This discussion is archived
1 2 3 Previous Next 31 Replies Latest reply: Oct 30, 2013 3:26 AM by mario.alcalde RSS

hide page from normal users

dave_414 Newbie
Currently Being Moderated

I have a quick question please don't be offended by it.

 

I have an application and I just recently add a new page in a new tab in this application. This page is only available to user is specific access rights.

 

I want to add the page as well as this new tab from user who doesn't have this access right to it.

 

how will I do this? does the pl/sql query go in the "login" page or the page in which I want to be hidden. How will I hide the tab as well?

 

 

Thank you in advance

  • 1. Re: hide page from normal users
    Kofi Journeyer
    Currently Being Moderated

    Hi Dave(?).

    So you are essentially dealing with Authorization issues. If I understand your requirements correctly,  you need to make the tab conditional and put some authorization on the page as well.  Making the tab conditional means the tab doesn't show up and putting the authorization scheme on the page will prevent the user from accessing the page even if he or she were to navigate there through some other means.

     

    The user guide for whatever version should give you more information about how to do this.

    Kofi

  • 2. Re: hide page from normal users
    Pars Pro
    Currently Being Moderated

    create authorization scheme for admin or user who saw page and put that scheme in

    edit page>>security>>authorization scheme select created athorization scheme.

     

    Pars.

  • 3. Re: hide page from normal users
    Vishal Pathak (OBIEE-APEX) Journeyer
    Currently Being Moderated

    go to shared components -> tabs

     

    go to the necessary tab and apply the condition on it

     

    let me know if this answers your query in the current thread

     

    Message was edited by: VishalPathak(OBIEE-APEX)

  • 4. Re: hide page from normal users
    dave_414 Newbie
    Currently Being Moderated

    Hi thanks for the reply. basically I have about 10 pages in my application and i just created a new page making it 11 and this 11th page is only for admin to add and remove users. This page as it other tab "create/remove user". In my database of your access level is 10 you are an admin it is not then you are a standard users.

     

    I am basically looking for a way to stop standard users from access this new page and also I do not want them to see this new tab as well.

  • 5. Re: hide page from normal users
    dave_414 Newbie
    Currently Being Moderated

    hi again, I have a condition in the tab as

     

    DECLARE

      v_admin number(2);

       BEGIN

      SELECT max(user_admin_level)

      INTO v_admin

      FROM USER

      WHERE user_admin_level = NVL(:P1_USER,0);

      IF v_admin = 10

      THEN

        return TRUE;

      ELSE

        return FALSE;

      END IF;

    END;

     

    I dont know if this will work because p1_user is in the page 1 which is the page you are send to after you logged in

  • 6. Re: hide page from normal users
    Vishal Pathak (OBIEE-APEX) Journeyer
    Currently Being Moderated

    is your tab not functioning according to this condition?

  • 7. Re: hide page from normal users
    TexasApexDeveloper Guru
    Currently Being Moderated

    DO NOT recommend conditions, instead you should be recommending an Authorization scheme..  Conditions can be bypassed by Advanced users..

     

    Thank you,

     

    Tony Miller

    LuvMuffin Software

  • 8. Re: hide page from normal users
    dave_414 Newbie
    Currently Being Moderated

    I understand what you are saying Tony. I have a quick question. If I use Authorization scheme to specific what tab users see does the admin need to go to the backend if they wanted to add user because that what the new tab is. If they have to go to the backend then i wouldnt use this because this application is not to for outer world its only for office use only

  • 9. Re: hide page from normal users
    TexasApexDeveloper Guru
    Currently Being Moderated

    How is your condition built right now??  Who maintains the table user?  You create an authentication scheme with similar code to what you have provided..

     

    Here is a thread you might want to view: APEX - Authorization Scheme Examples

     

    Thank you,

     

    Tony Miller

    LuvMuffin Software

  • 10. Re: hide page from normal users
    dave_414 Newbie
    Currently Being Moderated

    I did some research and I think this is the right way to go because if you change the page number an application and the page you are trying to view as a condition which only lets admin to view, you can still view it because apex 4.0 loads everything and conditions only kicks in if you things the right way.

     

    Thanks Tony, really appreciate it.

  • 11. Re: hide page from normal users
    TexasApexDeveloper Guru
    Currently Being Moderated

    Glad to be of help....  if thread is answered, please mark as such and assign points where earned..

     

    Thank you,

     

    Tony Miller

    LuvMuffin Software

  • 12. Re: hide page from normal users
    dave_414 Newbie
    Currently Being Moderated

    I need to implement this method first then I will come back and say if or not it works. I have some finally questions.

     

     

    1) Will this stop someone from viewing a page that they dont have access to if they enter the page number in the url

     

    2) because my database structure is bit weird because I have two database one(main database) had a list of all the users and the other(this application database) as a list of all the users which access to this application both admin and normal. so what this does is that if you are not in the main database you cannot access this application. So before you log in, i have a query in the login which checks that you exist in both database.

     

    3) Do I need to change a package for authorization scheme to work?

     

    4) Because an admin will NOT have access to the editing part of this application, what I mean is that they will not be able to edit page, add field etc. All they will only get the url because their department doesn't deal with IT stuff.  So will this mean that authorization scheme method mean going to authorization scheme to do anything after they add a new user to the database?

  • 13. Re: hide page from normal users
    TexasApexDeveloper Guru
    Currently Being Moderated

    When you use the term Database, do you really mean Database?  or are you adding APEX users to a workspace??  What you need to do in authorization scheme is similar, check to see whatever condition is true to allow access...  And yes, if they change the URL to change the page they are running, it should catch that if the authorization scheme is set to run on each new page and not just once per the application run..

     

    Ultimately, you should package the authorization as a function in your schema the application lives in and make the changes in that code to support your .. interesting setup..  Once a DBA adds a new user schema, the code should be able to handle the new user as long as you set the proper properties in their schema setup..

     

    I would suggest looking at a different method for dealing with this issue, that being look at using either APEX defined users or a custom table holding application user's information...

     

    Thank you,

     

    Tony Miller

    LuvMuffin Software

  • 14. Re: hide page from normal users
    Kofi Journeyer
    Currently Being Moderated

    Dave, here's what we do. For every an administrative application that allows admins to set for every application which user and roles can access which pages. So that if we add more pages, it's all a front end setup, no programming required to add new pages, roles or users. Then we have an authorization scheme to determine whether the logged in user has access to that page.

    If your authorization scheme relies on page number( :APP_PAGE_ID), you might still need a condition on your tabs as :APP_PAGE_ID is not evaluated till you come to that page.

    If you have a much smaller requirement where you don't have the time or knowledge to build that framework immediately, you can still create an authorization scheme using your code(see comment about wrong filter).

     

    DECLARE

      v_admin number(2);

       BEGIN

         IF :APP_PAGE_ID =11 then --assuming page 11 is your admin page

              SELECT max(user_admin_level)

                INTO v_admin

                FROM USER

                WHERE user_admin_level = NVL(:P1_USER,0); --I suspect this is wrong.You should be querying by user

          

              IF v_admin = 10

                     THEN

                  return TRUE;

               ELSE

                  return FALSE;

                END IF;

         ELSE

            return true; --since every other page is public

         END IF;

    END;

     

    In this case I would assign a similar authorization scheme at an application level and use conditions on the prevent those tabs from showing as well.

    Ideally you should build some sort of framework so this can be done by an admin and not a developer.

    Kofi

1 2 3 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points