20.5.2 Creating and Editing an Authorization Scheme
Learn how to create and edit an authorization scheme. Before you can attach an authorization scheme to an application or an application component or control, you must first create it.
- About Authorization Scheme Types
Select an authorization scheme type when you create an authorization scheme. - Creating an Authorization Scheme
Create an authorization scheme on the Shared Components page. - Editing Attributes of an Existing Authorization Scheme
Edit attributes of an existing authorization scheme. - Changing the Evaluation Point Attribute
Control when an authorization scheme is validated using the Evaluation Point, Validate authorization scheme attribute. - About Resetting Authorization Scheme State
Call an API to reset a session's authorization scheme state.
Parent topic: Providing Security Through Authorization
20.5.2.1 About Authorization Scheme Types
Select an authorization scheme type when you create an authorization scheme.
The authorization scheme type determines how an authorization scheme is applied. Developers can create new authorization type plug-ins to extend this list.
Table 20-1 Authorization Scheme Types
Authorization Scheme Types | Description |
---|---|
Exists SQL Query | Enter a query that causes the authorization scheme to pass if it returns at least one row and causes the scheme to fail if it returns no rows |
NOT Exists SQL Query | Enter a query that causes the authorization scheme to pass if it returns no rows and causes the scheme to fail if it returns one or more rows |
PL/SQL Function Returning Boolean | Enter a function body. If the function returns true, the authorization succeeds. |
Item in Expression 1 is NULL | Enter an item name. If the item is null, the authorization succeeds. |
Item in Expression 1 is NOT NULL | Enter an item name. If the item is not null, the authorization succeeds. |
Value of Item in Expression 1 Equals Expression 2 | Enter and item name and value. The authorization succeeds if the item's value equals the authorization value. |
Value of Item in Expression 1 Does NOT Equal Expression 2 | Enter an item name and a value. The authorization succeeds if the item's value is not equal to the authorization value. |
Value of Preference in Expression 1 Does NOT Equal Expression 2 | Enter an preference name and a value. The authorization succeeds if the preference's value is not equal to the authorization value. |
Value of Preference in Expression 1 Equals Expression 2 | Enter an preference name and a value. The authorization succeeds if the preference's value equal the authorization value. |
Is In Group |
Enter a group name. The authorization succeeds if the group is enabled as a dynamic group for the session. See APEX_AUTHORIZATION.ENABLE_DYNAMIC_GROUPS in Oracle APEX API Reference. If the application uses APEX Accounts Authentication, this check also includes workspace groups that are granted to the user. If the application uses Database Authentication, this check also includes database roles that are granted to the user. |
Is Not In Group | Enter a group name. The authorization succeeds if the group is not enabled as a dynamic group for the session. |
Parent topic: Creating and Editing an Authorization Scheme
20.5.2.2 Creating an Authorization Scheme
Create an authorization scheme on the Shared Components page.
To create an authorization scheme:
- On the Workspace home page, click the App Builder icon.
- Select an application.
-
On the Application home page, click Shared Components.
The Shared Components page appears.
- Under Security, select Authorization Schemes.
- Click Create.
- Specify how to create an authorization scheme by selecting one of the following:
- From Scratch
- As a Copy of an Existing Authorization Scheme
-
On Create Authorization Scheme - Details:
- Name - Enter an unique name that identifies this authorization scheme.
- Scheme Type - Select how this authorization scheme will be applied. See About Authorization Scheme Types.
- Identify error message displayed when scheme violated - Enter error text that displays if the authorization scheme fails (that is, the current user fails the security check).
- Validate Authorization Scheme - Authorization schemes are evaluated on first use in a session. Use this option to controls if future uses cause re-evaluations and when a memorized result can be taken instead.
For more details, see field-level Help.
- Click Create Authorization Scheme.
20.5.2.3 Editing Attributes of an Existing Authorization Scheme
Edit attributes of an existing authorization scheme.
To edit attributes of an existing authorization scheme:
Parent topic: Creating and Editing an Authorization Scheme
20.5.2.4 Changing the Evaluation Point Attribute
Control when an authorization scheme is validated using the Evaluation Point, Validate authorization scheme attribute.
Authorization schemes are evaluated on first use in a session. The Validate authorization scheme attribute controls if future uses cause re-evaluations and when a memorized result can be taken instead.
To change the authorization scheme evaluation point:
Tip:
The default value Once per session is the most efficient. You should choose another value if the authorization check depends on changing session state or other factors that are not consistent over an entire session.
Parent topic: Creating and Editing an Authorization Scheme
20.5.2.5 About Resetting Authorization Scheme State
Call an API to reset a session's authorization scheme state.
If an authorization scheme is validated once for each session, Oracle APEX caches the validation results in each user's session cache. You can reset a session's authorization scheme state by calling the APEX_AUTHORIZATION.RESET_CACHE
API.
See Also:
APEX_AUTHORIZATION.RESET_CACHE
Procedure in Oracle APEX API
Reference
Parent topic: Creating and Editing an Authorization Scheme