APEX VPD Implementation for Web Site - Please Help

Hi Folks.
I want to do the following...
I have an APEX website which has both INTERNAL and EXTERNAL users.
The INTERNAL users (employees) should be able to see all data in all tables.
The EXTERNAL users (clients) should only see their own data within the same tables.
The intention here is to enforce the data that employees and clients can interact with using VPD.
Within the application we have our own CONTACT table that will be used by our system for controlling user-access. Only Valid system users will have an entry in the CONTACT table. Currently, this is partially enforced by APEX.
It is also, our intention that all the users of our APEX system, connect to the database as a single user – currently APP_PUBLIC_USER. As we do not want the overhead of database user account management.
Note in the future we hope to integrate the APEX system with Oracle Business Intelligence (BI).
VPD
If we create a DATABASE account with the same username as that stored in our own CONTACT table and connect using SQL/PLUS then the VPD policy is successful.
When we connect using APEX we are able to authenticate the APEX username is in our own CONTACT table but we cannot pass the APEX username to the database for testing with regards the VPD policy. It is always APEX_PUBLIC_USER as far as the database is confirmed.
The username as far as the database is concerned is always APEX_PUBLIC_USER.
As such we cannot distinguish between the users.
We have tried setting an oracle application context (XXX_App_CTX) that has an attribute ‘USER_NAME’ with value of :APP_USER in the APEX application. This was done in the Apex VPD security section. We’ve queried the value when running the APEX application and the value displays correctly.
But on the database the value of USER_NAME appears as null.
How can we pass the APEX user name to the database for the purposes of enforcing VPD?
Also, we have a database on-logon trigger which initialises application contexts attributes/values that are used to implement our VPD, see below.
Any suggestions?
Note : DEVYYY is the schema owner.
DECLARE
-- Fetch valid user information which is required for set the application
-- context.
CURSOR csr_user_info (cp_user_name IN VARCHAR2) IS
sELECT con.contact_id
,con.master_entity_id
FROM DEVYYY.contact con
WHERE con.user_name = cp_user_name ;
r_user_info csr_user_info%ROWTYPE;
v_user VARCHAR2(30);
BEGIN
IF v('APP_USER') != 'APEX_PUBLIC_USER' AND
v('APP_USER') IS NOT NULL THEN
v_user := v('APP_USER');
ELSE
v_user := UPPER(SYS_CONTEXT('USERENV','SESSION_USER'));
END IF;
v_user := SYS_CONTEXT('XXX_App_CTX','user_name') ;
-- Validate/Authenticate that the user exists in the contacts table
OPEN csr_user_info (cp_user_name => v_user );
FETCH csr_user_info INTO r_user_info;
CLOSE csr_user_info;
-- Set application context for a valid user, else set the the context
-- to invalid.
IF r_user_info.contact_id IS NOT NULL THEN
DEVYYY.XXX_app_CTX_mgr.set_contact_id_CTX(p_contact_id => r_user_info.contact_id );
DEVYYY.XXX_app_CTX_mgr.set_user_name_CTX (p_user_name => v_user);
DEVYYY.XXX_app_CTX_mgr.set_master_entity_id_CTX(p_master_entity_id => r_user_info.master_entity_id);
ELSE
-- invalid user, i.e does not exist in .contact table.
DEVYYY.XXX_app_CTX_mgr.set_contact_id_CTX(p_contact_id => -99 );
DEVYYY.XXX_app_CTX_mgr.set_user_name_CTX(p_user_name => 'INVALID_USER');
DEVYYY.XXX_app_CTX_mgr.set_master_entity_id_CTX(p_master_entity_id => -99);
END IF;
EXCEPTION
WHEN OTHERS THEN
RAISE_APPLICATION_ERROR(-20001, 'ON-LOGON TRG Error: ' ||SQLERRM);
END trg_db_logon;

Contexts are only valid for a session, but every page view in an APEX application is essentially a new session. Take a look at global application contexts as they persists across sessions. You could also set some type of role info in an APEX item and reference it via PL/SQL from your VPD policy function.
Tyler

Similar Messages

  • I can't open any Danish web sites - PLEASE HELP !!

