Skip Headers
Oracle® Fusion Middleware Fusion Developer's Guide for Oracle Application Development Framework
11g Release 1 (11.1.1.5.0)

Part Number B31974-10
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

C Oracle ADF Permission Grants

This appendix lists the security-aware components of Oracle Application Development Framework (Oracle ADF) and the actions that their Permission implementation classes define.

Table C-1 shows the ADF components and their permission grants that you can define to create ADF security policies. You add grants to the policy store using the overview editor for ADF security policies. A permission grant specifies the fully qualified permission class name, the fully qualified resource name, the action that can be performed against the resource, and the application role target of the grant. When you enable ADF security to enforce permission checking, the operations supported by ADF components will be inaccessible to users who do not possess sufficient access rights as defined by grants to their application role.

For complete details about defining ADF security policies in Fusion web applications, see Chapter 30, "Enabling ADF Security in a Fusion Web Application."

Note:

JDeveloper displays grantable actions for Fusion web applications including actions for the Oracle WebCenter Framework. Oracle WebCenter Framework supports creating personalizable web pages. For details about securing WebCenter applications, see the Oracle Fusion Middleware Developer's Guide for Oracle WebCenter.

Table C-1 ADF Security Permission Grants

ADF Component Grantable Action Corresponding Implementation

ADF bounded task flow

View

The view action controls who can read and execute a bounded task flow. Pages that the user accesses within the process of executing a bounded task flow will not be individually security checked and will run under the permission of the task flow.

In this release, this is the only task flow action supported by Fusion web applications without Oracle WebCenter.

 

Customize

Reserved for future use. This action is not checked at runtime.

 

Grant

Reserved for future use. This action is not checked at runtime.

 

Personalize

Reserved for future use. This action is not checked at runtime.

ADF page definition

View

The view action controls who can view the page. Page-level security is checked for pages that have an associated page definition binding file only if the page is accessed in the process of an unbounded task flow. There is a one-to-one relationship between the page definition file and the web page it secures.

In this release, this is the only page definition action supported by Fusion web applications without Oracle WebCenter.

 

Customize

The customize action controls who can make implicit changes (such as minimize/restore, delete, or move) to a WebCenter Customizable Component (in a Panel Customizable or Show Detail Frame) contained in a page of a custom application (one enabled to use Oracle Composer) or a WebCenter application.

 

Edit

The edit action controls who can invoke Oracle Composer and who can make changes to the page using Oracle Composer. Additionally, this action combines personalize and customize actions. This means that the edit action also controls who can make implicit changes to a WebCenter Customizable Component (in a Panel Customizable or Show Detail Frame) contained in a page with the edit permission grant.

 

Grant

The grant action confers the rights specified by all WebCenter-specific actions combined; it is equivalent to granting all other actions. It also controls who can make grants to other users and who can change security settings on the page using Oracle Composer.

 

Personalize

The personalize action controls who can make implicit changes (such as minimize/restore, delete, or move) to a WebCenter Customizable Component (in a Panel Customizable or Show Detail Frame) contained in a page of a custom application (one enabled to use Oracle Composer) or a WebCenter application.

ADF Business Components entity objects

read

The read action controls who can view a row of the bound collection.

 

update

The update action controls who can update any attribute of the bound collection.

 

removeCurrentRow/delete

The delete action controls who can delete a row from the bound collection.

ADF Business Components attributes of entity objects

update

The update action controls who can update a specific attribute of the bound collection.