApexhas"workspaces",whichletyoucreateusersofthreetypesallofwhichareinternaltotheorganizationinnature.Also,thereseemsto
benowayforadeveloperofanindividualsiteonApextohave"users"justforhissite.
AmImissingsomething?
Ineedtobeabletohaveexternal(business)userstobeabletogetaccesstojustsomefeaturesofthesite,forexample,accountingcanonly
seepagesAandBwhileexecutivescanseeA,B,andC.
Ineedtohaveabilitytohaveseveralgroupsofpeoplewithdifferencedegreesofaccess.
Canthisonlybedonebycreatingworkspaces/groups?Orcanthatbedoneinternallyonjustmysite?
security permissions authorization roles oracleapex
editedMar23'12at19:19
askedOct26'11at15:40
Bishan
4,990
antonpug
30
96
164
2,627
17
47
92
2Answers
AlthoughAPEXhasabuiltinusermanagementconceptcalled"Groups"ImustconfessIhave
neverusedit,andaquickperusalofthedocumentationdoesn'tmakeitcleartomehowyouuse
thesetocontrolaccess(butseeTom'sanswerhereforthat).
Youwillprobablyneedtocreateuser/roletableswithinyourdatabaseandusethesein
conjunctionwithAPEXAuthorizationSchemestocontrolaccesstopages.AsingleAuthorization
Schemeoftype"PL/SQLFunctionreturningBoolean"couldbecreatedwiththefunctionbody:
returnmy_auth_pkg.is_authorized(p_user=>:app_user,
p_app_id=>:app_id
p_page_id=>:app_page_id);
Youwouldthenimplementthepackagetolookuptheuser'sprivilegesanddecidewhetherto
returnTRUEorFALSEfortheapplicationandpageid.
AlternativelyyoucouldjustperformtheSQLtocheckforaccessdirectlyintheAuthorization
http://stackoverflow.com/questions/7905159/authorizationanduserrolesinoracleapex
1/3
7/6/2016
securityAuthorizationanduserrolesinOracleApex?StackOverflow
Scheme:
(NB"user_roles"and"role_pages"arenamesImadeup,torepresentyourtables)
editedOct27'11at9:14
answeredOct26'11at16:10
TonyAndrews
84.8k
11
135
185
TonyAndrews Oct26'11at16:18
Ahalright.SothatisalsowhereIwouldcreatethecheckstoseeifmydbtablecontainstheproper
IjustwishtoexpandonTony'sanswer,whichbyitselfiscorrect.Ijustwanttoshowyouanother
way,whichithinkwouldbeeasieronatotalbeginnerandomitsthecreationoftables.
IfyourapplicationusesApexasauthenticationscheme,thenyourusersaremanagedthrough
theadministrationoftheworkspaceitself.Youcancreate,editanddeleteusers,butyoucanalso
definegroups,andlinkuserstogroups.Itispossibleforyoutocreateseveral"enduser"typeof
users,anddefineacoupleofgroups,like"Executives".
Whenyouhavecreatedyourgroup,gototheuseryouwishtoassignthisgroupto,andaddthe
grouptothegroupsofthatuser
http://stackoverflow.com/questions/7905159/authorizationanduserrolesinoracleapex
2/3
7/6/2016
securityAuthorizationanduserrolesinOracleApex?StackOverflow
Onceyouhavethatsetup,youstillneedtheauthorizationschemes.Thefactremainsyouneed
somepl/sqlknowledgehere,butitispossibletokeepthecodingtoaminimum,thankstosome
handyapiwork.
Thecurrent_user_in_groupdoeswhatitsays:itchecksforthecurrentuserifhehassaidgroup
assigned.WithsomeexpandingusingsomesimpleIFstructures,youcanrampitupabit!
Notthati'dtotallyrecommendthismethod,ifinditabittediousmyself,andyouneedsomeoneto
gointoAPEXtoactuallymaintainusersandtheirgroups,butitcouldwellbethatthisis
acceptableinyourenvironment.Youcoulduseittostartoutwithhowever.Youcanveryeasily
switchoutauthenticationschemes,andwithalteringyourauthorizationschemessotheycomply
withthenewauthscheme,youcaneasilyandquicklyadjustthisafterward.Itdependsonyour
prioritiesandgoalsofcourse.
answeredOct26'11at21:53
Tom
4,696
14
27
1 +1Great,nowIknowhowtousethebuiltingroups!Ihadlookedattheapex_utildocsbeforeanswering,
butfailedtoseethatfunction.Justanobservation:yourcodeinexpression1canbereducedtosimply
returnapex_util.current_user_in_group(p_group_name=>'Executives'); TonyAndrews Oct26'11
at22:24
IimplementedyouranswerhereTom,anditsureiseffectiveatrestrictingaccess.Infact,Ican'tgettothe
loginpageanymore.XDHowmightIfixthat?IshouldnotethatIappliedtheauthorizationschemeatthe
applevel,notthepagelevel.DoIhavetoturnauthorizationoffattheapplevelandreallygothroughand
limitaccesstoeachpageindividually?TraxusIVJan31'15at8:21
1 @TraxusIVWow,sorryforthelateresponse!Ithinkthismightbetiedtoyourapexversion,andlater
versionsofapexshouldn'tdothisanymore(Ibelieve).Mightbefrom4.2andup.Otherthanthat,yes,you'll
needtoassigndirectly.Don'tfretthough,youcandothisrelativelyeasilybygoingtoUtilities>select
Crosspageutilitiesontherightsidebar>grideditofallpages.Youcanchangetheauthorizationscheme
there,easily,forallyourpages.Don'tforgettosave!:)TomMar2'15at11:39
http://stackoverflow.com/questions/7905159/authorizationanduserrolesinoracleapex
3/3