    It's very weird, since yesterday haven't been able to open any Danish web sites.
    As soon as it ends with .dk it won't open the page. And seeing that my web site ends with .dk I can't get my personal e-mail to my mail program either.
    This is not only Firefox. It's all my browsers.
    I'm on an iBook G3.
    I cleared cashes - cookies etc. Nothing's working. And I've been able to open all the websites from other computers, so the problem must be coming from mine.
    PLEASE HELP !!

    I'm definately no network specialist, just heared an emergency call ..
    my guess, try...:
    system prefs/network...
    select your network settings, click on "TCP/IP" ...
    paste into DNS Server (any or all...)
    213.191.74.19
    213.191.92.87
    131.234.39.10
    131.234.39.11
    131.234.137.23
    131.234.137.24
    195.8.224.1
    195.8.224.1
    these are some German DNS servers, which allow (me...) to access any, even Danish websites ...
    I'm pretty sure, there're lots of Danish DNS Server, which works faster/more reliable, but just give it a try, how it works...........
    unfortunately, I don't have the IPs of any danish DNS... as said, me no specialist, I just know, "these works"

  • Photoshop CC2014: Can't use save for web option PLEASE HELP

    Whenever I try and save a small animation as a gif (or anything in save ffor web) this happens http://prntscr.com/4gpseu This happened in CS6 I upgraded thinking it might fix it

    As you can see from my screen capture I had no problem problem doing a 30 frame animation with Photoshop CC 2014.  You screen capture looks strange.  Your save for web screen capture shows frame 2 almost 8MP in size and all pixels are pinkish where the color map shows colors all a single gray for the animation no variation in color are all ??? You selected  to only use 128 colors instead of the possible 256 and to do no transparency dither .  Have you tried resetting your Photoshop preferences.  I showed in my screen capture I was using CC 2014 had 30 frames in my frame animation. Showed what my Save for web looked like. Your Save For Web Capture looks very strange to me. Look at your's here then look a my screen capture. Even when I use the preset you chose GIF 128 No dither and a large image my save for web look nothing like your..

  • Need a topic for Verizon Web Site + Issues with Web site (please forward)

    Suggestion 1:  Add a topic/forum section for Verizon Web site:  If I've missed it, please let me know, but I searched the forums and could not find results for "web site," except irrelevant references.  Since I could not find one, here is. . .
    Suggestion 2:  Fix these Web site problems  (can someone in Verizon forward these to your Web team?  All attempts failed)
    On Contact us page, Customer Service link leads to a 404, not found error
    Fix faulty 'next page' link in Droid Reviews:  When going from page 2 to page 3 of reviews using the 'next' link at the bottom, the reviews change from Droid Reviews to HTC Imagio reviews.  Droid still shows at the top, but the content consistently shows that people are reviewing Imagios.
    User names like IluvImagio and imagiouser
    Features of Imagio are referenced
    Bar at top shows 2000+ reviews and image of Droid; info for review section of page shows 300+ reviews
    http://www.verizonwireless.com/b2c/productReview?action=showAllReviews&phoneId=5069&item=phoneFirst&...
    Suggestion 3:  Fix faulty link for forum registration:  When trying to register for the forum, I clicked on 'Register.' I got an error that my password and username were incorrect.  I thought I'd misclicked, but I could reproduce this.
    Cheers.

    Hello Artemis51,
    My apologies for the late reply on this one.  Great feedback!  I'll definitely add this to the list of registration issues that we're working on. 
    Thank you so much for taking the time post these issues in such detail.
    Regards,
    Kathleen
    Verizon Telecom
    Online Center of Excellence
    Notice: Content posted by Verizon employees is meant to be informational and does not supercede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.

