Skip Headers
Oracle® Application Express Application Builder User's Guide
Release 4.1

Part Number E21674-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

Providing Security Through Authorization

Authorization is a broad term for controlling access to resources based on user privileges. While conditions control the rendering and processing of specific page controls or components, authorization schemes control user access to specific controls or components.

Topics:

How Authorization Schemes Work

An authorization scheme extends the security of your application's authentication scheme. You can specify an authorization scheme for an entire application, page, or specific control such as a region, item, or button. For example, you could use an authorization scheme to selectively determine which tabs, regions, or navigation bars a user sees.

An authorization scheme either succeeds or fails. If a component or control level authorization scheme succeeds, the user can view the component or control. If it fails, the user cannot view the component or control. If an application or page-level authorization scheme fails, then Oracle Application Express displays a previously defined message.

When you define an authorization scheme, you give it a unique name. Once defined, you can attach it to any component or control in your application. To attach an authorization scheme to a component or control in your application, simply navigate to the appropriate attributes page and select an authorization scheme from the Authorization Scheme list.

Creating an Authorization Scheme

Before you can attach an authorization scheme to an application or an application component or control, you must first create it.

To create an authorization scheme:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authorization Schemes.

  5. Click Create.

  6. Specify how to create an authorization scheme by selecting one of the following:

    • From Scratch

    • As a Copy of an Existing Authorization Scheme

  7. Follow the on-screen instructions.

Editing Attributes of an Existing Authorization Scheme

To edit attributes of an existing authorization scheme:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authorization Schemes.

    The Authorization Schemes page appears. By default, each scheme displays as an icon.

  5. You can customize the appearance the page using the Search bar at the top of the page. Available controls include:

    • Search icon - Resembles a magnifying glass. Click this icon to narrow your search to only specific columns. To search all columns, select All Columns.

    • Text area - Enter case insensitive search criteria (wildcard characters are implied) and then click Go.

    • Go button - Executes a search or applies a filter.

    • View icons. Use this control to toggle between icon and report views. To change the view, click these icons:

      • View Icons (default) displays each scheme as a large icon.

      • View Report displays information in a report. To view the events in a flow chart, click the Show icon under the Flow Chart column.

    • Actions menu - Displays the Actions menu. Use this menu to customize the report view. See "About the Actions Menu".

About the Evaluation Point Attribute

You can specify when your authorization scheme is validated in the Evaluation Point attribute. You can choose to have your authorization scheme validated once for each session or once for each page view.

Keep in mind, if you specify that an authorization scheme should be evaluated once for each session and the authorization scheme passes, the underlying code, test, or query will not be executed again for the duration of the application session. If your authorization scheme consists of a test whose results might change if evaluated at different times during the session, then you should specify that the evaluation point be once for each page view.

About Resetting Authorization Scheme State

If an authorization scheme is validated once for each session, Oracle Application Express caches the validation results in each user's session cache. You can reset a session's authorization scheme state by calling the APEX_UTIL.RESET_AUTHORIZATIONS API.

Calling this procedure nulls out any previously cached authorization scheme results for the current session. Be aware that this procedure takes no arguments and is part of the publicly executable APEX_UTIL package.

See Also:

"RESET_AUTHORIZATIONS Procedure" in Oracle Application Express API Reference

Attaching an Authorization Scheme to an Application, Page, or Components

Once you have created an authorization scheme you can attach it to an entire application, page, control, or component.

Topics:

Attaching an Authorization Scheme to an Application

To attach an authorization scheme to an application:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. Click the Shared Components icon.

    The Shared Components page appears.

  4. Under Security, click Security Attributes.

  5. Scroll down to Authorization and make a selection from the Authorization Scheme list.

  6. To define a new authorization scheme, click Define Authorization Scheme.

Attaching an Authorization Scheme to a Page

To attach an authorization scheme to a page:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. Select a page.

  4. To access the Edit Page:

    • Tree view - Under Page Rendering, double-click the page title at the top of the tree.

    • Component view- Under Page, click the page name.

  5. Scroll down to Security and make a selection from the Authorization Scheme list.

Attaching an Authorization Scheme to a Control or Component

To attach an authorization scheme to a page component or control:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. Select a page.

  4. Click the name of the component or control to which you want to apply the authorization scheme.

  5. Scroll down to Security and make a selection from the Authorization Scheme list.

Viewing Authorization Reports

You can use the Authorization Scheme Subscription and Authorization Scheme Utilization reports to better manage authorization schemes within your application.

To view authorization scheme reports:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authorization Schemes.

  5. Click the appropriate tab at the top of the page:

    • Subscription

    • by Component

    • Utilization

    • History

Subscription

Use the Authorization Scheme Subscription report to view details about authorization schemes subscription.

By Component

Use the By Component report to view all components within this application which have an associated authorization scheme. For a component to be rendered it must pass authorization schemes placed on the component level, the page level, and at the application level.

Utilization

Use the Authorization Scheme Utilization report to view details about authorization schemes utilization.

To view additional reports indicating which pages having authorization schemes and which do not, select one of the following from the Tasks list:

  • Report Pages With Authorization Schemes

  • Report Pages Without Authorization Schemes

History

Use the History report to view recent modifications made to Authorization Schemes in this application.