3 Replies Latest reply: Mar 6, 2013 10:42 AM by Nuenhundretfunfundsiebzig RSS

    Custom Authentication  - Read Only access  - in Apex3.0

    Nuenhundretfunfundsiebzig
      I have an application in Apex 3.0 that has 3 levels of authorization.
      1. Can view everything and edit everything
      2. Can read everything but can not edit anything
      3. Can only view some pages not all but can't edit anything

      I created an access control administration page and an authentication
      function.
      On the main menu page, If I say authorization is edit privileges, this
      works fine. When a user who only has view access logs on, they only
      see links to the pages they have access to see.

      What I cant figure out is the 2nd level, users can read something
      but not edit it
      Each item on a page has a read only section
      If I say something like Read only is an SQL expression :APP_USER in ('user 1','user 2')
      this works fine; these users see the items but not edit them
      But this means that I have to hard code each user id on every item and edit each item every
      a new user is added

      If I say the page or the item has authorization = edit privileges, than the users with
      view only access dont see anything. That's not what I want. I want them to see it, but not edit it.

      I tried to add something to the read only section of an item that said like
      sql expression :admin_privileges = 'EDIT' ( this is a column on the APEX_ACCESS_CONTROL table)
      but same results, instead of read only, the view only users saw nothing

      Any thoughts on how I can allow people to view but not edit?

      Alternatively is there someway to says users are members of a group and say each item is read only for that group?
        • 1. Re: Custom Authentication  - Read Only access  - in Apex3.0
          TexasApexDeveloper
          Authorization scheme for EACH page item? Such that the items would be read-only for level 2 people and also help with item 3..

          re: http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/sec_authorization.htm

          Thank you,

          Tony Miller
          Ruckersville, VA
          • 2. Re: Custom Authentication  - Read Only access  - in Apex3.0
            Nuenhundretfunfundsiebzig
            I've looked at the 3.0 version of this ( that is what this client has)

            http://docs.oracle.com/cd/B28359_01/appdev.111/b32258/sec.htm#BABEDFGB


            What I see is what's described on the first page: you could use an authorization scheme to selectively determine which tabs, regions, or navigation bars a user sees.

            I want some users to be able to see everything, but just see it as read only.
            What I'm seeing in this Security Through Authorization documentation is I can set a security level to say EDIT , then any user who has a security level below EDIT ( ie VIEW) doesn't see that component at all. This is not what I need

            Am I missing something?

            I find documentation on how to set an individual element to read only:

            http://docs.oracle.com/cd/B28359_01/appdev.111/b32258/bldapp.htm#sthref1083

            And this works; but it means that for each item, I need to list each user who is read only. Not very realistic solution to have to edit 50 items every time a new user is added
            • 3. Re: Custom Authentication  - Read Only access  - in Apex3.0
              Nuenhundretfunfundsiebzig
              I can get this read only function to work by putting in a read only condition on each ITEM. I don't see any place where I can put a read only condition on a page or at the application level. The Apex authorization levels are Admin, Edit and View. If a page is set to VIEW all users with VIEW access and above see the same thing ( I.e. if someone can edit it they all can all edit it). If I set the page access to EDIT, then users with view access can not see anything.

              I can get around this if I add an SQL expression at each ITEM level that says something like read only if :APP_USER LIKE 'V%'.
              So if I give one set of users IDs that start with 'V', this will work.
              It still means I have to hard code each individual ITEM, but at least I only have to do it once and don't have to change it if new users are added.

              It would be better if there was a way to use authentication to set the entire page to read only instead of just able to view and not able to view, but I haven't found anyway to do this