Best Approach to create Security / Authorization Schema for an APEX Apps
Hi,
I am planning to create a Security / Authorization Schema for an APEX Application.
Just want to know what is the best approach to create the security feature in APEX, so that it should be re-used in other APEXApplications too..
I am looking for following features...
1. users LOGIN and then user's name is stored in APEX_USER...
2. Based on the user, I want to restrict the Application on following levels.
- TABS
- TABS - Page1 (Report
- Page2 (Form)
- Page2 (Region1)
- Page2 (Region1, Button1)
- Page2 (Region1, Items,....)
AND so on.....basically depending on user....he will have access to certain TABS, Pages, Regions, Buttons, Items...
I know, we have to create the Authorization Schema for this and then attach these Authorization Schema to the different Level we want.
My Question is, what should be the TABLE structure to capture these info for each user...where we will say...this USER will have following access...AND then we create Authorization Schema from this table...
Also what should be the FRONT end, we should have to enter these detail...
SO, wondering, lot of people may already have implemented this feature....so if guys can provide the BEST Approach (re-usable for other APEX Application)....that will be really nice..
Thanks,
Deepak
Hi Raghu,
thanks for the detial info.
so that means..I should have 2 table...
master table (2 columns - username, password)
username password
user1 xxxx
user2 xxxx2nd table (2 columns - username, chq_disp_option)
- In this table, we don't have Y/N Flag you mentioned..
- If we have to enter all the regions/tabs/pages in the Applications here or just those regions/tabs/pages for which are conditionally diaplayed.
- so that means in all the Pages/Regions/tabs/items in the entire Application, we have to call the Conditionally display..
- suppose we have 3 tabs, 5 pages, 6 regions, 15 items..that means in this table we have to enter (3+5+6+15) = 29 records for each individual users..
username chq_disp_option
user1 re_region1
user1 re_region2
user1 tb_main
user1 Page1
user1 Page5
---- ---- - how you are defining unique name for Regions..i mean in static ID or the Title
- is the unique name for tab & item is same as the TAB_NAME (T_HOME) & Item Name (P1_ITEM1) or you are defining somewhere else.
Thanks,
Deepak
Similar Messages
-
Create Authorization Scheme for LDAP Groups
I have installed APEX 4.0 in my staging environment and got the LDAPS to finally work. I can now login to the application with my LAN user name and password. The only problem is so can everyone else on the LAN. So I wanted to create an authorization scheme that would only allow a certain group or groups of LDAP users into the application rather than everyone.
I am at the Create Authorization Scheme page and am kind of stuck. Has anyone done this before and can share some SQL or knowledge?hi larosejh
If you want to do that you must write your own procedures using the dbms_ldap package. I found some code a while back that searches the LDAP. Maybe you can use this to create a function for your authentication.
DECLARE
retval PLS_INTEGER;
my_session DBMS_LDAP.session;
my_attrs DBMS_LDAP.string_collection;
my_message DBMS_LDAP.message;
my_entry DBMS_LDAP.message;
entry_index PLS_INTEGER;
my_dn VARCHAR2(256);
my_attr_name VARCHAR2(256);
my_ber_elmt DBMS_LDAP.ber_element;
attr_index PLS_INTEGER;
i PLS_INTEGER;
my_vals DBMS_LDAP.STRING_COLLECTION ;
ldap_host VARCHAR2(256);
ldap_port VARCHAR2(256);
ldap_user VARCHAR2(256);
ldap_passwd VARCHAR2(256);
ldap_base VARCHAR2(256);
BEGIN
retval := -1;
-- Please customize the following variables as needed
ldap_host := 'host';
ldap_port := '389';
-- In case of update/insert/delete need change ldap_user to other.
-- ldap_user := 'cn=orcladmin';
-- ldap_passwd:= 'welcome';
-- set User and password to NULL for anonymous user.
ldap_user := 'user';
ldap_passwd:= 'password';
ldap_base := 'CN=Users,DC=ee,DC=intern';
-- end of customizable settings
-- Start output Header--
DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
DBMS_OUTPUT.PUT('> DBMS_LDAP Search Example ');
DBMS_OUTPUT.PUT_LINE('');
DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Host ',25,' ') || ': ' || ldap_host);
DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Port ',25,' ') || ': ' || ldap_port);
-- Choosing exceptions to be raised by DBMS_LDAP library.
