4 APEX_AUTHORIZATION

The APEX_AUTHORIZATION package contains public utility functions used for controlling and querying access rights to the application.

• ENABLE_DYNAMIC_GROUPS Procedure

• IS_AUTHORIZED Function

• RESET_CACHE Procedure

ENABLE_DYNAMIC_GROUPS Procedure

This procedure enables groups in the current session. These groups do not have to be created in the Application Express workspace repository, but can, for example, be loaded from a LDAP repository. Enabling a group that exists in the workspace repository and has other groups granted to it, also enables the granted groups.

If Real Application Security, available with Oracle Database Release 12g, is enabled for the authentication scheme, all dynamic groups are enabled as RAS dynamic or external groups (depending whether the group exists in dba_xs_dynamic_roles).

This procedure must be called during or right after authentication, for example, in a post-authentication procedure.

Syntax

APEX_AUTHORIZATION.ENABLE_DYNAMIC_GROUPS (
    p_group_names IN apex_t_varchar2 );

Parameters

Table 4-1 ENABLE_DYNAMIC_GROUPS Procedure Parameter

Parameter	Description
p_group_names	Table of group names.

Example

This example enables the dynamic groups SALES and HR, for example, from within a post authentication procedure.

begin
   apex_authorization.enable_dynamic_groups (
       p_group_names => apex_t_varchar2('SALES', 'HR') );
end;

See Also:

View APEX_WORKSPACE_SESSION_GROUPS and View APEX_WORKSPACE_GROUP_GROUPS

IS_AUTHORIZED Function

Determine if the current user passes the authorization with name p_authorization_name. For performance reasons, authorization results are cached. Because of this, the function may not always evaluate the authorization when called, but take the result out of the cache.

See Also:

"Changing the Evaluation Point Attribute" in Oracle Application Express Application Builder User's Guide

Syntax

APEX_AUTHORIZATION.IS_AUTHORIZED (
    p_authorization_name IN VARCHAR2 )
    RETURN BOOLEAN;

Parameters

Table 4-2 IS_AUTHORIZED Function Parameters

Parameter	Description
p_authorization_name	The name of an authorization scheme in the application.

Returns

Table 4-3 IS_AUTHORIZED Function Returns

Parameter	Description
TRUE	If the authorization is successful.
FALSE	If the authorization is not successful.

Example

This example prints the result of the authorization "User Is Admin".

begin
    sys.htp.p('User Is Admin: '||
              case apex_authorization.is_authorized (
                       p_authorization_name => 'User Is Admin' )
              when true then 'YES'
              when false then 'NO'
              else 'null'
              end);
end;

RESET_CACHE Procedure

This procedure resets the authorization caches for the session and forces a re-evaluation when an authorization is checked next.

Syntax

APEX_AUTHORIZATION.RESET_CACHE;

Parameters

None.

Example

This examples resets the authorization cache.

apex_authorization.reset_cache;