19.3 Controlling Access to Applications, Pages, and Page Components

You can control access to an application, individual pages, or page components by creating an access control list. To create an access control page, the application schema must have CREATE TABLE, CREATE TRIGGER, CREATE SEQUENCE privileges.

See Also:

"Building Queries with Query Builder" in Oracle Application Express SQL Workshop Guide

19.3.1 How the Access Control List Works

You create an access control list by running the Access Control Wizard. The Access Control Wizard creates a page named Access Control Administration which contains a list of application modes and an Access Control List. Once you create the Access Control Administration page, you must:

  • Step 1 - Run the Access Control Administration page.

  • Step 2 - Select one of the following application modes:

    • Full access to all, access control list not used.

    • Restricted access. Only users defined in the access control list are allowed.

    • Public read only. Edit and administrative privileges controlled by access control list.

    • Administrative access only.

  • Step 3 - Add users to the Access Control List.

In addition to creating the Access Control Administration page, the Access Control Wizard also creates:

  • Two tables within the application's default schema to manage the access control

  • The authorization schemes that correspond to the application mode list options

  • The privileges available in the Access Control List

You can control access to a specific page or page component by selecting one of these authorization schemes on the page or component attributes pages. Once you create an Access Control, you can customize the page, tables and values to suit the specific needs of your application.

19.3.2 Creating an Access Control List

You create an access control list by creating a page. You can create a page on the Application home page or while viewing a page.

19.3.2.1 Creating an Access Control from the Application Home Page

To create an access control list from the Application home page:

  1. On the Workspace home page, click the App Builder icon.
  2. Select an application.

    The Application home page appears.

  3. Click Create Page.
  4. For Create a Page:
    1. User Interface - Select a user interface for the page.
    2. Select a page type - Select Access Control.
    3. Click Next.
  5. For Pages:
    1. Administration Page Number - Specity an unused page number.
    2. Page Mode - Select a page mode. To learn more, see field-level Help.
    3. Page Group - Select a page group.
    4. Click Next.
  6. For Navigation Preference, specify the type of navigation to include on this page and click Next. The navigation options (for example, navigation menu or tabs) depends upon the current application theme.
  7. Review the confirmation page and click Create.

19.3.2.2 Creating an Access Control While Editing a Page

To create an access control list while editing a page:

  1. Navigate to the appropriate page.
  2. Access the Create Page Wizard:
    • Page Designer - Click the Create menu at the top of the page and select Page.

    • Component View - Click the Create menu at the top of the page and select New Page.

  3. For Create a Page:
    1. User Interface - Select a user interface for the page.
    2. Select a page type - Select Access Control.
    3. Click Next.
  4. Click New page and select New Page.
  5. For page type, select Access Control and click Next.

    The Access Control Wizard appears.

  6. For Pages:
    1. Administration Page Number - Specity an unused page number.
    2. Page Mode - Select a page mode. To learn more, see field-level Help.
    3. Click Next.
  7. For Navigation Preference, specify the type of navigation to include on this page and click Next. The navigation options (for example, navigation menu or tabs) depends upon the current application theme.
  8. Review the confirmation page and click Create.

19.3.3 Selecting an Application Mode and Adding Users

You can control access to an application by running the Access Control Administration page, selecting an application mode, and then adding users to the Access Control list.

19.3.3.1 Selecting an Application Mode

To select an application mode:

  1. Create an access control list.

    The wizard creates a page named Access Control Administration.

  2. Run the Access Control Administration page.
  3. For Application Mode, select an option:
    • Full access to all, access control list not used.

      Select this option to enable all users access to an application.

    • Restricted access. Only users defined in the access control list are allowed.

      Select this option to restrict access to users on the Access Control List. Only users on the Access Control List can view pages and components associated with an authorization scheme.

    • Public read only. Edit and administrative privileges controlled by access control list.

      Provides public access to pages and components associated with the access control - view authorization scheme.

    • Administrative access only.

      Only users with Administrator privileges can access pages or components associated with an authorization scheme.

  4. Click Set Application Mode.

    The user interface of your page depends on the theme you selected for your application.

    Next, add users to the Access Control List.

19.3.3.2 Adding Users to an Access Control List and Selecting Privileges

To add users to the Access Control List:

  1. Create an access control list.

    The wizard creates a page named Access Control Administration.

  2. Run the Access Control Administration page.
  3. Under Access Control List, click Add User.
  4. Enter a user in the Username field.
  5. Associate a privilege with the user. Available options include:
    • Administrator

    • Edit

    • View

  6. Click Apply Changes.
  7. Repeat steps 1 to 5 for all users.

19.3.3.3 Removing Users from the Access Control List

To remove users from the Access Control List:

  1. Select the user to be removed by selecting the check box to the left of the user name.
  2. Click Delete.

19.3.4 About Controlling Access for Pages and Page Components

The Access Control Wizard creates authorization schemes that correspond to the application mode list options and the privileges available in the Access Control List.

You can control access to a specific page or page component by selecting one of the following authorization schemes on the page or component attributes pages:

  • Access control administrator. Only users with Administrator privileges can view the page or component.

  • Access control - edit. Users with both Edit and Administrator privileges can view the page or component. Users with View privileges cannot view the page or component.

  • Access control - view. Users with Administrator, Edit, or View privileges can view the page or component.

  • Not access control administrator. Users with Administrator privileges cannot view the page or component.

  • Not access control - edit. Users with both Edit and Administrator privileges cannot view the page or component. Users with View privileges can view the page or component.

  • Not access control - view. Users with Administrator, Edit, or View privileges cannot view the page or component.