DBMS_LDAP.USE_EXCEPTION := TRUE;
my_session := DBMS_LDAP.init(ldap_host,ldap_port);
DBMS_OUTPUT.PUT_LINE (RPAD('> Ldap session ',25,' ') || ': ' ||
RAWTOHEX(SUBSTR(my_session,1,8)) ||
'(returned from init)');
-- bind to the directory
retval := DBMS_LDAP.simple_bind_s(my_session,
ldap_user, ldap_passwd);
DBMS_OUTPUT.PUT_LINE(RPAD('> simple_bind_s Returns ',25,' ') || ': '
|| TO_CHAR(retval));
-- issue the search
my_attrs(1) := 'dn'; -- retrieve all attributes
retval := DBMS_LDAP.search_s(my_session, ldap_base,
DBMS_LDAP.SCOPE_SUBTREE,
'objectclass=*',
my_attrs,
0,
my_message);
DBMS_OUTPUT.PUT_LINE(RPAD('> search_s Returns ',25,' ') || ': '
|| TO_CHAR(retval));
DBMS_OUTPUT.PUT_LINE (RPAD('> LDAP message ',25,' ') || ': ' ||
RAWTOHEX(SUBSTR(my_message,1,8)) ||
'(returned from search_s)');
-- count the number of entries returned
retval := DBMS_LDAP.count_entries(my_session, my_message);
DBMS_OUTPUT.PUT_LINE(RPAD('> Number of Entries ',25,' ') || ': '
|| TO_CHAR(retval));
DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
-- End output Heading --
-- get the first entry
my_entry := DBMS_LDAP.first_entry(my_session, my_message);
entry_index := 1;
-- Loop through each of the entries one by one
while my_entry IS NOT NULL loop
-- print the current entry
my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
-- DBMS_OUTPUT.PUT_LINE (' entry #' || TO_CHAR(entry_index) ||
-- ' entry ptr: ' || RAWTOHEX(SUBSTR(my_entry,1,8)));
DBMS_OUTPUT.PUT_LINE (' dn: ' || my_dn);
my_attr_name := DBMS_LDAP.first_attribute(my_session,my_entry,
my_ber_elmt);
attr_index := 1;
while my_attr_name IS NOT NULL loop
my_vals := DBMS_LDAP.get_values (my_session, my_entry,
my_attr_name);
if my_vals.COUNT > 0 then
FOR i in my_vals.FIRST..my_vals.LAST loop
DBMS_OUTPUT.PUT_LINE(' ' || my_attr_name || ' : ' ||
SUBSTR(my_vals(i),1,200));
end loop;
end if;
my_attr_name := DBMS_LDAP.next_attribute(my_session,my_entry,
my_ber_elmt);
attr_index := attr_index+1;
end loop;
my_entry := DBMS_LDAP.next_entry(my_session, my_entry);
DBMS_OUTPUT.PUT_LINE(' --------------------------------------------------- ');
entry_index := entry_index+1;
end loop;
-- unbind from the directory
retval := DBMS_LDAP.unbind_s(my_session);
DBMS_OUTPUT.PUT_LINE(RPAD('unbind_res Returns ',25,' ') || ': ' ||
TO_CHAR(retval));
-- Start Output Footer --
DBMS_OUTPUT.PUT_LINE('Directory operation Successful .. exiting');
-- Start Output Footer --
-- Handle Exceptions
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
END;
/ -
What is the best way to create a database schema from XML
What is the best way to create a database schema from XML?
i have a complex XML file that I want to create a database from and consistently import new XML files of the same schema type. Currently I have started off by mapping the XSD into Excel and using Mysql for Excel to push into MySQL.
There must be a more .net microsoft solution for this but I cannot locate the topic and tools by searching. What are the best tools and way to manage this?
Taking my C# furtherHi Saythj,
When mentioning "a database schema from XML", do you mean the
XML Schema Collections? If that is what you mean, when trying to import XML files of the same schema type, you may take the below approach.
Create an XML Schema Collection basing on your complex XML, you can find
many generating tools online to do that.
Create a Table with the above created schema typed XML column as below.
CREATE TABLE youTable( Col1 int, Col2 xml (yourXMLSchemaCollection))
Load your XML files and try to insert the xml content into the table above from C# or some other approaches. The XMLs that can't pass the validation fail inserting into that table.
If you have any question, feel free to let me know.
Eric Zhang
TechNet Community Support -
Authorization scheme for users stored in a database table?
