Best Approach to create Security / Authorization Schema for an APEX Apps

Similar Messages

• Create Authorization Scheme for LDAP Groups

  I have installed APEX 4.0 in my staging environment and got the LDAPS to finally work. I can now login to the application with my LAN user name and password. The only problem is so can everyone else on the LAN. So I wanted to create an authorization scheme that would only allow a certain group or groups of LDAP users into the application rather than everyone.
  I am at the Create Authorization Scheme page and am kind of stuck. Has anyone done this before and can share some SQL or knowledge?

  hi larosejh
  If you want to do that you must write your own procedures using the dbms_ldap package. I found some code a while back that searches the LDAP. Maybe you can use this to create a function for your authentication.
  DECLARE
  retval PLS_INTEGER;
  my_session DBMS_LDAP.session;
  my_attrs DBMS_LDAP.string_collection;
  my_message DBMS_LDAP.message;
  my_entry DBMS_LDAP.message;
  entry_index PLS_INTEGER;
  my_dn VARCHAR2(256);
  my_attr_name VARCHAR2(256);
  my_ber_elmt DBMS_LDAP.ber_element;
  attr_index PLS_INTEGER;
  i PLS_INTEGER;
  my_vals      DBMS_LDAP.STRING_COLLECTION ;
  ldap_host VARCHAR2(256);
  ldap_port VARCHAR2(256);
  ldap_user VARCHAR2(256);
  ldap_passwd VARCHAR2(256);
  ldap_base VARCHAR2(256);
  BEGIN
  retval := -1;
  -- Please customize the following variables as needed
  ldap_host := 'host';
  ldap_port := '389';
  -- In case of update/insert/delete need change ldap_user to other.
       -- ldap_user := 'cn=orcladmin';
       -- ldap_passwd:= 'welcome';
  -- set User and password to NULL for anonymous user.
  ldap_user := 'user';
  ldap_passwd:= 'password';
  ldap_base := 'CN=Users,DC=ee,DC=intern';
  -- end of customizable settings
  -- Start output Header--
  DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
  DBMS_OUTPUT.PUT('> DBMS_LDAP Search Example ');
  DBMS_OUTPUT.PUT_LINE('');
  DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Host ',25,' ') || ': ' || ldap_host);
  DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Port ',25,' ') || ': ' || ldap_port);
  -- Choosing exceptions to be raised by DBMS_LDAP library.
  DBMS_LDAP.USE_EXCEPTION := TRUE;
  my_session := DBMS_LDAP.init(ldap_host,ldap_port);
  DBMS_OUTPUT.PUT_LINE (RPAD('> Ldap session ',25,' ') || ': ' ||
  RAWTOHEX(SUBSTR(my_session,1,8)) ||
  '(returned from init)');
  -- bind to the directory
  retval := DBMS_LDAP.simple_bind_s(my_session,
  ldap_user, ldap_passwd);
  DBMS_OUTPUT.PUT_LINE(RPAD('> simple_bind_s Returns ',25,' ') || ': '
  || TO_CHAR(retval));
  -- issue the search
  my_attrs(1) := 'dn'; -- retrieve all attributes
  retval := DBMS_LDAP.search_s(my_session, ldap_base,
  DBMS_LDAP.SCOPE_SUBTREE,
  'objectclass=*',
  my_attrs,
  0,
  my_message);
  DBMS_OUTPUT.PUT_LINE(RPAD('> search_s Returns ',25,' ') || ': '
  || TO_CHAR(retval));
  DBMS_OUTPUT.PUT_LINE (RPAD('> LDAP message ',25,' ') || ': ' ||
  RAWTOHEX(SUBSTR(my_message,1,8)) ||
  '(returned from search_s)');
  -- count the number of entries returned
  retval := DBMS_LDAP.count_entries(my_session, my_message);
  DBMS_OUTPUT.PUT_LINE(RPAD('> Number of Entries ',25,' ') || ': '
  || TO_CHAR(retval));
  DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
  -- End output Heading --
  -- get the first entry
  my_entry := DBMS_LDAP.first_entry(my_session, my_message);
  entry_index := 1;
  -- Loop through each of the entries one by one
  while my_entry IS NOT NULL loop
  -- print the current entry
  my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
  -- DBMS_OUTPUT.PUT_LINE (' entry #' || TO_CHAR(entry_index) ||
  -- ' entry ptr: ' || RAWTOHEX(SUBSTR(my_entry,1,8)));
  DBMS_OUTPUT.PUT_LINE (' dn: ' || my_dn);
  my_attr_name := DBMS_LDAP.first_attribute(my_session,my_entry,
  my_ber_elmt);
  attr_index := 1;
  while my_attr_name IS NOT NULL loop
  my_vals := DBMS_LDAP.get_values (my_session, my_entry,
  my_attr_name);
  if my_vals.COUNT > 0 then
  FOR i in my_vals.FIRST..my_vals.LAST loop
  DBMS_OUTPUT.PUT_LINE(' ' || my_attr_name || ' : ' ||
  SUBSTR(my_vals(i),1,200));
  end loop;
  end if;
  my_attr_name := DBMS_LDAP.next_attribute(my_session,my_entry,
  my_ber_elmt);
  attr_index := attr_index+1;
  end loop;
  my_entry := DBMS_LDAP.next_entry(my_session, my_entry);
  DBMS_OUTPUT.PUT_LINE(' --------------------------------------------------- ');
  entry_index := entry_index+1;
  end loop;
  -- unbind from the directory
  retval := DBMS_LDAP.unbind_s(my_session);
  DBMS_OUTPUT.PUT_LINE(RPAD('unbind_res Returns ',25,' ') || ': ' ||
  TO_CHAR(retval));
  -- Start Output Footer --
  DBMS_OUTPUT.PUT_LINE('Directory operation Successful .. exiting');
  -- Start Output Footer --
  -- Handle Exceptions
  EXCEPTION
  WHEN OTHERS THEN
  DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
  DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
  DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
  END;
  /

