Apex user groups

Similar Messages

• Which table/view stores information on APEX user groups?

  Hi All,
  I need to list all the APEX users, their roles(i.e. IS_ADMIN or IS_DEVELOPER) and the user groups they belong to.
  Can some one kindly share the information on which tables/views will have all this information?
  I am aware of apex_workspace_users which tells me about the roles (i.e. IS_ADMIN or IS_DEVELOPER).
  Thanks in advance.
  Annie

  Thanks jari for your help.
  I did manage to get the information on user groups by using APEX_UTIL.get_groups_user_belongs_to function.
  However there are two issues in that:
  Firstly, the requirement is that i should be able to retrieve this details by executing queries in SQLPPlus and not APEX WS. However, executing APEX_UTIL.get_groups_user_belongs_to function in sqlplus returns no data. That means there are certain permission issues on the underlying tables.
  Secondly, the user groups are listed in a single row and I'd like the result in the multiple rows.

• Access control for different user groups in APEX 4.0

  Hi guys,
  in Apex 4.0, is there any way to use the access control page to configure access control for different user groups?
  The access control page currently only has an access control list by users with 3 privileges namely, Administrator, Edit & View where Administrator has the highest access level & View the lowest. Therefore 1 user cannot have more than 1 different privilege, however if the user belongs to 2 or more different groups then we can control what access he can have in a more fine grained manner. We also want to have more than the 3 privileges given.
  Can we assign different groups to different users and let them have different privileges to be configured by page, region, process or item level?
  Now Apex will create 2 tables, Apex_Access_Control & Apex_Access_Setup to store the application access control mode & access control list. It will also create 3 authorization schemes "access control - administrator", "access control - edit" & "access control - view" based on the 2 tables.
  Does this mean we have to change the table structures & edit the authorization schemes to suit our usage? We are reluctant to do this because if we upgrade to a newer version of Apex then we would have to merge our pl/sql coding with Apex's updated code.
  How can we auto-configure more than the 3 authorization schemes in the access control page? Is there any way to achieve a finer grain of access control based on the current access control administration page given by Apex without writing it ourselves?
  We are afraid that we may have missed something on Apex access control & do not want to reinvent the wheel.

  Hi Errol,
  to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
  This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
  In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
  Regards
  Andre

• Active Directory Authentication and permissions for user group in APEX 4.0

  Hello,
  I am new to oracle APEX and I have searched the forum for active directory authentication for a user group and I am really confused about all the different threads. Can anyone please provide me the steps to follow; in order to implement AD authentication for a user group in Oracle APEX 4.0.
  These are the threads which i was looking at to get an idea like how AD authentication works but its really confusing for me.
  Help with Authentication (APEX_LDAP.AUTHENTICATE)
  Re: LDAP Authentication Via Groups
  Thanks,
  Tony

  You need to give it more than 30 minutes before bumping your own post. This is not an official support channel, so you need to be patient and wait for people to read, think and respond.

• How to set different default interactive reports for different user groups?

  I'm probably overlooking an obvious solution, but how do I set different default interactive report for different user groups?
  For the same interactive report, I want one set of users to see a default where the default filter is based on column X. However, another group of users doesn't have authorization to see that column so I need to set the default filter to something else for them.
  Thanks

  You can set a filter on a report in a URL - would that help? I think with apex 4.x you can also link to a saved default report or alternative report...

• Database Account and User Groups

  Hello,
  Currently, I am using DATABASE ACCOUNT for an authentication scheme for all of my applications but, I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users. I have read that, in order to apply user groups in an application, you must use APPLICATON EXPRESS ACCOUNT credentials.
  Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.
  Is there a way to create user groups while using DATABASE ACCOUNT for authentication? What is the best practice in a case like this?
  Can anyone please shed some light on this? Thanks.
  - Dee

  Dee,
  I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users.I'm not clear on what your purpose is, just runtime authorization, or something more?
  Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.Those tables belong to your application's parsing schema and they are accessed only by code in applications you develop. The Application Express machinery knows nothing about them.
  Is there a way to create user groups while using DATABASE ACCOUNT for authentication?You can create your own tables to define groups and to keep track of which named accounts belong to which groups. And you can write an API for applications to use to query this information and to maintain it from custom applications built for that purpose.
  All

• Allowing user to create new Apex User

  Hi,
  I have a requirement that a certain user group needs to create new users to use Apex application. With my understanding, no user can create new user without apex admin privilege. I can't give admin privilege to any user. Is there any workaround? Thanks.

