Authorization scheme for display/read only conditions on item level

Similar Messages

• Generic Authorization Scheme for items?

  I have created a generic authorization scheme for our application pages, and I would like to extend that to items if possible.
  The page one was easy enough as I could identify the calling page through :APP_PAGE_ID in the authorization scheme. Unfortunately, I do not know of any built in variables that would identify a calling item on a page.
  Is there such a variable or some other way of identifying the item?
  thanks!
  John

  John,
  No, currently you cannot pass any parameters to an Authorization Scheme. I have requested that this be a new feature in a future release of APEX, as it makes all the sense in the world. It would be a lot easier to have 1 scheme that can take a parameter for 100 items vs. 100 schemes, one for each of 100 items.
  In the mean time, you'll have to default to using a condition to determine if an item should be rendered or not. The trick here is that conditions are often used for business rules (such as not showing the SAVE button when you're inserting). Thus, you'll have to account for that when creating your conditions, and thus check both.
  Hope this helps.
  Thanks,
  - Scott -
  http://spendolini.blogspot.com/
  http://sumnertechnologies.com/

• Best Approach to create Security / Authorization Schema for an APEX Apps

  Hi,
  I am planning to create a Security / Authorization Schema for an APEX Application.
  Just want to know what is the best approach to create the security feature in APEX, so that it should be re-used in other APEXApplications too..
  I am looking for following features...
  1. users LOGIN and then user's name is stored in APEX_USER...
  2. Based on the user, I want to restrict the Application on following levels.
  - TABS
  - TABS - Page1 (Report
  - Page2 (Form)
  - Page2 (Region1)
  - Page2 (Region1, Button1)
  - Page2 (Region1, Items,....)
  AND so on.....basically depending on user....he will have access to certain TABS, Pages, Regions, Buttons, Items...
  I know, we have to create the Authorization Schema for this and then attach these Authorization Schema to the different Level we want.
  My Question is, what should be the TABLE structure to capture these info for each user...where we will say...this USER will have following access...AND then we create Authorization Schema from this table...
  Also what should be the FRONT end, we should have to enter these detail...
  SO, wondering, lot of people may already have implemented this feature....so if guys can provide the BEST Approach (re-usable for other APEX Application)....that will be really nice..
  Thanks,
  Deepak

  Hi Raghu,
  thanks for the detial info.
  so that means..I should have 2 table...
  master table (2 columns - username, password)
          username    password
     user1       xxxx
     user2       xxxx2nd table (2 columns - username, chq_disp_option)
  - In this table, we don't have Y/N Flag you mentioned..
  - If we have to enter all the regions/tabs/pages in the Applications here or just those regions/tabs/pages for which are conditionally diaplayed.
  - so that means in all the Pages/Regions/tabs/items in the entire Application, we have to call the Conditionally display..
  - suppose we have 3 tabs, 5 pages, 6 regions, 15 items..that means in this table we have to enter (3+5+6+15) = 29 records for each individual users..
            username    chq_disp_option
     user1       re_region1
     user1       re_region2
     user1       tb_main
     user1       Page1
     user1       Page5
     ----        ----     - how you are defining unique name for Regions..i mean in static ID or the Title
  - is the unique name for tab & item is same as the TAB_NAME (T_HOME) & Item Name (P1_ITEM1) or you are defining somewhere else.
  Thanks,
  Deepak

• Textarea with Read Only Condition Type

  A have a textarea (database field with Varchar2(4000) with the Read Only Condition Type set to Request != Expression 1. Works fine, except that data presented as a long 1 line text (like a Displayed text) when condition meet (no vertical scrollbar).
  Am i missing some additional settings.