  • I updated my mac book pro to mountain lion recently and my safari is not loading few web pages including apple sites please help me

    i updated my mac book pro to mountain lion recently and my safari is not loading few web pages including apple sites please help me

    I have this problem too but it seems pot luck and only like 5% of the time, the website will say the page is loaded but the page is just blank white...refreshing does not work and I have to go back and navigate to the page again

  • How to create authorisation object for save button please help in abap

    how to create authorisation object for save button please help in abap

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Regards
    ANJI

  • Major DNS issue with my Partner Site PLEASE HELP...

    As a a business catalyst partner my partner site is completely down and all my corporate emails have been erased.  I built a new partner site using a business catalyst template and when I uploaded the new site to my partner site there were major conflicts with the default site-wide template and the files that I am unable to erase via FTP on the partner portal so the new template never fully worked. 
    So I moved on to Plan B - which was to open a new site as a "customer" under my own business catalyst account.  Uploaded the files and the site worked, now when I tried to take my partner account domain name and transfer it to my newly created customer account I ran into a second even larger issue.  It tells me the domain name already exists (as my partner domain) - please delete all files and try again (see screen shot for details.).
    It will not allow me to erase the partner account under my partner portal as the "Delete Site" feature is not there for my partner portal (see screenshots for example).
    Please help me straighten out this mess as my business site is completely down and all my corporate emails have been completely erased. 

    I actually had the exact same problem. If you are a premium partner and rebranded unfotunately the domain name can't be moved because your customer sites are tied to that domain name.
    So the only option is to create a new domain for your site. It sucks I know, but I can see why it has to be that way.
    If you have not rebranded, then contacting support might be able to change that for you.

  • I have one of the old macbooks and wish to hook it up to my tv. do i need a mini dvi to hdmi adapter plus a 3 rca phono lead with a jack for the sound. please help as im useless at this stuff. cheers

    i have one of the old macbooks and wish to hook it up to my tv. do i need a mini dvi to hdmi adapter plus a 3 rca phono lead with a jack for the sound. please help as im useless at this stuff. cheers

    First we need to know which one of the 9 different models of MacBook you have. To see which model you have go to the Apple in the upper left corner and select About This Mac, then click on More Info (and then System Report if you’re running 10.7 Lion). When System Profiler comes up check the Model Identifier and post it back here.
    The Late 2008 model 5,1 Aluminum Unibody and the Late 2009 model 6,1 and Mid 2010 model 7,1 White Unibody have a Mini DisplayPort. The Early 2006 model 1,1 through Early 2008 model 4,1s plus the Early and Mid 2009 model 5,2s have Mini-DVI ports. Each would take a different adapter to connect with the TV.

  • Ever since the last update, My iTunes continues to quit unexpectedly. It will open for one second and then close. Anyone have a solution for this. Please help.

    Ever since the last update, My iTunes continues to quit unexpectedly. It will open for one second and then close. Anyone have a solution for this. Please help.
    I've tried my best to troubleshoot. . . opening in safe mode nothing seems to work.
    In the problem report, this is the error that stood out:
    Crashed Thread:  8  Dispatch queue: com.apple.iad.iadidmanager
    Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
    Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000090

    Hi there navicin79,
    You may find the troubleshooting steps in the articles below helpful. The first thing I would try is reinstalling iTunes as outlined in the first article.
    Troubleshooting iTunes installation on Mac OS X
    http://support.apple.com/kb/ht2311
    OS X Mavericks: If an app freezes or quits unexpectedly
    http://support.apple.com/kb/PH13975
    -Griff W. 

