Providing Security Through Authorization

Authorization is a broad term for controlling access to resources based on user privileges. While conditions control the rendering and processing of specific page controls or components, authorization schemes control user access to specific controls or components.

Topics in this section include:

How Authorization Schemes Work

An authorization scheme extends the security of your application's authentication scheme. You can specify an authorization scheme for an entire application, page, or specific control such as a region, item, or button. For example, you could use an authorization scheme to selectively determine which tabs, regions, or navigation bars a user sees.

An authorization scheme either succeeds or fails. If a component or control level authorization scheme succeeds, the user can view the component or control. If it fails, the user cannot view the component or control. If an application or page-level authorization scheme fails, then Oracle Application Express displays a previously defined message.

When you define an authorization scheme, you give it a unique name. Once defined, you can attach it to any component or control in your application. To attach an authorization scheme to a component or control in your application, simply navigate to the appropriate attributes page and select an authorization scheme from the Authorization Scheme list.

Creating an Authorization Scheme

Before you can attach an authorization scheme to an application or an application component or control, you must first create it.

To create an authorization scheme:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authorization Schemes.

  5. Click Create.

  6. Specify how to create an authorization scheme by selecting one of the following:

    • From Scratch

    • As a Copy of an Existing Authorization Scheme

  7. Follow the on-screen instructions.

Editing Attributes of an Existing Authorization Scheme

To edit attributes of an existing authorization scheme:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authorization Schemes.

    The Authorization Schemes page appears. By default, each scheme displays as an icon.

  5. To access a detail view of all schemes, select Details from the View list.

    The Authorization Schemes page appears. You can change the appearance of the page by making a selection from the View list. Available options include:

    • Icons (the default) displays each authentication scheme as a large icon. To edit an authorization scheme, click the appropriate icon.

    • Details displays each application item as a line in a report. To edit an authorization scheme, select the scheme name.

About the Evaluation Point Attribute

You can specify when your authorization scheme is validated in the Evaluation Point attribute. You can choose to have your authorization scheme validated once for each session or once for each page view.

Keep in mind, if you specify that an authorization scheme should be evaluated once for each session and the authorization scheme passes, the underlying code, test, or query will not be executed again for the duration of the application session. If your authorization scheme consists of a test whose results might change if evaluated at different times during the session, then you should specify that the evaluation point be once for each page view.

About Resetting Authorization Scheme State

If an authorization scheme is validated once for each session, Oracle Application Express caches the validation results in each user's session cache. You can reset a session's authorization scheme state by calling the APEX_UTIL.RESET_AUTHORIZATIONS API.

Calling this procedure nulls out any previously cached authorization scheme results for the current session. Be aware that this procedure takes no arguments and is part of the publicly executable APEX_UTIL package.

See Also:

"RESET_AUTHORIZATIONS Procedure" in Oracle Application Express API Reference

Attaching an Authorization Scheme to an Application, Page, or Components

Once you have created an authorization scheme you can attach it to an entire application, page, control, or component.

Topics in this section include:

Attaching an Authorization Scheme to an Application

To attach an authorization scheme to an application:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. Click the Shared Components icon.

    The Shared Components page appears.

  4. Under Security, click Edit Security Attributes.

  5. Scroll down to Authorization and make a selection from the Authorization Scheme list.

Attaching an Authorization Scheme to a Page

To attach an authorization scheme to a page:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. Select a page.

  4. Under Page Rendering, locate the section with the title of Page.

    Description of pg_def_edit_pg_att.gif follows
    Description of the illustration pg_def_edit_pg_att.gif

  5. Click Edit page attributes icon.

  6. Scroll down to Security and make a selection from the Authorization Scheme list.

Attaching an Authorization Scheme to a Control or Component

To attach an authorization scheme to a page component or control:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. Select a page.

  4. Click the name of the component or control to which you want to apply the authorization scheme.

  5. Scroll down to Security and make a selection from the Authorization Scheme list.

Viewing Authorization Reports

You can use the Authorization Scheme Subscription and Authorization Scheme Utilization reports to better manage authorization schemes within your application.

To view authorization scheme reports:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authorization Schemes.

  5. Click the appropriate tab at the top of the page:

    • Subscription

    • Utilization

Subscription

Use the Authorization Scheme Subscription report to view details about authorization schemes subscription.

Utilization

Use the Authorization Scheme Utilization report to view details about authorization schemes utilization.

To view additional reports indicating which pages having authorization schemes and which do not, select one of the following from the Tasks list:

  • Report Pages With Authorization Schemes

  • Report Pages Without Authorization Schemes