  the easiest way to get the read-only version of your textarea item to appear more like your read/write version is to add some style specifications into the "Read Only Element Table Cell(s) Attributes" field that's right below where you specified your read-only conditions ("Expression 1" and "Expresssion 2"). as the name suggests, values entered into that field end up in the table data tag for the cell in which your read-only content is placed. added style specifications for height and width would help you control how the text is spread across your page. you can/should also consider using background and color style attributes to color the table cell the way we're used to seeing read-only data ("grayed out"). so though my colors are way off, a string like this...
  style="width:16px;height:30px;background:#C5D5C5;color:666666;font-weight:bold;font-size:12pt"
  ...in that "Read Only Element Table Cell(s) Attributes" field would format your read-only data closer to what you're going for. at the least, it'd give you an idea for the type of control you have.
  for extremists, there's also another approach: if you want absolute and total control over the way your textarea item's data is displayed, you could display your item's data in an HTML region instead of as the item directly. for instance, you mentioned you liked that scroll bar. you could achieve the scroll bar by defining your table, the scroll bar class, and table cell in an HTML region. say we saved your textarea item's data to a hidden item called P1_MY_TEXTAREAS_DATA. i'm pretty sure this html would let you show that data in that scrollable non-updatable format you're shootin' for...
  <style type="text/css">
  .scrollarea{
  font-size: 10pt;height:250px;width:100%;text-align:left;
  background-color:#ffffff;color:black;padding:0px 0px 0px 0px;margin:0px;overflow: auto;
  float:left;}
  </style>
  <div class="scrollarea">
  <table summary="" width="100%"><tr>
  <td style="width:16px;height:300px;border:4px;margin-left:4px;margin-right:9px">
  &P1_MY_TEXTAREAS_DATA
  </td></tr></table><div>
  ...see? by defining your own table, you get the easy opportunity to wrap it in those div tags that call the scrollarea class. also note that i just referenced the content of your textarea item with that ampersand syntax (&P1_MY_TEXTAREAS_DATA). you could, of course, keep things cleaner by defining your scrollarea class in a css, but that's your call.
  hope this helps,
  raj

• Strange behavior when Popup LOVs has read-only condition and Bug Report

  Hi,
  I observed an inconsistent behavior of Popup LOVs when the read-only condition is true. In that case the defined lov query is used to map the internal value of the page item to the display value defined in the lov query.
  What is the reason for this behavior? Because if the Popup LOV is in "edit mode" the page item value is just displayed without looking up the display value. The display value is just used for the popup lov. Mapping the value is normally a behavior of the popup key lov.
  -> The result is that different values are displayed if the page item is in edit or read-only mode. That's not really the behavior someone would expect.
  BTW, there seems to be a bug with "Display Extra Values" set to "Yes" in the case read-only is true. If the lookup doesn't return a value it just displays [ ], but because the property is set to yes it should display the value. The Popup Key Lov has the same bug.
  Thanks for bringing some light into that behavior
  Patrick
  Oracle APEX Essentials: http://essentials.oracleapex.info/
  My Blog, APEX Builder Plugin, ApexLib Framework: http://www.oracleapex.info/

  Patrick,
  I've added your comments to a task already in our queue to examine all item types for correct behavior in read-only mode. I've noticed the quirks with display extra values also.
  By the way, still interested in your thoughts re: Re: Bug Report: Images broke when using get_blob_file_src and not authentic .
  Scott

• Read Only condition on RadioGroup item

  I have a RadioGroup item on my page that is conditionally set to read only (using a function in the read-only condition type). I have a process that is updating the table with the value of the radio item
  ie. update table
  set column_name = :P1_RADIO
  It seems that when the item gets set to read-only (from the condition), the page value of that item is blank, which in turn sets my DB column value to blank. Why is that? It only seems to work that way on Radiogroups that are readonly.

  Anybody know why setting a radiogroup item to read-only (thru read-only condition in properties) makes the value blank?

• Authorization scheme for users stored in a database table?

  Hello!
  I'm trying to find out how to make an authorization scheme for database users.
  I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
  A word of explanation:_
  I have a table in my database, named "USERS". Inside this table, I have the following columns:
  - USERID (NUMBER)
  - USERNAME (VARCHAR2(50))
  - PASSWORD (VARCHAR2(50))
  - EMAIL (VARCHAR2(200))
  For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
  What I want:_
  When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
  So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
  I also want the UserID to be stored somewhere in the application (if possible, in an application item).
  How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
  Any help is greatly appreciated.

  I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
  From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
  function validate_login (
     p_username   in   varchar2
  , p_password   in   varchar2) return boolean
  is
  v_result varchar2(1);
  begin
  select null into v_result
  from USERS
  where userid = p_username
  and password = p_password;
  return true;
  when no_data_found then return false;
  end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
  And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
  Rod West

• Read Only Conditions - Master Detail

  I have a page with a master detail
  i created an read only condition and the master passed to read only but the detail not...
  Why? Is not possible to put the detail component "read onyl" ?