  Instead of having Apex Authentication, build your custom Authentication.
  Create a USER table with user detail and password.
  Create a login page .. for new user give a link to public page to enter their detail.
  For encrypting and decrypting the password see the sample applcation. You can copy that logic for protecting the password.
  Regards,
  Shijesh

• Authorization Schemes, User Groups

  Hi Folks,
  I wish to create an authorization scheme and to do so with one of the user groups I defined in
  Home>Administration>Manage Application Express Users
  How can I set the authorization scheme to achieve this?
  Thanks for any and all help

  Are you looking for apex_util.current_user_in_group
  Create a new authorization scheme... PL/SQL function reuturning boolean
  begin
  if apex_util.current_user_in_group('MyGroup')
  then
  return TRUE;
  else
  return FALSE;
  end if;
  end;Reference:http://apex.oracle.com/i/doc/AEAPI/apex_util014.htm
  Regards,
  Shijesh

• Restricting Access via User Groups

  So I have created some user groups via the Administration page in APEX. I would like to use these groups to control access to various tabs in my database application. Can someone please tell me how I might go about doing this? I can't seem to locate a good example.
  Thanks,
  Mark

  Hi Mark,
  You can e.g. create an authorization scheme (shared components) - pl/sql function returning boolean.
  You can use some functions in apex_util to determine if they should have access. e.g. apex_util.current_user_in_group(p_group_name in varchar2); http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21676/apex_util.htm#BABHCBEG
  Then just apply that authorization scheme to the tab and consequent pages associated to the tab.

• Interest in a Studio/Forte Developer User Group?

  Using Sun Solaris Tools? We would like to guage interest in attending or presenting at an upcoming Sun Solaris Tools User Group meeting. This meeting would most likely be held in early spring.
  If you are interested, please send your Name, Company contact information, and a brief description on how you use Solaris Tools to [email protected] by December 10, 2004.

  This looks like something that I am interested in - I have several applications with pre-existing authentication/authorization structures built in (Services, projects, etc) - and I want a very lightweight way for users to be able to view/edit (where appropriate) documents (Backup/Restore documents, basic usage, system design, etc).
  But I want to be able to embed the documents/editor in existing applications (APEX based).
  I have already tied the forum application into an application menu system, so each APEX based application has a nav bar entry "Forum", that jumps to the discussion category for that particular application (and the modified forum application uses the authorization from the menu system to decide what topics a person can see/post.)

• Any ideas on restriciting users/groups of users to data

  I am most certain someone has worked in this before and will have a quick solution for me.
  I have an interactive report which gets displayed based on entries in a table.
  What I want to do is ensure that the user logged in only has access to a subset of that data
  based on who he or she is. For example.
  1) I want a couple users to have read access only to everything
  2) I want a couple of users to have read/write access to everything
  3) I want some users/groups of users to have read/write access to the data based upon a statement.
  select blah blah from table where ColA=somevalue or multiple values.
  4) I want some users/groups of users to have read access ONLY to the data based upon a statement.
  select blah blah from table where ColA=somevalue or multiple values.
  Thanks in advance,
  Mike

  You can also use Authorization Scheme's, Apex UserID's, Apex Groups, to limit access to fields, columns, rows, buttons, pages... basically any object.
  For instance you might have a 'Mgmt' group with more rights than public users or authenticated users (seing more detail in a report) , and an 'HR' group with more rights still (seeing all the fields in a report).
  Let me know if you need examples... I've implemented this successfully based on examples I've found posted.
  Rich

• APEX User Credentail export

  I don't know how to export the Apex users -- I found them in WWV_FLOW_FND_USER table, however don't know how to export it to a new defined instance.
  Can any body help?
  Thanks
  Mehr

  Hello Mehr,
  What's your apex version?
  I don't if there is any better way for this. However you can try..
  Once you log-in the work-space, you can Export user data from "Administration -> Manage Users and Groups" page. It's IR on users table, from here you can download users details into CSV
  Next you can either load this data into any temp. table on target instance and then you can create users using APEX_UTIL API
  OR you can try creating users in Bulk by pasting all e-mails addresses at  "Administration -> Manage Users and Groups -> Tasks -> Create Multiple Users"
  Hope it helps.
  Regards,
  Hari

• How to migrate Apex users with existing passwords.