• What is the best way to create a database schema from XML

  What is the best way to create a database schema from XML?
  i have  a complex XML file that I want to create a database from and consistently import new XML files of the same schema type. Currently I have started off by mapping the XSD into Excel and using Mysql for Excel to push into MySQL.
  There must be a more .net microsoft solution for this but I cannot locate the topic and tools by searching. What are the best tools and way to manage this?
  Taking my C# further

  Hi Saythj,
  When mentioning "a database schema from XML", do you mean the
  XML Schema Collections? If that is what you mean, when trying to import XML files of the same schema type, you may take the below approach.
  Create an XML Schema Collection basing on your complex XML, you can find
  many generating tools online to do that.
  Create a Table with the above created schema typed XML column as below.
  CREATE TABLE youTable( Col1 int, Col2 xml (yourXMLSchemaCollection))
  Load your XML files and try to insert the xml content into the table above from C# or some other approaches. The XMLs that can't pass the validation fail inserting into that table.
  If you have any question, feel free to let me know.
  Eric Zhang
  TechNet Community Support

• Authorization scheme for users stored in a database table?

  Hello!
  I'm trying to find out how to make an authorization scheme for database users.
  I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
  A word of explanation:_
  I have a table in my database, named "USERS". Inside this table, I have the following columns:
  - USERID (NUMBER)
  - USERNAME (VARCHAR2(50))
  - PASSWORD (VARCHAR2(50))
  - EMAIL (VARCHAR2(200))
  For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
  What I want:_
  When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
  So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
  I also want the UserID to be stored somewhere in the application (if possible, in an application item).
  How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
  Any help is greatly appreciated.

  I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
  From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
  function validate_login (
     p_username   in   varchar2
  , p_password   in   varchar2) return boolean
  is
  v_result varchar2(1);
  begin
  select null into v_result
  from USERS
  where userid = p_username
  and password = p_password;
  return true;
  when no_data_found then return false;
  end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
  And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
  Rod West

• Generic Authorization Scheme for items?