Hello!
I'm trying to find out how to make an authorization scheme for database users.
I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
A word of explanation:_
I have a table in my database, named "USERS". Inside this table, I have the following columns:
- USERID (NUMBER)
- USERNAME (VARCHAR2(50))
- PASSWORD (VARCHAR2(50))
- EMAIL (VARCHAR2(200))
For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
What I want:_
When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
I also want the UserID to be stored somewhere in the application (if possible, in an application item).
How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
Any help is greatly appreciated.I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
function validate_login (
p_username in varchar2
, p_password in varchar2) return boolean
is
v_result varchar2(1);
begin
select null into v_result
from USERS
where userid = p_username
and password = p_password;
return true;
when no_data_found then return false;
end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
Rod West -
Generic Authorization Scheme for items?
I have created a generic authorization scheme for our application pages, and I would like to extend that to items if possible.
The page one was easy enough as I could identify the calling page through :APP_PAGE_ID in the authorization scheme. Unfortunately, I do not know of any built in variables that would identify a calling item on a page.
Is there such a variable or some other way of identifying the item?
thanks!
JohnJohn,
No, currently you cannot pass any parameters to an Authorization Scheme. I have requested that this be a new feature in a future release of APEX, as it makes all the sense in the world. It would be a lot easier to have 1 scheme that can take a parameter for 100 items vs. 100 schemes, one for each of 100 items.
In the mean time, you'll have to default to using a condition to determine if an item should be rendered or not. The trick here is that conditions are often used for business rules (such as not showing the SAVE button when you're inserting). Thus, you'll have to account for that when creating your conditions, and thus check both.
Hope this helps.
Thanks,
- Scott -
http://spendolini.blogspot.com/
http://sumnertechnologies.com/ -
Create Display Authorization Profile for SAP Transaction SPRO (IMG).
Dear All,
In my current implementation project there is an requirement to create display authorization profile for SPRO. I have tried a lot but was not able to do so.
Any one is having an experience in creating display profile for SPRO (IMG) ? If any one has worked on this issue then please guide me.
Thanks,
AvinashHi
This is security related question. I am not security expert.
But you can check this, Include the following authorization objects in the profile and assign this profile to the target user.
S_IMG_ACTV
S_PROJECT
S_PROJ_AUT
S_PRO_AUTH
and assign activity = 03 (Display).
Hoipe it helps.
regards
Srinivas -
Page 0 security: authorization scheme not applied to other pages
the page 0 security: authorization scheme not applied to other pages (neither as an override for existing pages nor as a default for new pages).
how is this intended to work?mcstock,
Can you clarify your question please? Can you give specific steps to reproduce this issue that you are inquiring about?
Thanks.
Joel -
The best option to create a shared storage for Oracle 11gR2 RAC in OEL 5?
Hello,
Could you please tell me the best option to create a shared storage for Oracle 11gR2 RAC in Oracel Enterprise Linux 5? in production environment? And could you help to create shared storage? Because there is no additional step in Oracle installation guide. There are steps for only asm disk creation.
Thank you.Here are names of partitions and permissions. Partitions which have 146 GB, 438 GB, 438 GB of capacity are my storage. Two of three disks which are 438 GB were configured as RAID 5 and remaining disk was configured as RAID 0. My storage is Dell MD 3000i and connected to nodes through ethernet.
