../E12512-02.epub /> ../E12512-02.mobi />

Managing Application Express Users

Workspace administrators can create new user accounts, manage existing user accounts, and change user passwords. User accounts are particularly useful if you are using Application Express Authentication. Application Express Authentication checks the user name and password against the Oracle Application Express account repository. The Oracle Application Express account repository contains account information for developers and administrators when they log in to Oracle Application Express applications.

If the workspace administrator enables the Account Locking/Expiration feature for end user accounts, new account management attributes are exposed. Accounts may be locked, unlocked, or expired. Passwords for those accounts can also have restrictions, such as a fixed lifetime, a maximum number of consecutive incorrect passwords when attempting to log in, and a requirement to be changed on first use.

Topics in this section include:

See Also:

"Exporting Workspace Users" in Oracle Application Express Application Builder User’s Guide

Creating New User Accounts

Workspace administrators can create three different types of user accounts:

  • Developers can create and edit applications and view developer activity, session state, workspace activity, application, and schema reports.

  • Workspace administrators perform administrator tasks specific to a workspace, such as managing user accounts, managing groups, altering passwords of users within the same workspace, and managing development services.

  • End users have no development privileges and can access only applications that do not use an external authentication scheme.

To create a new user account:

  1. Navigate to the Workspace home page.

  2. From the Administration list, click Manage Application Express Users.

    The Manage Application Express Users page appears.

  3. Click Create.

    The Create User page appears.

  4. Under User Identification, enter the appropriate information.

  5. Under Developer Privileges:

    • Accessible Schemas (null for all) - Enter a colon-delimited list of schemas for which this developer has permissions when using the SQL Workshop. This list of schemas restricts the user to a subset of the full set of schemas provisioned for the workspace and determines what schema names the user sees in SQL Workshop.

    • Default Schema - Identifies the default schema used for data browsing, application creation, and SQL script execution.

    • User is a developer - To add this user as a developer, select Yes. For end users, select No.

      Developers can create and modify applications and database objects and view developer activity, session state, workspace activity, application, and schema reports.

    • User is a workspace administrator - To add this user as a workspace administrator, select Yes. For developers or end users, select No.

      In addition to having developer privileges, workspace administrators can create and edit user accounts, manage groups, alter passwords of users within the same workspace, and manage development services.

      Note:

      You create end users by adding them as users but not defining them as either developers or workspace administrators, restricting their privileges.
  6. Under Account Control:

    • Set Account Availability - Select Unlocked to allow a user to log in to this account. Select Locked to prevent a user from logging in to this account. Select Unlocked to enable the account to be used.

    • Require Change of Password on First Use - Select Yes to require the user to change the password immediately after logging in with the current, temporary password.

      This rule applies to the use of this account for developers and workspace administrators. It also applies to all users who use this account when logging in to developed applications.

    Tip:

    An Oracle Application Express administrator can configure these settings for an entire Oracle Application Express instance and define password complexity policies. See "Enabling Login Controls for All Workspaces". "About Password Policies", and "Configuring Password Policies"
  7. Under User Groups, select an optional user group.

    You can use groups to restrict access to various parts of an application. Groups are primarily useful when using Application Express Authentication.

  8. Under Additional Attributes, update the user's name or add descriptive information about the user or account.

  9. Click Create User or Create and Create Another.

Editing Existing User Accounts

Workspace administrators can edit existing user accounts.

To edit an existing user account:

  1. Navigate to the Workspace home page.

  2. From the Administration list, click Manage Application Express Users.

    The Manage Application Express Users page appears. You can control how the page displays using the navigation bar at the top of the page. See "About the Navigation Bar".

  3. Select a user.

    The Edit User page appears.

  4. Under Edit User, update the username or email address.

  5. Under Password, edit the current password by typing a new password in the Password and Confirm Password fields.

  6. Under Developer Privileges:

    • Accessible Schemas (null for all) - Enter a colon-delimited list of schemas for which this developer has permissions when using the SQL Workshop. This list of schemas restricts the user to a subset of the full set of schemas provisioned for the workspace and determines what schema names the user sees in SQL Workshop.

    • Default Schema - Identifies the default schema used for data browsing, application creation, and SQL script execution.

    • Specify the privileges for this user:

      • User is a developer - Developers create and modify applications and database objects and view developer activity, session state, workspace activity, application, and schema reports.

      • User is a workspace administrator - In addition to having developer privileges, workspace administrators can create and edit user accounts, manage groups, alter passwords of users within the same workspace, and manage development services.

  7. Under Account Control:

    • Account Availability - Select Locked to prevent a user from logging in to this account. Select Unlocked to enable the account to be used.

    • Developer/Administrator Password and End User Password - Shows the a status of either valid or expired. A password expires when its lifetime span passes.