  I have created a generic authorization scheme for our application pages, and I would like to extend that to items if possible.
  The page one was easy enough as I could identify the calling page through :APP_PAGE_ID in the authorization scheme. Unfortunately, I do not know of any built in variables that would identify a calling item on a page.
  Is there such a variable or some other way of identifying the item?
  thanks!
  John

  John,
  No, currently you cannot pass any parameters to an Authorization Scheme. I have requested that this be a new feature in a future release of APEX, as it makes all the sense in the world. It would be a lot easier to have 1 scheme that can take a parameter for 100 items vs. 100 schemes, one for each of 100 items.
  In the mean time, you'll have to default to using a condition to determine if an item should be rendered or not. The trick here is that conditions are often used for business rules (such as not showing the SAVE button when you're inserting). Thus, you'll have to account for that when creating your conditions, and thus check both.
  Hope this helps.
  Thanks,
  - Scott -
  http://spendolini.blogspot.com/
  http://sumnertechnologies.com/

• Create Display Authorization Profile for SAP Transaction SPRO (IMG).

  Dear All,
  In my current implementation project there is an requirement to create display authorization profile for SPRO. I have tried a lot but was not able to do so.
  Any one is having an experience in creating display profile for SPRO (IMG) ? If any one has worked on this issue then please guide me.
  Thanks,
  Avinash

  Hi
  This is security related question. I am not security expert.
  But you can check this, Include the following authorization objects in the profile and assign this profile to the target user.
  S_IMG_ACTV
  S_PROJECT
  S_PROJ_AUT
  S_PRO_AUTH
  and assign activity = 03 (Display).
  Hoipe it helps.
  regards
  Srinivas

• Page 0 security: authorization scheme not applied to other pages

  the page 0 security: authorization scheme not applied to other pages (neither as an override for existing pages nor as a default for new pages).
  how is this intended to work?

  mcstock,
  Can you clarify your question please? Can you give specific steps to reproduce this issue that you are inquiring about?
  Thanks.
  Joel

• The best option to create  a shared storage for Oracle 11gR2 RAC in OEL 5?

  Hello,
  Could you please tell me the best option to create a shared storage for Oracle 11gR2 RAC in Oracel Enterprise Linux 5? in production environment? And could you help to create shared storage? Because there is no additional step in Oracle installation guide. There are steps for only asm disk creation.
  Thank you.