Node 1
[root@rac1 home]# ll /dev/sd*
brw-r----- 1 root disk 8, 0 Aug 8 17:39 /dev/sda
brw-r----- 1 root disk 8, 1 Aug 8 17:40 /dev/sda1
brw-r----- 1 root disk 8, 16 Aug 8 17:39 /dev/sdb
brw-r----- 1 root disk 8, 17 Aug 8 17:39 /dev/sdb1
brw-r----- 1 root disk 8, 32 Aug 8 17:40 /dev/sdc
brw-r----- 1 root disk 8, 48 Aug 8 17:41 /dev/sdd
brw-r----- 1 root disk 8, 64 Aug 8 18:26 /dev/sde
brw-r----- 1 root disk 8, 65 Aug 8 18:43 /dev/sde1
brw-r----- 1 root disk 8, 80 Aug 8 18:34 /dev/sdf
brw-r----- 1 root disk 8, 81 Aug 8 18:43 /dev/sdf1
brw-r----- 1 root disk 8, 96 Aug 8 18:34 /dev/sdg
brw-r----- 1 root disk 8, 97 Aug 8 18:43 /dev/sdg1
[root@rac1 home]# fdisk -l
Disk /dev/sda: 72.7 GB, 72746008576 bytes
255 heads, 63 sectors/track, 8844 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 8844 71039398+ 83 Linux
Disk /dev/sdb: 72.7 GB, 72746008576 bytes
255 heads, 63 sectors/track, 8844 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 4079 32764536 82 Linux swap / Solaris
Disk /dev/sdd: 20 MB, 20971520 bytes
1 heads, 40 sectors/track, 1024 cylinders
Units = cylinders of 40 * 512 = 20480 bytes
Device Boot Start End Blocks Id System
Disk /dev/sde: 146.2 GB, 146278449152 bytes
255 heads, 63 sectors/track, 17784 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sde1 1 17784 142849948+ 83 Linux
Disk /dev/sdf: 438.8 GB, 438835347456 bytes
255 heads, 63 sectors/track, 53352 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdf1 1 53352 428549908+ 83 Linux
Disk /dev/sdg: 438.8 GB, 438835347456 bytes
255 heads, 63 sectors/track, 53352 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdg1 1 53352 428549908+ 83 Linux
Node 2
[root@rac2 ~]# ll /dev/sd*
brw-r----- 1 root disk 8, 0 Aug 8 17:50 /dev/sda
brw-r----- 1 root disk 8, 1 Aug 8 17:51 /dev/sda1
brw-r----- 1 root disk 8, 2 Aug 8 17:50 /dev/sda2
brw-r----- 1 root disk 8, 16 Aug 8 17:51 /dev/sdb
brw-r----- 1 root disk 8, 32 Aug 8 17:52 /dev/sdc
brw-r----- 1 root disk 8, 33 Aug 8 18:54 /dev/sdc1
brw-r----- 1 root disk 8, 48 Aug 8 17:52 /dev/sdd
brw-r----- 1 root disk 8, 64 Aug 8 17:52 /dev/sde
brw-r----- 1 root disk 8, 65 Aug 8 18:54 /dev/sde1
brw-r----- 1 root disk 8, 80 Aug 8 17:52 /dev/sdf
brw-r----- 1 root disk 8, 81 Aug 8 18:54 /dev/sdf1
[root@rac2 ~]# fdisk -l
Disk /dev/sda: 145.4 GB, 145492017152 bytes
255 heads, 63 sectors/track, 17688 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 8796 70653838+ 83 Linux
/dev/sda2 8797 12875 32764567+ 82 Linux swap / Solaris
Disk /dev/sdc: 146.2 GB, 146278449152 bytes
255 heads, 63 sectors/track, 17784 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdc1 1 17784 142849948+ 83 Linux
Disk /dev/sdd: 20 MB, 20971520 bytes
1 heads, 40 sectors/track, 1024 cylinders
Units = cylinders of 40 * 512 = 20480 bytes
Device Boot Start End Blocks Id System
Disk /dev/sde: 438.8 GB, 438835347456 bytes
255 heads, 63 sectors/track, 53352 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sde1 1 53352 428549908+ 83 Linux
Disk /dev/sdf: 438.8 GB, 438835347456 bytes
255 heads, 63 sectors/track, 53352 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdf1 1 53352 428549908+ 83 Linux
[root@rac2 ~]#
Thank you.
Edited by: user12144220 on Aug 10, 2011 1:10 AM
Edited by: user12144220 on Aug 10, 2011 1:11 AM
Edited by: user12144220 on Aug 10, 2011 1:13 AM -
What is the best way to create the correct space for baseball jersey names and numbers? along with making sure they are the right size for large printing.
Buying more hard drive space is a very valid option, here. Editing takes up lots of room, you should never discount the idea of adding more when you need it.
Another possibility is exporting to MXF OP1a using the AVC-I codec. It's not lossless, but it is Master quality. Plus the file size is a LOT smaller, so it may suit your needs. -
Best way to create an IPhone Application for my Blog
What's the best way to create an Iphone application for my Blog? I've seen several blogs that have their own application.
Could use some help,
Used Car parts Guy
<Edited by Moderator>Thanks for this info... I too am interested in creating my own application... Would love to hear from others...
Do you think it brings in traffic?
Are you charging for your application or free?