  Hi Guys,
  Our apex env finally getting a upgrade from 3.1.1 to 4.1.1 (I know, it's been overdue for years)
  Some of our apps use 'Application Express' authentication, and have few hundreds users in Apex (and users belong to diff user groups).
  The issue is, the 4.1.1 env is set up on a brand new server and DB, we want to migrate these users with their existing passwords from the 3.1.1 env.
  I tried exporting the workspace, and the users are exported as below,
       begin
       wwv_flow_fnd_user_api.create_fnd_user (
       p_user_id => '10592934818556549584',
       p_user_name => 'TEST',
       p_first_name => 'a',
       p_last_name => 'b',
       p_description => '',
       p_email_address=> '[email protected]',
       p_web_password => 'E92903DEAD135E6E86BD6B64544D2BD9',
       p_web_password_format => 'HEX_ENCODED_DIGEST_V2',
       p_group_ids => '10592435401495787816:',
       p_developer_privs=> '',
       p_default_schema=> 'TEST',
       p_account_locked=> 'N',
       p_account_expiry=> to_date('201212040000','YYYYMMDDHH24MI'),
       p_failed_access_attempts=> 0,
       p_change_password_on_first_use=> 'Y',
       p_first_password_use_occurred=> 'N',
       p_allow_access_to_schemas => '');
       end;
  when I run this in 4.1.1 I had to modify it to the new format as below,
  also changed the p_group_ids to new user group but kept the password the same
       begin
       wwv_flow_fnd_user_api.create_fnd_user (
       p_user_id => '',
       p_user_name => 'TEST',
       p_first_name => 'a',
       p_last_name => 'b',
       p_description => '',
       p_email_address=> '[email protected]',
       p_web_password => 'E92903DEAD135E6E86BD6B64544D2BD9',
       p_web_password_format => 'HEX_ENCODED_DIGEST_V2',
       p_group_ids => '1399416797653068:',
       p_developer_privs=> '',
       p_default_schema=> 'TEST',
       p_account_locked=> 'N',
       p_account_expiry=> to_date('201209041006','YYYYMMDDHH24MI'),
       p_failed_access_attempts=> 0,
       p_change_password_on_first_use=> 'Y',
       p_first_password_use_occurred=> 'N',
  p_allow_app_building_yn=> 'N',
  p_allow_sql_workshop_yn=> 'N',
  p_allow_websheet_dev_yn=> 'N',
  p_allow_team_development_yn=> 'N',     
  p_allow_access_to_schemas => '');
       end;
  the result was that the user is created fine, but the password is not valid.
  Anyone knows how to export apex users with existing password to a new server?
  Thanks.
  Edited by: Danny on 3/12/2012 20:51

  Hi,
  Not sure why you say
  when I run this in 4.1.1 I had to modify it to the new format as below, If you just run the workspace export sql it should create the Workspace, Groups and Users
  The signature of the procedure is below. See the highlighted lines.
  procedure create_fnd_user (-- Description:
  -- This procedure allows for programatic and bulk creation of users.
  -- Example:
  -- From sqlplus logged in as the privileged flows user, first
  -- ensure that the security group id is set properly, then create
  -- your users.
  <b> -- begin wwv_flow_security.g_security_group_id := 20; end;</b>
  -- begin
  -- for i in 1..10 loop
  -- wwv_flow_fnd_user_api.create_fnd_user(
  -- p_user_name => 'USER_'||i,
  -- p_email_address => 'user_'||i||'@mycompany.com',
  -- p_web_password => 'user_'||i) ;
  -- end loop;
  -- commit;
  -- end;
  -- Arguments:
  -- p_user_id numeric primary key of user
  -- p_user_name the username the user uses to login
  -- p_first_name informational only
  -- p_last_name informational only
  <b> -- p_web_password the unencrypted password for the new user</b>
  -- p_group_ids A colon delimited list of group IDs from the table wwv_flow_fnd_user_groups
  -- p_developer_privs A colon delmited list of developer privs, privs include:
  -- ADMIN:BROWSE:CREATE:DATA_LOADER:DB_MONITOR:EDIT:HELP:MONITOR:SQL:USER_MANAGER
  -- p_default_schema A valid oracle schema that is the default schema for use in browsing and
  -- creating flows
  -- p_allow_access_to_schemas A colon delimited list of oracle schemas that the user is allowed to
  -- parse as. If null the user can parse as any schema available to the company.
  -- This does not provide privilege it only resticts privilege, so listing a schema
  -- does not provide the privilege to parse as a schema, it only restricts that user
  -- to that list of schemas.
  -- p_attributes_XX These attributes allow you to store arbitary information about a given user.
  -- They are for use by flow developers who want to extend user information.
  <b> -- p_web_password_format Identifies the format of the web password.
  -- The range of values is CLEAR_TEXT, HEX_ENCODED_DIGEST, DIGEST </b>
  -- p_person_type "E" marks the user as external
  -->
  Note there is no HEX_ENCODED_DIGEST, DIGEST_V2 listed. It may work, but not obvious from the signature.
  Cheers,