  • I have updated my 4S i phone with ios 8.1.2, while activating i forgot my password, i am able to sign in my apple id in pc but not not able to sign in my i phone and  message- your apple id has been disable for security reasons please help

    I have updated my 4S i phone with ios 8.1.2, while activating my iphone, i forgot my password. I am able to sign in my apple id in pc (manage my account) but not not able to sign in my i phone and  message- your apple id has been disable for security reasons please help.
    my apple id is with extension @ gmail.com but for activation it is mentioned that it is linked with extension of @me.com

    Hi ulhas1frombanihal,
    Welcome to the Support Communities!  Because your account has been disabled, you will need to contact Apple ID account security to straighten this out.
    Contact Apple for help with Apple ID account security - Apple Support
    http://support.apple.com/en-us/HT5699
    I hope this information helps ....
    - Judy

  • How to use the LAN NetStream for peer transmission, please help, write a sample code

    How to use the LAN NetStream for peer transmission, please help, write a sample code

    No reply, I reply, Oh

  • I have a ipod touch 2nd generation 8gb 4.2.1 im new to itunes i made a itunes account but it says i need a payment method is there anyway i can use my paypal if not is there a way to not have to use a payment method for itunes store please help ty

    i have a ipod touch 2nd generation 8gb 4.2.1 im new to itunes i made a itunes account but it says i need a payment method is there anyway i can use my paypal if not is there a way to not have to use a payment method for itunes store please help ty

    Create a NEW account using these instructions. Make sure you follow the instructions. Many do not and if you do not you will not get the None option. You must use an email address that you have not used with Apple before.
    Creating an iTunes Store, App Store, iBookstore, and Mac App Store account without a credit card
    Using those instructions you may also be able to select PayPal if that is allowed in your country.

  • Well, i was on my laptop now and all of a sudden a pop up message appeared and said "your download is complete" so i went to go check it out and it was 'MacProtector'. i cant delete it and it keeps opening unwanted web pages, please help me sort this out?

    Well, i was on my laptop now and all of a sudden a pop up message appeared and said "your download is complete" so i went to go check it out and it was 'MacProtector'. i cant delete it and it keeps opening unwanted web pages, please help me sort this out someone?

    Refer to:  http://cantalktech.com/2011/05/08/mac-protector/.

  • HT4623 i disconnected my iphone 4 while it was updating and now its frozen, the screen is showing a apple logo and a loading bar which has been for 9hrs now. please help

    i disconnected my iphone 4 while it was updating and now its frozen, the screen is showing a apple logo and a loading bar which has been for 9hrs now. please help

    It's not uncommon for it to not work the first time and sometimes, you have to try it a few times. Turn off your antivirus software and your firewall while you are trying to restore the iPad. Enable them again after you restore.
    If that still won't work, post back with detailed information as to what exactly does happen as you go through the process.

  • I am looking for a good development application for IOS. Please help me.Thanks.

    I am looking for a good development application for IOS. Please help me.Thanks.

    Xcode is required to submit your app to the App Store. So at some point (even if it is just to submit) you will need to use it.

Maybe you are looking for

  • Creation of materialized view from remote linked table

    Hi , I am facing problem in creating a materialized view which is based on remote link and my query is involving one equi-join.And both table contributes around 2.75 crore rows. I am trying to create two diff views(MV) but the views are taking very m

  • Help needed to report open orders from R/3 SD!

    Hello all, I need to report net open order value from SAP R/3 SD to BW. I'm using cube 0SD_C05 to report inquiry vs. quotation vs. orders. Is there any standard ods object in business content which can be used to report open orders? If not, will it b

  • Need to book & pay outward freight before Receipt of FG - Subcontracting

    Dear All, " In case of Subcontracting, we are required to pay both, Outward Freight on material sent to Party for Job Work & Inward Freight on Material received from the party. While raising PO, the Freight amount is considered to include both Inward

  • How to health check time capsule disk

    how to health check time capsule disk? when doing time machine backuping and copying files into time capsule, it would take ages and very long time.. is the disk going to die soon? is there anyway i can check the disk? my time capsule is 2TB current

  • How to restore icons

    How to restore icons purchased ones and the ones that came with ipad