Thanks,
<Edited by Moderator> -
I want to create a authorization group for cic0 tcode.
i want to create a authorization group for cic0 tcode.
in detail...
in cic0 tcode i will enter business partner name
and press enter it gives me list of same names..
i want to restrict as per the region..there...
for exapmle....
if i enter name as raja
it gives me a list of raja in all region
but i want for a particular region....
how to create a authori object.....................
Regards
Anbuhttps://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c
If you start SU21, find the authorization object and double click on it you should be able to see who the author is.
Or you can findout through SUIM -
Best approach to migrate DB2 UDB V7 for z/OS
It seems that the latest migration workbench still doesn't work for DB2 UDB V7 on z/OS. What is the best approach to migrate DB2 UDB V7 for z/OS (about 10 GB) to Oracle 10g? Any suggestions/advices are greatly appreciated. Thanks.
GeorgeSQL Loader/External tables always works assuming you can get text files out of your old DB.
Gints Plivna
http://www.gplivna.eu -
Security certificate issue for Provider Hosted App (SP Online)
Hi all,
I am having a hard time with SP Online debugging a basic provider hosted app.
Steps I have taken to create the app:
created a new provider hosted app in Visual Studio 2013 and setting my SP Online debugging site (wich works perfectly for SP hosted apps).
Chose Azure ACS option, although I do not have an Azure account
When I deploy the app I get to the page on my debugging site where I must choose "Trust It", but when I do I get the message that the Connection is Unsecure/unsafe:
How can I fix this? Do I need to create an Azure account for debugging purposes already? Or is there another way to solve the problem?Hi,
I understand that you get Security certificate issue for Provider Hosted App (SP Online).
Per my knowledge, you need to create an Azure account for debugging purposes.
To create a SharePoint 2013 app for Office 365 and publish it to an Azure web site, you can refer to:
http://blogs.msdn.com/b/kaevans/archive/2014/02/24/creating-a-sharepoint-2013-app-with-azure-web-sites.aspx
Best Regards,
Linda Li
Linda Li
TechNet Community Support -
I am getting ready to sell a Mac app and I want to know what the specs are to create a custom background for my Mac App?
Here is a good example of what I am talking about: https://docs.google.com/file/d/0B28kNqQ8gmifRjRHam9wVnlrWG8/edit?usp=sharingYou need to post your question in the Apple Developer Forums
-
Is there any plan to create a HTML5 shell for flash player apps & interactive elements?
Is there any plan to create a HTML5 shell for flash player apps and elements? The canvas option is very limited and many apps & old, interactive flash elements no longer work on most mobile devices.
HTML5 is the "anti-flash", so to speak. It requires no plug-ins. HTML5 is MP4 which is QuickTime video. That's the "shell" for it.
Steve Jobs said in 2006, when iOS was first released, that "playing Flash content is processor consumptive and drains batteries in mobile devices, reducing their life." That's why Apple iOS devices have never been compatible with Flash, and also why Android dropped support for the technology in June of 2012.
Android has "Dolphin" and "Puffin" browsers, which render Flash content (video and animations) "server side" to reduce the load on mobile devices running Android. Likewise, Apple has "SkyFire" which works the same way, but is designed specifically for iOS.
Maybe you are looking for
-
Exchange/activesync "File As" field is blank
Hi I have moved from windows mobile 6 to iPhone. I have configured my iPhone to connect to the company Exchange 2003 to import email/contacts/calendar; push email works and contacts sync. My problem is when I add a contact on the iPhone... First Name
-
How to number and message screening in nokia 5630?
hi can anyone tell me, how to use the number and message screening in nokia 5630. it is a mobile with s60 platform and has number and message screening mentioned as its built in specification. i cant figure it out how?
-
Cannot start two database with same dbname in a computer
I have installed oracle and coppied D:\oracle\product\10.2.0\admin\orcl to D:\oracle\product\10.2.0\admin\orcl2 D:\oracle\product\10.2.0\flash_recovery_area\ORCL to D:\oracle\product\10.2.0\flash_recovery_area\ORCL2 D:\oracle\product\10.2.0\oradata\o
-
Is there a product out there that lets your audience tag a picture like on Facebook?
I wasn't sure if you could do this in lightroom or not?
-
I like to make use of a Checkbox to maintain the appearance of certain columns of report. Either I use STATIC LOV and paste all columns in there - QUESTION 1: how can I sort the sequence - default is alphanumeric - ? Or QUESTION 2: when I use a dynam