• Apex users levels. 2 applications or only 1 divided in two?

  Hi.
  I got 10gXE and apex 2.1 (gotta upgrade it!)
  Let me explain what i need to do but don't know how to.
  I'm developing a unique app right now all apex users can acces, but later, i gotta divide that applicatioin in two. One group of pages are for managers (access to all pages) and another group of pages for common employees (access to only few pages)
  If i develop two applications with different numbers (ex app 401 for managers and 402 for common employees) i should have 2 login pages right? one for each app.
  Is there any possibility that, once i log in from a unique login page, that login page takes me to app 401 or app 402 depending if the username belongs to managers or common employees??
  Or definetively, i should have two login pages, one for each app?.
  I prefer not to do that, i prefer to give the users a unique login page from where they can access the app they are allowed to.
  Thanks in advance...
  Fernando.

  Dear Chrissy...
  I'll take a deep look into UsersGuide, but for know, I'll try to make myself clear so you can understand what i want.
  The application users are divided in 2 groups, management (M) and common employees (CE). Depending whether an app user belongs to a certain group, he/she should be able to see ONLY the pages allowed for that type of user M or CE.
  In the application, pages 1 to 10 are allowed to see and use for CE users, pages 20 to 24 are allowed to see and use for M users. CE are not allowed to see neither use pages of M users, and viceversa. For that purpose, i have 2 groups of Tabs, TAB1 owns pages 1 to 10 and TAB2 20 to 24. so, if you access page 3 for ex, you will only see on tabs, pages 1 to 10. If you access 22, you'll only see pages 20 to 24.
  Just like you, i was also thinking on how to branch to different pages depending on authorization, so I modified the Login process at login page to
  (remember: tipousmw is the type of user, mw_usuarios is the table where user data is stored -doce, name, email,. type of user - and tipousmw=1 if CE and 2 if M)
  declare
  q number;
  begin
  select tipousmw into q
  from mw_usuarios
  where usernamemw = lower(:P101_USERNAME);
  IF q=2
  THEN
  wwv_flow_custom_auth_std.login(
  P_UNAME => :P101_USERNAME,
  P_PASSWORD => :P101_PASSWORD,
  P_SESSION_ID => v('APP_SESSION'),
  P_FLOW_PAGE => :APP_ID||':1'
  ELSIF q=1
  THEN
  wwv_flow_custom_auth_std.login(
  P_UNAME => :P101_USERNAME,
  P_PASSWORD => :P101_PASSWORD,
  P_SESSION_ID => v('APP_SESSION'),
  P_FLOW_PAGE => :APP_ID||':20'
  END IF;
  end;
  So it's supposed that if a username belong to CE, he/she will be redirected to page 1, otherwise, if it belongs to M, he/she will be redirected to page 20. And it worked at the beginning, but not later, i dont know if it got something to do with the cookie...
  The previous procedure makes sense to me but.. don't know if you can try and tell me what happened.. hope somebody else have tried this so i can have a suggestion or an opinon on howcome it doesn't work properly....
  Thanks in advance for your help-.....
  Fernando...

• Applying "User Groups" -- What do I get?!

  I am able to assign a user to a user group using the User Admin in Apex.
  I don't know how I would be able to assign a role (that I know how to define that for an individual user).
  The only thing I can see is a name for User Group and a Description!
  My requirement is to define a group of people to be assigned to one group/role, so that every change to that role can be automatically be applied to each user in that group.
  any idea?
  cheers,
  Mehr

  Hi,
  You create groups and assign users to those.
  Then you need develop authorization schema that utilize user group information.
  15.5 Providing Security Through Authorization
  I'm not sure do I understand question/problem correctly.
  Also, it is better post APEX related question in Application Express forum
  Regards,
  Jari