1. App Builder User's Guide
  2. Managing Application Security
  3. Controlling Access to Applications, Pages, and Page Components
  4. Managing Roles and User Assignments

20.3.8 Managing Roles and User Assignments

Manage application access control roles and user role assignments on the Application Access Control page..

Tip:

You also use the APEX_APP_ACL API.

See Also:

Parent topic: Controlling Access to Applications, Pages, and Page Components

20.3.8.1 About Application Access Control

Learn about managing access control application users and roles.

You create an access control list by running the Access Control Wizard from either the Create Application Wizard or Create Page Wizard. The Access Control Wizard creates a page to manage an access control list and creates two tables within the application's default parsing schema to manage the access control list. Use the access control list within the application to associate the privileges (view, edit, and administration, with application users. Each privileges correlates to an access level role:

  • View correlates to the READER role.

  • Edit correlates to the CONTRIBUTOR role.

  • Administration correlates to the ADMINISTRATOR role.

To control access to application pages and components, you need to create an Authorization Scheme and associate it with the application.

About Defining Additional Roles

You can define additional roles on the Application Access Control page. Since roles are applied to users you must create the roles before adding users. Roles and users defined on the Application Access Control page can be reviewed using the following view:

  • APEX_APPL_ACL_USERS

  • APEX_APPL_ACL_USER_ROLES

  • APEX_APPL_ACL_ROLES

See Also:

"Attaching an Authorization Scheme to an Application"

Parent topic: Managing Roles and User Assignments

20.3.8.2 Creating Access Control Roles

Create application access control roles.

Tip:

Since roles are applied to users, you must create the roles before adding users.

To create an application access control role:

  1. Navigate to the Shared Components page:
    1. On the Workspace home page, click App Builder.
    2. Select an application.
    3. On the Application home page, click Shared Components.

      The Shared Components page appears.

  2. Under Application Logic, select Application Access Control.
    The Application Access Control page appears.
  3. Under Roles, click Add Role.
    The Role dialog appears.
  4. On Role:
    1. Name - Enter a descriptive name for this role. Name may only contain alphanumeric characters and underscores (_).
    2. Static Identifier - Alternate application identifier for this role.
    3. Description - Enter an optional description of this role.
  5. Click Create Role.

    The new role displays under Roles on the Application Access Control page.

Parent topic: Managing Roles and User Assignments

20.3.8.3 Editing or Deleting Access Control Roles

Edit or delete application access control roles.

To edit an application access control role:

  1. Navigate to the Shared Components page:
    1. On the Workspace home page, click App Builder.
    2. Select an application.
    3. On the Application home page, click Shared Components.

      The Shared Components page appears.

  2. Under Application Logic, select Application Access Control.
    The Application Access Control page appears.
  3. To edit a role:
    1. Under Roles, select the role.
      The Role dialog appears.
    2. Edit the attributes.
    3. Click Apply Changes.
  4. To delete a role:
    1. Under Roles, select the role.
      The Role dialog appears.
    2. Click Delete.

Parent topic: Managing Roles and User Assignments

20.3.8.4 Adding User Role Assignments

Define additional user role assignments on the Application Access Control page.

To add user role assignments:

  1. Navigate to the Shared Components page:
    1. On the Workspace home page, click App Builder.
    2. Select an application.
    3. On the Application home page, click Shared Components.

      The Shared Components page appears.

  2. Under Application Logic, select Application Access Control.
    The Application Access Control page appears.
  3. Under User Role Assignments, click Add User Role Assignment.
    The User Assignment dialog appears.
  4. On User Assignment:
    1. User Name - Enter a descriptive name for this role. Name may only contain alphanumeric characters and underscores (_).
    2. Application Role - Select a role.
  5. Click Create Assignment.

    The new user assignment displays under User Role Assignments.

Tip:

Application users are not exported as part of your application. When you deploy your application you will need to manually manage your user to role assignments. Roles are exported as part of an application export and imported with application imports.

Parent topic: Managing Roles and User Assignments

20.3.8.5 Editing User Role Assignments

Edit or delete user role assignments.

To edit user role assignments:

  1. Navigate to the Shared Components page:
    1. On the Workspace home page, click App Builder.
    2. Select an application.
    3. On the Application home page, click Shared Components.

      The Shared Components page appears.

  2. Under Application Logic, select Application Access Control.
    The Application Access Control page appears.
  3. To edit an existing user role assignment:
    1. Under User Role Assignments, select a user name.
      The User Assignment dialog appears.
    2. For Application Role, celect a new role.
    3. Click Save.
  4. To delete a user role assignment:
    1. Under User Role Assignments, select a user name.
      The User Assignment dialog appears.
    2. Click Delete.

Tip:

Application users are not exported as part of your application. When you deploy your application you will need to manually manage your user to role assignments. Roles are exported as part of an application export and imported with application imports.

See Also:

"Exporting an Application and Application Components"

Parent topic: Managing Roles and User Assignments