  Here are names of partitions and permissions. Partitions which have 146 GB, 438 GB, 438 GB of capacity are my storage. Two of three disks which are 438 GB were configured as RAID 5 and remaining disk was configured as RAID 0. My storage is Dell MD 3000i and connected to nodes through ethernet.
  Node 1
  [root@rac1 home]# ll /dev/sd*
  brw-r----- 1 root disk 8, 0 Aug 8 17:39 /dev/sda
  brw-r----- 1 root disk 8, 1 Aug 8 17:40 /dev/sda1
  brw-r----- 1 root disk 8, 16 Aug 8 17:39 /dev/sdb
  brw-r----- 1 root disk 8, 17 Aug 8 17:39 /dev/sdb1
  brw-r----- 1 root disk 8, 32 Aug 8 17:40 /dev/sdc
  brw-r----- 1 root disk 8, 48 Aug 8 17:41 /dev/sdd
  brw-r----- 1 root disk 8, 64 Aug 8 18:26 /dev/sde
  brw-r----- 1 root disk 8, 65 Aug 8 18:43 /dev/sde1
  brw-r----- 1 root disk 8, 80 Aug 8 18:34 /dev/sdf
  brw-r----- 1 root disk 8, 81 Aug 8 18:43 /dev/sdf1
  brw-r----- 1 root disk 8, 96 Aug 8 18:34 /dev/sdg
  brw-r----- 1 root disk 8, 97 Aug 8 18:43 /dev/sdg1
  [root@rac1 home]# fdisk -l
  Disk /dev/sda: 72.7 GB, 72746008576 bytes
  255 heads, 63 sectors/track, 8844 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes
  Device Boot Start End Blocks Id System
  /dev/sda1 * 1 8844 71039398+ 83 Linux
  Disk /dev/sdb: 72.7 GB, 72746008576 bytes
  255 heads, 63 sectors/track, 8844 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes
  Device Boot Start End Blocks Id System
  /dev/sdb1 * 1 4079 32764536 82 Linux swap / Solaris
  Disk /dev/sdd: 20 MB, 20971520 bytes
  1 heads, 40 sectors/track, 1024 cylinders
  Units = cylinders of 40 * 512 = 20480 bytes
  Device Boot Start End Blocks Id System
  Disk /dev/sde: 146.2 GB, 146278449152 bytes
  255 heads, 63 sectors/track, 17784 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes
  Device Boot Start End Blocks Id System
  /dev/sde1 1 17784 142849948+ 83 Linux
  Disk /dev/sdf: 438.8 GB, 438835347456 bytes
  255 heads, 63 sectors/track, 53352 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes
  Device Boot Start End Blocks Id System
  /dev/sdf1 1 53352 428549908+ 83 Linux
  Disk /dev/sdg: 438.8 GB, 438835347456 bytes
  255 heads, 63 sectors/track, 53352 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes
  Device Boot Start End Blocks Id System
  /dev/sdg1 1 53352 428549908+ 83 Linux
  Node 2
  [root@rac2 ~]# ll /dev/sd*
  brw-r----- 1 root disk 8, 0 Aug 8 17:50 /dev/sda
  brw-r----- 1 root disk 8, 1 Aug 8 17:51 /dev/sda1
  brw-r----- 1 root disk 8, 2 Aug 8 17:50 /dev/sda2
  brw-r----- 1 root disk 8, 16 Aug 8 17:51 /dev/sdb
  brw-r----- 1 root disk 8, 32 Aug 8 17:52 /dev/sdc
  brw-r----- 1 root disk 8, 33 Aug 8 18:54 /dev/sdc1
  brw-r----- 1 root disk 8, 48 Aug 8 17:52 /dev/sdd
  brw-r----- 1 root disk 8, 64 Aug 8 17:52 /dev/sde
  brw-r----- 1 root disk 8, 65 Aug 8 18:54 /dev/sde1
  brw-r----- 1 root disk 8, 80 Aug 8 17:52 /dev/sdf
  brw-r----- 1 root disk 8, 81 Aug 8 18:54 /dev/sdf1
  [root@rac2 ~]# fdisk -l
  Disk /dev/sda: 145.4 GB, 145492017152 bytes
  255 heads, 63 sectors/track, 17688 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes
  Device Boot Start End Blocks Id System
  /dev/sda1 * 1 8796 70653838+ 83 Linux
  /dev/sda2 8797 12875 32764567+ 82 Linux swap / Solaris
  Disk /dev/sdc: 146.2 GB, 146278449152 bytes
  255 heads, 63 sectors/track, 17784 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes
  Device Boot Start End Blocks Id System
  /dev/sdc1 1 17784 142849948+ 83 Linux
  Disk /dev/sdd: 20 MB, 20971520 bytes
  1 heads, 40 sectors/track, 1024 cylinders
  Units = cylinders of 40 * 512 = 20480 bytes
  Device Boot Start End Blocks Id System
  Disk /dev/sde: 438.8 GB, 438835347456 bytes
  255 heads, 63 sectors/track, 53352 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes
  Device Boot Start End Blocks Id System
  /dev/sde1 1 53352 428549908+ 83 Linux
  Disk /dev/sdf: 438.8 GB, 438835347456 bytes
  255 heads, 63 sectors/track, 53352 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes
  Device Boot Start End Blocks Id System
  /dev/sdf1 1 53352 428549908+ 83 Linux
  [root@rac2 ~]#
  Thank you.
  Edited by: user12144220 on Aug 10, 2011 1:10 AM
  Edited by: user12144220 on Aug 10, 2011 1:11 AM
  Edited by: user12144220 on Aug 10, 2011 1:13 AM

• Hi all! What is the best way to create the correct space for baseball jersey names and numbers? along with making sure they are the right size for large printing.

