| Oracle® Application Express Application Builder User's Guide Release 3.2 E11947-03 |
|
|
PDF · Mobi · ePub |
| Oracle® Application Express Application Builder User's Guide Release 3.2 E11947-03 |
|
|
PDF · Mobi · ePub |
Authorization is a broad term for controlling access to resources based on user privileges. While conditions control the rendering and processing of specific page controls or components, authorization schemes control user access to specific controls or components.
Topics in this section include:
An authorization scheme extends the security of your application's authentication scheme. You can specify an authorization scheme for an entire application, page, or specific control such as a region, item, or button. For example, you could use an authorization scheme to selectively determine which tabs, regions, or navigation bars a user sees.
An authorization scheme either succeeds or fails. If a component or control level authorization scheme succeeds, the user can view the component or control. If it fails, the user cannot view the component or control. If an application or page-level authorization scheme fails, then Oracle Application Express displays a previously defined message.
When you define an authorization scheme, you give it a unique name. Once defined, you can attach it to any component or control in your application. To attach an authorization scheme to a component or control in your application, simply navigate to the appropriate attributes page and select an authorization scheme from the Authorization Scheme list.
Before you can attach an authorization scheme to an application or an application component or control, you must first create it.
To create an authorization scheme:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authorization Schemes.
Click Create.
Specify how to create an authorization scheme by selecting one of the following:
From Scratch
As a Copy of an Existing Authorization Scheme
Follow the on-screen instructions.
To edit attributes of an existing authorization scheme:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authorization Schemes.
The Authorization Schemes page appears. By default, each scheme displays as an icon.
To access a detail view of all schemes, select Details from the View list.
The Authorization Schemes page appears. You can change the appearance of the page by making a selection from the View list. Available options include:
Icons (the default) displays each authentication scheme as a large icon. To edit an authorization scheme, click the appropriate icon.
Details displays each application item as a line in a report. To edit an authorization scheme, select the scheme name.
You can specify when your authorization scheme is validated in the Evaluation Point attribute. You can choose to have your authorization scheme validated once for each session or once for each page view.
Keep in mind, if you specify that an authorization scheme should be evaluated once for each session and the authorization scheme passes, the underlying code, test, or query will not be executed again for the duration of the application session. If your authorization scheme consists of a test whose results might change if evaluated at different times during the session, then you should specify that the evaluation point be once for each page view.
If an authorization scheme is validated once for each session, Oracle Application Express caches the validation results in each user's session cache. You can reset a session's authorization scheme state by calling the APEX_UTIL.RESET_AUTHORIZATIONS API.
Calling this procedure nulls out any previously cached authorization scheme results for the current session. Be aware that this procedure takes no arguments and is part of the publicly executable APEX_UTIL package.
See Also:
"RESET_AUTHORIZATIONS Procedure" in Oracle Application Express API ReferenceOnce you have created an authorization scheme you can attach it to an entire application, page, control, or component.
Topics in this section include:
To attach an authorization scheme to an application:
On the Workspace home page, click the Application Builder icon.
Select an application.
Click the Shared Components icon.
The Shared Components page appears.
Under Security, click Edit Security Attributes.
Scroll down to Authorization and make a selection from the Authorization Scheme list.
To attach an authorization scheme to a page:
On the Workspace home page, click the Application Builder icon.
Select an application.
Select a page.
Under Page Rendering, locate the section with the title of Page.
Click Edit page attributes icon.
Scroll down to Security and make a selection from the Authorization Scheme list.
To attach an authorization scheme to a page component or control:
On the Workspace home page, click the Application Builder icon.
Select an application.
Select a page.
Click the name of the component or control to which you want to apply the authorization scheme.
Scroll down to Security and make a selection from the Authorization Scheme list.
You can use the Authorization Scheme Subscription and Authorization Scheme Utilization reports to better manage authorization schemes within your application.
To view authorization scheme reports:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authorization Schemes.
Click the appropriate tab at the top of the page:
Subscription
Utilization
Use the Authorization Scheme Subscription report to view details about authorization schemes subscription.
Use the Authorization Scheme Utilization report to view details about authorization schemes utilization.
To view additional reports indicating which pages having authorization schemes and which do not, select one of the following from the Tasks list:
Report Pages With Authorization Schemes
Report Pages Without Authorization Schemes
|
 Copyright © 2003, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
