I have a quick question please don't be offended by it.
I have an application and I just recently add a new page in a new tab in this application. This page is only available to user is specific access rights.
I want to add the page as well as this new tab from user who doesn't have this access right to it.
how will I do this? does the pl/sql query go in the "login" page or the page in which I want to be hidden. How will I hide the tab as well?
Thank you in advance
So you are essentially dealing with Authorization issues. If I understand your requirements correctly, you need to make the tab conditional and put some authorization on the page as well. Making the tab conditional means the tab doesn't show up and putting the authorization scheme on the page will prevent the user from accessing the page even if he or she were to navigate there through some other means.
The user guide for whatever version should give you more information about how to do this.
Hi thanks for the reply. basically I have about 10 pages in my application and i just created a new page making it 11 and this 11th page is only for admin to add and remove users. This page as it other tab "create/remove user". In my database of your access level is 10 you are an admin it is not then you are a standard users.
I am basically looking for a way to stop standard users from access this new page and also I do not want them to see this new tab as well.
hi again, I have a condition in the tab as
WHERE user_admin_level = NVL(:P1_USER,0);
IF v_admin = 10
I dont know if this will work because p1_user is in the page 1 which is the page you are send to after you logged in
I understand what you are saying Tony. I have a quick question. If I use Authorization scheme to specific what tab users see does the admin need to go to the backend if they wanted to add user because that what the new tab is. If they have to go to the backend then i wouldnt use this because this application is not to for outer world its only for office use only
How is your condition built right now?? Who maintains the table user? You create an authentication scheme with similar code to what you have provided..
Here is a thread you might want to view: APEX - Authorization Scheme Examples
I did some research and I think this is the right way to go because if you change the page number an application and the page you are trying to view as a condition which only lets admin to view, you can still view it because apex 4.0 loads everything and conditions only kicks in if you things the right way.
Thanks Tony, really appreciate it.
I need to implement this method first then I will come back and say if or not it works. I have some finally questions.
1) Will this stop someone from viewing a page that they dont have access to if they enter the page number in the url
2) because my database structure is bit weird because I have two database one(main database) had a list of all the users and the other(this application database) as a list of all the users which access to this application both admin and normal. so what this does is that if you are not in the main database you cannot access this application. So before you log in, i have a query in the login which checks that you exist in both database.
3) Do I need to change a package for authorization scheme to work?
4) Because an admin will NOT have access to the editing part of this application, what I mean is that they will not be able to edit page, add field etc. All they will only get the url because their department doesn't deal with IT stuff. So will this mean that authorization scheme method mean going to authorization scheme to do anything after they add a new user to the database?
When you use the term Database, do you really mean Database? or are you adding APEX users to a workspace?? What you need to do in authorization scheme is similar, check to see whatever condition is true to allow access... And yes, if they change the URL to change the page they are running, it should catch that if the authorization scheme is set to run on each new page and not just once per the application run..
Ultimately, you should package the authorization as a function in your schema the application lives in and make the changes in that code to support your .. interesting setup.. Once a DBA adds a new user schema, the code should be able to handle the new user as long as you set the proper properties in their schema setup..
I would suggest looking at a different method for dealing with this issue, that being look at using either APEX defined users or a custom table holding application user's information...
Dave, here's what we do. For every an administrative application that allows admins to set for every application which user and roles can access which pages. So that if we add more pages, it's all a front end setup, no programming required to add new pages, roles or users. Then we have an authorization scheme to determine whether the logged in user has access to that page.
If your authorization scheme relies on page number( :APP_PAGE_ID), you might still need a condition on your tabs as :APP_PAGE_ID is not evaluated till you come to that page.
If you have a much smaller requirement where you don't have the time or knowledge to build that framework immediately, you can still create an authorization scheme using your code(see comment about wrong filter).
IF :APP_PAGE_ID =11 then --assuming page 11 is your admin page
WHERE user_admin_level = NVL(:P1_USER,0); --I suspect this is wrong.You should be querying by user
IF v_admin = 10
return true; --since every other page is public
In this case I would assign a similar authorization scheme at an application level and use conditions on the prevent those tabs from showing as well.
Ideally you should build some sort of framework so this can be done by an admin and not a developer.