C ADF Security Permission Grants

This appendix lists the security-aware components of Oracle Application Development Framework (Oracle ADF) and the actions that their Permission implementation classes define.

Table C-1 shows the ADF components and their permission grants that you can define to create ADF security policies. You add grants to the policy store using the overview editor for ADF security policies. A permission grant specifies the fully qualified permission class name, the fully qualified resource name, the action that can be performed against the resource, and the application role target of the grant. When you enable ADF security to enforce permission checking, the operations supported by ADF components will be inaccessible to users who do not possess sufficient access rights as defined by grants to their application role.

For complete details about defining ADF security policies in Fusion web applications, see Chapter 35, "Enabling ADF Security in a Fusion Web Application."

Table C-1 ADF Security Permission Grants

ADF Component Grantable Action Corresponding Implementation

ADF bounded task flow

View

The view action controls who can read and execute a bounded task flow. Pages that the user accesses within the process of executing a bounded task flow will not be individually security checked and will run under the permission of the task flow.

 

Customize

Reserved for future use. This action is not checked at runtime.

 

Grant

Reserved for future use. This action is not checked at runtime.

 

Personalize

Reserved for future use. This action is not checked at runtime.

ADF page definition

View

The view action controls who can view the page. Page-level security is checked for pages that have an associated page definition binding file only if the page is accessed in the process of an unbounded task flow. There is a one-to-one relationship between the page definition file and the web page it secures.

ADF Business Components entity objects

read

The read action controls who can view a row of the bound collection.

 

update

The update action controls who can update any attribute of the bound collection.

 

removeCurrentRow/delete

The delete action controls who can delete a row from the bound collection.

ADF Business Components attributes of entity objects

update

The update action controls who can update a specific attribute of the bound collection.