Skip Headers
Oracle® Application Express Application Builder User's Guide
Release 4.2

E35125-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to current chapter
Up
Go to next page
Next
PDF · Mobi · ePub

15.5 Providing Security Through Authorization

Authorization is a broad term for controlling access to resources based on user privileges. While conditions control the rendering and processing of specific page controls or components, authorization schemes control user access to specific controls or components.

Topics:

15.5.1 How Authorization Schemes Work

An authorization scheme extends the security of your application's authentication scheme. You can specify an authorization scheme for an entire application, page, or specific control such as a region, item, or button. For example, you could use an authorization scheme to selectively determine which tabs, regions, or navigation bars a user sees.

An authorization scheme either succeeds or fails. If a component or control level authorization scheme succeeds, the user can view the component or control. If it fails, the user cannot view the component or control. If an application or page-level authorization scheme fails, then Oracle Application Express displays a previously defined message.

When you define an authorization scheme, you give it a unique name. Once defined, you can attach it to any component or control in your application. To attach an authorization scheme to a component or control in your application, simply navigate to the appropriate attributes page and select an authorization scheme from the Authorization Scheme list.

15.5.2 Creating an Authorization Scheme

Before you can attach an authorization scheme to an application or an application component or control, you must first create it.

To create an authorization scheme:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authorization Schemes.

  5. Click Create.

  6. Specify how to create an authorization scheme by selecting one of the following:

    • From Scratch

    • As a Copy of an Existing Authorization Scheme

  7. Follow the on-screen instructions.

15.5.2.1 Editing Attributes of an Existing Authorization Scheme

To edit attributes of an existing authorization scheme:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authorization Schemes.

    The Authorization Schemes page appears. By default, each scheme displays as an icon.

  5. You can customize the appearance the page using the Search bar at the top of the page. Available controls include:

    • Select columns to search - Resembles a magnifying glass. Click this icon to narrow your search. To search all columns, select All Columns.

    • Text area - Enter case insensitive search criteria (wildcard characters are implied) to search for items by name and then click Go.

    • Go button - Executes a search or applies a filter.

    • View Icons - Displays each scheme as a large icon. To edit a scheme, click the appropriate icon.

    • View Report - Displays each scheme as a line in a report. To edit a scheme, click the Edit icon.

    • Actions menu - Use the Actions menu to customize the report view. See "About the Actions Menu".

15.5.2.2 About the Evaluation Point Attribute

You can specify when your authorization scheme is validated in the Evaluation Point attribute. You can choose to have your authorization scheme validated once for each session or once for each page view.

Keep in mind, if you specify that an authorization scheme should be evaluated once for each session and the authorization scheme passes, then the underlying code, test, or query will not be executed again for the duration of the application session. If your authorization scheme consists of a test whose results might change if evaluated at different times during the session, then you should specify that the evaluation point be once for each page view.

15.5.2.3 About Resetting Authorization Scheme State

If an authorization scheme is validated once for each session, Oracle Application Express caches the validation results in each user's session cache. You can reset a session's authorization scheme state by calling the APEX_UTIL.RESET_AUTHORIZATIONS API.

Calling this procedure nulls out any previously cached authorization scheme results for the current session. Be aware that this procedure takes no arguments and is part of the publicly executable APEX_UTIL package.

See Also:

"RESET_AUTHORIZATIONS Procedure" in Oracle Application Express API Reference

15.5.3 Attaching an Authorization Scheme to an Application, Page, or Components

Once you have created an authorization scheme you can attach it to an entire application, page, control, or component.

Topics:

15.5.3.1 Attaching an Authorization Scheme to an Application

To attach an authorization scheme to an application:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. Click the Shared Components icon.

    The Shared Components page appears.

  4. Under Security, click Security Attributes.

  5. Scroll down to Authorization and make a selection from the Authorization Scheme list.

  6. For Run on Public Pages, select Yes or No to specify whether the application-level authorization scheme is checked on public pages (that is, pages that do not require authorization). To learn more, see "Authorization".

  7. To define a new authorization scheme, click Define Authorization Schemes.

15.5.3.2 Attaching an Authorization Scheme to a Page

To attach an authorization scheme to a page:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. Select a page.

  4. To access the Edit Page:

    • Tree view - Under Page Rendering, double-click the page title at the top of the tree.

    • Component view- Under Page, click the page name.

  5. Scroll down to Security and make a selection from the Authorization Scheme list.

15.5.3.3 Attaching an Authorization Scheme to a Control or Component

To attach an authorization scheme to a page component or control:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. Select a page.

  4. Click the name of the component or control to which you want to apply the authorization scheme.

  5. Scroll down to Security and make a selection from the Authorization Scheme list.

15.5.4 Viewing Authorization Reports

You can use the Authorization Scheme Subscription and Authorization Scheme Utilization reports to better manage authorization schemes within your application.

To view authorization scheme reports:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authorization Schemes.

  5. Click the appropriate tab at the top of the page:

    • Subscription

    • by Component

    • Utilization

    • History

15.5.4.1 Subscription

Use the Authorization Scheme Subscription report to view details about authorization schemes subscription.

15.5.4.2 By Component

Use the By Component report to view all components within this application which have an associated authorization scheme. For a component to be rendered it must pass authorization schemes placed on the component level, the page level, and at the application level.

15.5.4.3 Utilization

Use the Authorization Scheme Utilization report to view details about authorization schemes utilization.

To view additional reports indicating which pages having authorization schemes and which do not, select one of the following from the Tasks list:

  • Report Pages With Authorization Schemes

  • Report Pages Without Authorization Schemes

15.5.4.4 History

Use the History report to view recent modifications made to Authorization Schemes in this application.