2.5 IS_ROLE_REMOVED_FROM_USER Function
This function checks if a role is removed from a user. This function returns TRUE
if a specific role is removed from the list of new role IDs for the user.
This function is used to ensure that a user cannot remove a role identified by p_role_static_id
from him/herself.
Syntax
APEX_ACL.IS_ROLE_REMOVED_FROM_USER (
p_application_id IN NUMBER DEFAULT apex_application.g_flow_id,
p_user_name IN VARCHAR2,
p_role_static_id IN VARCHAR2,
p_role_ids IN apex_t_number )
RETURN BOOLEAN;
Parameters
Parameter | Description |
---|---|
p_application_id |
The application ID for which you want to check if a specific role removed from the list of roles was from a user. It defaults to the current application. |
p_user_name |
The case insensitive name of the application user to check. |
p_role_static_id |
The case insensitive name of the role static ID to check if it is removed. |
p_role_ids |
The array of NUMBER type new role IDs the user is assigned to. |
Returns
Returns TRUE
when p_user_name
currently has the role identified by p_role_static_id
but the roles identified by p_role_ids
do not include the role identified by p_role_static_id
.
Return FALSE
in all other cases.
Example
The following example uses the IS_ROLE_REMOVED_FROM_USER function to ensure the current user of the app who has the ADMINISTRATOR
role does not remove him/herself from the role when updating or deleting the access to the app.
BEGIN
IF :P1_USER_NAME = :APP_USER
and apex_acl.is_role_removed_from_user (
p_application_id => :APP_ID,
p_user_name => :APP_USER,
p_role_static_id => 'ADMINISTRATOR',
p_role_ids => apex_string.split_numbers(
p_str => case when :REQUEST = 'DELETE' THEN
null
ELSE
:P1_ROLE_IDS
END,
p_sep => ':') ) THEN
raise_application_error(-20001, 'You cannot remove administrator role from yourself.' );
END IF;
END;
Parent topic: APEX_ACL