Forum Stats

  • 3,781,636 Users
  • 2,254,533 Discussions
  • 7,879,770 Comments

Discussions

Conditionally access page

Davor Maric
Davor Maric Member Posts: 81 Red Ribbon
edited May 18, 2018 8:13AM in APEX Discussions

Hi,

I have an application with set authentication method (Custom, based on a table) and have set authorization scheme on all pages.

Now I have a requirement to conditionally access some pages based on a condition computed after user logs in. I set an application item with that computed value, and can use it as condition in navigation menu to not show some entries.

But that does not prevent user to access that pages with direct link to a page.

So, my question is, how can I prevent user from accessing a page based on a condition that is stored in an application item?

Using APEX 5.1.4.

TIA,

Davor

Tagged:
Mahmoud_RabieMarios S. PaourisDavor Maric

Best Answer

  • fac586
    fac586 Senior Technical Architect Member Posts: 20,336 Red Diamond
    edited May 17, 2018 7:00AM Accepted Answer
    Davor Maric wrote:I have nine authorization schemes, for each type of user, and not all pages that are currently using one authorization scheme do need to be conditionally restricted. So I would need to double the number of authorization schemes which does not look very elegant.

    That problem is caused by designing authorization schemes "for each type of user". The key to effectively using APEX authorization schemes is to base them on the operations that pages and components support, not on user roles. The reason for this is that typically an operation may be carried out by more than one role.

    See

    Davor Maric

Answers

  • Marios S. Paouris
    Marios S. Paouris Member Posts: 26
    edited May 17, 2018 4:06AM

    Hi,

    you can create another authorization scheme that uses the application item set after the login procedure.

    You will then use this new auth scheme on those pages.

    Hope this helps

    Marios

    Mahmoud_Rabie
  • Neil Clare
    Neil Clare Member Posts: 258 Silver Badge
    edited May 17, 2018 4:15AM

    Also, rather than set the same authorization scheme on each page (and risk missing it on one), you can set an authorization scheme for the application as a whole, on the Security Attributes page.

    Mahmoud_RabieMarios S. Paouris
  • Davor Maric
    Davor Maric Member Posts: 81 Red Ribbon
    edited May 17, 2018 6:31AM

    I have nine authorization schemes, for each type of user, and not all pages that are currently using one authorization scheme do need to be conditionally restricted. So I would need to double the number of authorization schemes which does not look very elegant.

  • Davor Maric
    Davor Maric Member Posts: 81 Red Ribbon
    edited May 17, 2018 6:33AM

    I'm using different authorization schemes on different pages, so I can not use one global scheme.

  • fac586
    fac586 Senior Technical Architect Member Posts: 20,336 Red Diamond
    edited May 17, 2018 7:00AM Accepted Answer
    Davor Maric wrote:I have nine authorization schemes, for each type of user, and not all pages that are currently using one authorization scheme do need to be conditionally restricted. So I would need to double the number of authorization schemes which does not look very elegant.

    That problem is caused by designing authorization schemes "for each type of user". The key to effectively using APEX authorization schemes is to base them on the operations that pages and components support, not on user roles. The reason for this is that typically an operation may be carried out by more than one role.

    See

    Davor Maric
  • Davor Maric
    Davor Maric Member Posts: 81 Red Ribbon
    edited May 17, 2018 11:47AM

    Well, my authorization schemes are sort of matrix between functionalities and roles (user types), like
    CLEANING_MANAGERS

    CLEANING_SUPERVISORS
    CLEANING_ALL

    MAINTENANCE_MANAGERS

    ...

    It is set this way as APEX allows you to set only one authorization scheme per page.

    In the authorization procedure I check whether for the current authorization scheme (p_rola in code) current user has proper role assigned.

    Authorazation schemes are defined as a call to my auth function, like;

    RETURN dom_auth.autorizacija(:APP_USER,'Ciscenje_Nadzornica') = 1;

      FUNCTION autorizacija(    p_dje_kor_ime IN VARCHAR2,    p_rola IN VARCHAR2    ) RETURN NUMBER    IS         l_ovlastenje  NUMBER (1) := 0;  BEGIN    CASE UPPER(p_rola)    WHEN 'CISCENJE_SVI' THEN      SELECT 1 INTO l_ovlastenje      FROM djelatnici dje      JOIN tipovi_djelatnika tdj ON dje.tdj_id = tdj.tdj_id      WHERE UPPER(kor_ime) = UPPER(p_dje_kor_ime)      AND tdj.sifra IN('DOMACICA','NADZORNICA','SOBARICA','VODITELJ_OBJEKTA','SEF_RECEPCIJE','RECEPCIONER','ADMINISTARATOR','SISTEM_ADMIN');    WHEN 'CISCENJE_NADZORNICA' THEN      SELECT 1 INTO l_ovlastenje      FROM djelatnici dje      JOIN tipovi_djelatnika tdj ON dje.tdj_id = tdj.tdj_id      WHERE UPPER(kor_ime) = UPPER(p_dje_kor_ime)      AND tdj.sifra IN('DOMACICA','NADZORNICA','VODITELJ_OBJEKTA','ADMINISTARATOR','SISTEM_ADMIN');...

    Problem is that this new requirement is for only some of functionalities of certain group, like, in the CLEANING part of the app, I now have to ban users for only some pages, and have to do it dynamically, after user logs on I check to see if flag is set in the database to allow him certain function.

  • Davor Maric
    Davor Maric Member Posts: 81 Red Ribbon
    edited May 18, 2018 8:13AM

    In the end I decided to rearrange all Authorization schemes based on functions, and do the function-user type mapping in the procedure.

    Thanks for the help.

    Regards,

    Davor

    Marios S. Paouris
This discussion has been closed.