Discussions
Categories
- 382.6K All Categories
- 2.1K Data
- 212 Big Data Appliance
- 1.9K Data Science
- 448.4K Databases
- 221.1K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 25 Multilingual Engine
- 541 MySQL Community Space
- 469 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 499 SQLcl
- 3.9K SQL Developer Data Modeler
- 186.3K SQL & PL/SQL
- 21.1K SQL Developer
- 293.8K Development
- 9 Developer Projects
- 130 Programming Languages
- 290.5K Development Tools
- 96 DevOps
- 3K QA/Testing
- 645.6K Java
- 24 Java Learning Subscription
- 36.9K Database Connectivity
- 151 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.9K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 17 Java Essentials
- 146 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 200 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 292 LiveLabs
- 36 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 168 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 234 Portuguese
Conditionally access page
Hi,
I have an application with set authentication method (Custom, based on a table) and have set authorization scheme on all pages.
Now I have a requirement to conditionally access some pages based on a condition computed after user logs in. I set an application item with that computed value, and can use it as condition in navigation menu to not show some entries.
But that does not prevent user to access that pages with direct link to a page.
So, my question is, how can I prevent user from accessing a page based on a condition that is stored in an application item?
Using APEX 5.1.4.
TIA,
Davor
Best Answer
-
Davor Maric wrote:I have nine authorization schemes, for each type of user, and not all pages that are currently using one authorization scheme do need to be conditionally restricted. So I would need to double the number of authorization schemes which does not look very elegant.
That problem is caused by designing authorization schemes "for each type of user". The key to effectively using APEX authorization schemes is to base them on the operations that pages and components support, not on user roles. The reason for this is that typically an operation may be carried out by more than one role.
Answers
-
Hi,
you can create another authorization scheme that uses the application item set after the login procedure.
You will then use this new auth scheme on those pages.
Hope this helps
Marios
-
Also, rather than set the same authorization scheme on each page (and risk missing it on one), you can set an authorization scheme for the application as a whole, on the Security Attributes page.
-
I have nine authorization schemes, for each type of user, and not all pages that are currently using one authorization scheme do need to be conditionally restricted. So I would need to double the number of authorization schemes which does not look very elegant.
-
I'm using different authorization schemes on different pages, so I can not use one global scheme.
-
Davor Maric wrote:I have nine authorization schemes, for each type of user, and not all pages that are currently using one authorization scheme do need to be conditionally restricted. So I would need to double the number of authorization schemes which does not look very elegant.
That problem is caused by designing authorization schemes "for each type of user". The key to effectively using APEX authorization schemes is to base them on the operations that pages and components support, not on user roles. The reason for this is that typically an operation may be carried out by more than one role.
-
Well, my authorization schemes are sort of matrix between functionalities and roles (user types), like
CLEANING_MANAGERSCLEANING_SUPERVISORS
CLEANING_ALLMAINTENANCE_MANAGERS
...
It is set this way as APEX allows you to set only one authorization scheme per page.
In the authorization procedure I check whether for the current authorization scheme (p_rola in code) current user has proper role assigned.
Authorazation schemes are defined as a call to my auth function, like;
RETURN dom_auth.autorizacija(:APP_USER,'Ciscenje_Nadzornica') = 1;
FUNCTION autorizacija( p_dje_kor_ime IN VARCHAR2, p_rola IN VARCHAR2 ) RETURN NUMBER IS l_ovlastenje NUMBER (1) := 0; BEGIN CASE UPPER(p_rola) WHEN 'CISCENJE_SVI' THEN SELECT 1 INTO l_ovlastenje FROM djelatnici dje JOIN tipovi_djelatnika tdj ON dje.tdj_id = tdj.tdj_id WHERE UPPER(kor_ime) = UPPER(p_dje_kor_ime) AND tdj.sifra IN('DOMACICA','NADZORNICA','SOBARICA','VODITELJ_OBJEKTA','SEF_RECEPCIJE','RECEPCIONER','ADMINISTARATOR','SISTEM_ADMIN'); WHEN 'CISCENJE_NADZORNICA' THEN SELECT 1 INTO l_ovlastenje FROM djelatnici dje JOIN tipovi_djelatnika tdj ON dje.tdj_id = tdj.tdj_id WHERE UPPER(kor_ime) = UPPER(p_dje_kor_ime) AND tdj.sifra IN('DOMACICA','NADZORNICA','VODITELJ_OBJEKTA','ADMINISTARATOR','SISTEM_ADMIN');...Problem is that this new requirement is for only some of functionalities of certain group, like, in the CLEANING part of the app, I now have to ban users for only some pages, and have to do it dynamically, after user logs on I check to see if flag is set in the database to allow him certain function.
-
In the end I decided to rearrange all Authorization schemes based on functions, and do the function-user type mapping in the procedure.
Thanks for the help.
Regards,
Davor