    • Expire Password - Select this option to force the user to enter a new password the next time they log in. This option does not appear for invalid accounts or for workspaces not using the password expiration/account locking functionality.

    • Require Change of Password on First Use - Select Yes to require the user to change the password immediately after logging in with the current, temporary password.

      This rule applies to the use of this account for developers and workspace administrators. It also applies to all users who use this account when logging in to developed applications.

    Tip:

    An Oracle Application Express administrator can configure these settings for an entire Oracle Application Express instance. See "Configuring Security Settings".
  8. Under User Groups, select an optional user group.

    You can use groups to restrict access to various parts of an application. Groups are primarily useful when using Application Express Authentication.

  9. Under Additional Attributes, update the user's name or add descriptive information about the user or account.

  10. Click Apply Changes.

About the Navigation Bar

A navigation bar displays at the top of the Manage Application Users page.

Description of nav_bar_users.gif follows
Description of the illustration nav_bar_users.gif

The Manage Application Users page navigation bar contains the following controls:

  • Find. Use the Find field to search for an specific user. Enter a case insensitive query and click Go.

  • Show. Select the type of user account to view and click Go. Options include:

    • All Accounts

    • Expired Accounts

    • Locked Accounts

    • Unlocked Accounts

    • My Account

    • Developer Accounts

  • View. Select a display mode and click Go. Display options include:

    • Icons (the default) displays each user as a large icon. Different colors indicate the user role, and a lock indicates a locked account. An hourglass indicates an expired account.

    • Details displays each user as a line in a report. To expand the report, select the Show Additional Report Columns check box and click Go.

  • Display. Select the number of users to display on the page and click Go.

Deleting or Locking User Accounts

Workspace administrators can delete or lock user accounts.

To delete or lock a user account:

  1. Navigate to the Workspace home page.

  2. From the Administration list, click Manage Application Express Users.

    The Manage Application Express Users page appears. You can control how the page displays using the navigation bar at the top of the page. See "About the Navigation Bar".

  3. Select a user.

    The Edit User page appears.

  4. To delete a user:

    1. Click the Delete User button.

    2. Confirm your selection and click OK.

  5. To lock the account:

    1. Scroll down to the Account Controls section.

    2. For Account Availability, select Locked.

    3. Click Apply Changes.

Changing an End User Password

To change an end user password:

  1. Navigate to the Workspace home page.

  2. From the Administration list, click Manage Application Express Users.

    The Manage Application Express Users page appears.

  3. Select a user.

    Tip:

    To search for an existing user, enter a query in the Find field and click Go.
  4. Under Password, type a new password in the Password and Confirm Password fields.

  5. Click Apply Changes.

Using Groups to Manage Application Express Users

You can create groups to restrict access to various parts of an application. Keep in mind, however, that groups are not portable over different authentication schemes. Groups are primarily useful when using Application Express Authentication (Internal Cookie User authentication).

Topics in this section include:

Creating a Group

To create a new group:

  1. Navigate to the Workspace home page.

  2. From the Administration list, click Manage Application Express Users.

    The Manage Application Express Users page appears.

  3. Click the User Groups tab.

    The User Groups page appears.

  4. On the User Groups page, click Create.

    The Create/Edit User Group page appears.

  5. Specify a group name and description, and click Create Group.

Editing an Existing User Group

To edit an existing group assignment:

  1. Navigate to the Workspace home page.

  2. From the Administration list, click Manage Application Express Users.

    The Manage Application Express Users page appears.

  3. Click the User Groups tab.

    The User Groups page appears.

  4. Select the group you want to edit.

    The Create/Edit User Group page appears.

  5. Make the appropriate edits and click Apply Changes.

Viewing Group Assignment Reports

To view a report of user group assignments:

  1. Navigate to the Workspace home page.

  2. From the Administration list, click Manage Application Express Users.

    The Manage Application Express Users page appears.

  3. Click the User Groups tab.

    The User Groups page appears.

  4. From the Manage Groups list, click User Group Assignments.

    The User Groups Assignments report appears.

  5. To edit a user group assignment, click the Edit icon.

    The Edit User page appears.

  6. Scroll down to User Groups and select a new group and click Apply Changes.

Adding Users to a Group

To add a user to a group:

  1. Navigate to the Workspace home page.

  2. From the Administration list, click Manage Application Express Users.

    The Manage Application Express Users page appears.

  3. Select a user.

    The Edit User page appears.

  4. Scroll down to User Groups.

  5. Select a new group and click Apply Changes.

Removing Users from a Group

To remove a user to a group:

  1. Navigate to the Workspace home page.

  2. From the Administration list, click Manage Application Express Users.

    The Manage Application Express Users page appears.

  3. Click Existing Users.

    The Existing Users page appears.

  4. Select a user.

    The Edit User page appears.

  5. Scroll down to User Groups.

  6. Deselect the group you wantto remove the user from and click Apply Changes.