  What is the best way to create the correct space for baseball jersey names and numbers? along with making sure they are the right size for large printing.

  Buying more hard drive space is a very valid option, here.  Editing takes up lots of room, you should never discount the idea of adding more when you need it.
  Another possibility is exporting to MXF OP1a using the AVC-I codec.  It's not lossless, but it is Master quality.  Plus the file size is a LOT smaller, so it may suit your needs.

• Best way to create an IPhone Application for my Blog

  What's the best way to create an Iphone application for my Blog? I've seen several blogs that have their own application.
  Could use some help,
  Used Car parts Guy
  <Edited by Moderator>

  Thanks for this info... I too am interested in creating my own application... Would love to hear from others...
  Do you think it brings in traffic?
  Are you charging for your application or free?
  Thanks,
  <Edited by Moderator>

• I want to create a authorization group for  cic0 tcode.

  i want to create a authorization group for cic0 tcode.
  in detail...
  in  cic0 tcode  i will enter business partner name
  and press enter it gives me list of  same names..
  i want to restrict as per the region..there...
  for exapmle....
  if i enter name as raja
  it gives me a list of raja in all region
  but i want for a particular region....
  how to create a authori object.....................
  Regards
  Anbu

  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c
  If you start SU21, find the authorization object and double click on it you should be able to see who the author is.
  Or you can findout through SUIM

• Best approach to migrate DB2 UDB V7 for z/OS

  It seems that the latest migration workbench still doesn't work for DB2 UDB V7 on z/OS. What is the best approach to migrate DB2 UDB V7 for z/OS (about 10 GB) to Oracle 10g? Any suggestions/advices are greatly appreciated. Thanks.
  George

  SQL Loader/External tables always works assuming you can get text files out of your old DB.
  Gints Plivna
  http://www.gplivna.eu

• Security certificate issue for Provider Hosted App (SP Online)

  Hi all,
  I am having a hard time with SP Online debugging a basic provider hosted app.
  Steps I have taken to create the app:
   created a new provider hosted app in Visual Studio 2013 and setting my SP Online debugging site (wich works perfectly for SP hosted apps).
  Chose Azure ACS option, although I do not have an Azure account
  When I deploy the app I get to the page on my debugging site where I must choose "Trust It", but when I do I get the message that the Connection is Unsecure/unsafe:
   How can I fix this? Do I need to create an Azure account for debugging purposes already? Or is there another way to solve the problem?

  Hi,
  I understand that you get Security certificate issue for Provider Hosted App (SP Online).
  Per my knowledge, you need to create an Azure account for debugging purposes.
  To create a SharePoint 2013 app for Office 365 and publish it to an Azure web site, you can refer to:
  http://blogs.msdn.com/b/kaevans/archive/2014/02/24/creating-a-sharepoint-2013-app-with-azure-web-sites.aspx
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• I am getting ready to sell a Mac app and I want to know what the specs are to create a custom background for my Mac App?

  I am getting ready to sell a Mac app and I want to know what the specs are to create a custom background for my Mac App?
  Here is a good example of what I am talking about: https://docs.google.com/file/d/0B28kNqQ8gmifRjRHam9wVnlrWG8/edit?usp=sharing

  You need to post your question in the Apple Developer Forums

• Is there any plan to create a HTML5 shell for flash player apps & interactive elements?

  Is there any plan to create a HTML5 shell for flash player apps and elements? The canvas option is very limited and many apps & old, interactive flash elements no longer work on most mobile devices. 

  HTML5 is the "anti-flash", so to speak. It requires no plug-ins. HTML5 is MP4 which is QuickTime video. That's the "shell" for it.
  Steve Jobs said in 2006, when iOS was first released, that "playing Flash content is processor consumptive and drains batteries in mobile devices, reducing their life." That's why Apple iOS devices have never been compatible with Flash, and also why Android dropped support for the technology in June of 2012.
  Android has "Dolphin" and "Puffin" browsers, which render Flash content (video and animations) "server side" to reduce the load on mobile devices running Android. Likewise, Apple has "SkyFire" which works the same way, but is designed specifically for iOS.