Geek Answers Handbook

Authorization and user roles in Oracle Apex?

So, Apex has “workspaces” that allow you to create three types of users - all of which are internal to the organization in nature. In addition, the developer of a separate Apex site does not seem to have the ability to have “users” for his site only.

Did I miss something?

I need external (business) users to be able to access some functions of the site, for example, accounting can only be displayed on pages A and B, while managers can see A, B and C.

I need to be able to have several groups of people with varying degrees of access.

Can this be done only by creating workspaces / groups? Or can this be done internally only on my site?

+7
source share
4 answers

Although APEX has a built-in user management concept called Groups, I have to admit that I never used it, and a quick read of the documentation doesn't let me know how you use them for access control (but see Tom answer for this).

You will probably need to create user / role tables in your database and use them in conjunction with APEX authorization schemes to control access to pages. A single authorization scheme of the type "PL / SQL function that returns a boolean value" can be created using the function body:

return my_auth_pkg.is_authorized (p_user => :app_user, p_app_id => :app_id p_page_id => :app_page_id);

Then you implement the package to search for user privileges and decide whether to return TRUE or FALSE for the application and page ID. enter image description here

Alternatively, you can simply execute SQL to verify access directly in the authorization scheme: enter image description here

(NB "user_roles" and "role_pages" are the names that I compiled to represent your tables)

+7
source

I just want to expand Tony's answer , which in itself is correct. I just want to show you another way, which, in my opinion, will be easier for beginners and omits table creation.

If your application uses Apex as an authentication scheme, your users are managed by the administration of the workspace itself. You can create, edit, and delete users, but you can also define groups and associate users with groups. You can create multiple "end user" users and define a pair of groups, such as "Leaders".

Apex users and groupsCreation of a group When you have created your group, go to the user to whom you want to assign this group and add the group to the groups of this user.

Adding a group to a user

Once you configure this setting, you still need authorization schemes. The fact remains that you need pl / sql knowledge here, but coding can be minimized thanks to some convenient api-work. Defining an authorization based on apex groups current_user_in_group does what he says: he checks the current user if he says he is assigned to the group. With some extensions using some simple IF structures, you can slightly increase it!

Not that I fully recommend this method, I find it a bit tedious, and you need someone to log into APEX to actually support users and their groups, but it is possible that this is acceptable in your environment. You could use it to start with this. You can easily switch from authentication schemes, and by changing your authorization schemes to fit the new auth scheme, you can easily and quickly adjust this later. It depends on your priorities and goals.

+7
source

Authorization is the process of determining whether an authenticated / identified person is allowed to access a resource or perform an operation. It is based on a set of privileges or roles assigned to a user. For example, in an Oracle database, an administrator has the right to assign tasks, but a user cannot. How is authorization different from authentication? Often authentication and authorization work together. In other words, authorization follows authentication. Authentication determines who you are? Authorization determines what you are allowed to do?

0
source

Thanks so much for the solution. I have one question. Is it possible to create an Authorization Scheme that allows access for users from two different user groups? To demonstrate what I mean ... something like this:

"return apex_util.current_user_in_group (p_group_name =>" Leaders "or" Employees ");"

0
source

More articles:


All Articles