1. Developing Applications with Oracle Visual Builder
  2. Augment Applications
  3. Secure the Application
  4. Allow Anonymous Access

Allow Anonymous Access

Visual Builder applications, by default, require authentication; all users must sign in with their Oracle Cloud credentials to access your app. If you want users to access your app without signing in, you can enable anonymous access from the app-level Settings editor.

Note:

The service administrator must enable anonymous access in the instance’s Tenant settings. You will not be able to enable anonymous access for your visual applications if anonymous access to applications is not permitted for the instance.

When anonymous access is enabled, users are not required to sign in and are automatically assigned the Anonymous User authentication role. By default, users assigned this role cannot access the data stored in your visual application’s business objects or retrieved from services. You must explicitly allow anonymous users access to this data by configuring the security settings of business objects and services. You also need to allow anonymous access to the Describe endpoint for your business objects.

Changes that you make to authentication and security settings are applied only when you stage or publish the application. The versions of your application that are currently staged or published are unaffected. For example, if your application is already published, you must create a new version of the application, change its settings to allow anonymous access, then stage or publish the application again for the new security settings to take effect.

  1. To enable users to access your visual app without signing in, enable anonymous access in the app's Security tab:
    1. Open your web (or mobile) application in the Navigator.
    2. Open the application artifact and click Settings, then Security.
    3. Deselect Require authenticated access under Permissions.
    With anonymous access enabled, users don't need to sign in to access the app.
  2. To allow anonymous users access to the visual application's data stored in business objects, enable role-based security in the business object’s Security tab and specify the operations that the Anonymous User authentication role can perform:
    1. Open your business object's Security tab.
    2. Click the Role-based security icon (if not enabled).
    3. Configure the rights granted to users assigned the Anonymous User role.
    With anonymous access enabled, anonymous users can perform operations on business objects based on the permissions granted to the Anonymous User authentication role.
  3. To allow anonymous access to service connection data. enable and specify the authentication mechanism for anonymous access in the service connection's server details:
    1. Open your service connection's Servers tab and edit the server details.
    2. Select Allow anonymous access to the service connection infrastructure under Security.

      If the option is grayed out, click Override Security to override security inherited from the backend, then select Allow anonymous access to the service connection infrastructure.


      Description of security-sc-anonymousaccess.png follows
      Description of the illustration security-sc-anonymousaccess.png

    3. From the Authentication for Anonymous Users drop-down list, select the authentication mechanism you want to use.

    With anonymous access enabled, anonymous users can access data from the service connections that are configured to allow anonymous access.

  4. Applications that allow anonymous access and have business objects with anonymous access must explicitly allow anonymous access to the business object's Describe endpoint:
    1. Open the Business Objects tab of the visual application's Settings editor.
    2. Select Allow anonymous access to business objects describe end point.

      Description of security-settings-bo-anonymoususer.png follows
      Description of the illustration security-settings-bo-anonymoususer.png

      If you choose to allow anonymous access, access to an endpoint will still require adding the header “Authorization: Public” to the request. This header is injected automatically for requests sent from your visual applications. Here's how you can add the header to the request from external clients:
      • Include auth in the Describe endpoint URL, for example:

        https://servicename-cloudaccount.test.oraclecloud.com/ic/builder/rt/myapp/1.0/resources/auth/data/describe?metadataMode=minimal

      • Add the “Authorization: Public” header to the request, for example, from the cURL command line:

        curl -v https://servicename-cloudaccount.test.oraclecloud.com/ic/builder/rt/myapp/1.0/resources/data/describe?metadataMode=minimal -H 'Authorization: Public'