  Hi,
  When i understand correctly you want that the form is editable when the user is an admin user
  and read only when the user is a normal user.
  You can solve this by the use of dynamic actions
  to enable and disable items of that region(s)
  do this conditional (standard user = disable and admin = enable)
  Other solution
  When making master/ detail with the wizard choose edit detail on different page
  On the edit link you can put a condition (only visible when user is ADMIN)
  Regards,
  Frank

• Read Only Condition Question

  Hello,
  I would like the fields on the screen to be Read Only when the current
  person logged on is not the person that created the Record.
  The following case works in the Read Only condition:
  NOT Exists (SQL query returns no rows)
  SELECT 'X' FROM DUAL WHERE :P90_ASSESSOR_USER_ID = :GLOBAL_USER_ID
  But this does not work:
  Value of Item in Expression 1 != Expression 2
  EXPRESSION 1: P90_ASSESSOR_USER_ID
  EXPRESSION 2: GLOBAL_USER_ID
  I've tried changing the Expression 1 & 2 fields to be prefaced with : and & and also used V('P90_ASSESSOR_USER_ID') and NV('P90_ASSESSOR_USER_ID'),
  but can't get the second way to work. Anyone know why?
  Happy Holiday Season!
  Carol

  Try
  IN EXPRESSION 1
  P90_ASSESSOR_USER_ID IN EXPRESSION 2
  :APP_USER Cheers,
  Hari

• Sales order: How to add pricing conditions at item level in BDC of VA01

  Hello Experts,
  Am writing BDC for sales order, in this process I need to add ITEM PRICING CONDITIONS, so, am selecting item and pressing the DOLLAR symbol button and am adding the conditions by pressing PLUS button in loop!! but am getting this erorr- Field KOMV-KMEIN (2) is not an input field!! when I execute it in we19-BACK GROUND only!! if I execute the same CODE IN we19-Fore ground, I dont have any issue!!  I checked this SDN (field status in config), Google, but did not helped me!
  Pls. let  me know is there any other way to add conditions at item level in VA01 in BDC code?
  THank you

  Hi,
  It is happening because the second row of the item level data screen is becoming display only. Please check whether In foreground mode you are pressing an extra enter to give data in the second row of the item level data after giving data in the first row and in BDC recording you have not recorded that 'Enter'.
  Regards,
  Gargi

• "Account Generator" you can read budget account from item level

  Dear Values Consultant.
  I am reading from oracle purchasing user guide that if you deal with "Account Generator" you can read budget account from item level
  How I can enable this functionality "account generator to gets a budget account from Item Level)
  Or it is already defaulted enable in the application
  If it is default enable, how to use this functionality, what the setup required to reach to this point
  thanks

  It is Oracle standard functionality. Account generator can be customised as per need.
  Define your Accounting Flexfield structure for each set of books.
  Define flexfield segment values and validation rules.
  Set up Oracle Workflow.
  Choose whether you want to use the default Account Generator
  processes
  Then do one of the following for each set of books:
  Choose to use the default Account Generator processes.
  Customize the default Account Generator processes, test your
  customizations, and choose the processes for a flexfield
  structure, if necessary.

• Tabular Form - Read only condition for certain users

  Is it possible to make a select list field in a tabular form read-only to certain users? Here's the situation:
  The tabular form lists the users who need to select "Approve" or "Reject" in that field (they are approving or rejecting an engineering change)
  I want all of them to see the approval/rejection of their team, but only have access to edit the select list associated with their record.
  Thanks in advance.
  Apex 4.0.0.00.46

  You could use either "authorisations" tab or "conditional display" for the relevant column attribute.
  Report Attributes->Column Attributes->authorisationsIt would be better to have some more detail about what you are trying to get (maybe a quick mock up of the form, for example) but, I can envision something along the lines of the following:
  For each approval/rejection field:
  1. Create an authorisation appropriate for access to to each approval/rejection field e.g. authorisation scheme "FOO"
  2. In the relevant fields column attributes, set the authorisation to "FOO"
  3. now create a read only "public" copy of the above field, using the "display as text (based on LOV does not save state)" - set the authorisation for this field as "{NOT FOO}"
  (if you don't want to use authorisations, you could build an equivalent using "conditional display" instead, which is basically the same thing, except column specific)
  The downside is of course that you're duplicating fields in your query, which creates a bit of redundancy. There may be better ways to achieve this (maybe you could make use of the APEX_ITEM api, for example) but this is fairly easy to set up IMO.

• Create Authorization Scheme for LDAP Groups

  I have installed APEX 4.0 in my staging environment and got the LDAPS to finally work. I can now login to the application with my LAN user name and password. The only problem is so can everyone else on the LAN. So I wanted to create an authorization scheme that would only allow a certain group or groups of LDAP users into the application rather than everyone.
  I am at the Create Authorization Scheme page and am kind of stuck. Has anyone done this before and can share some SQL or knowledge?

  hi larosejh
  If you want to do that you must write your own procedures using the dbms_ldap package. I found some code a while back that searches the LDAP. Maybe you can use this to create a function for your authentication.
  DECLARE
  retval PLS_INTEGER;
  my_session DBMS_LDAP.session;
  my_attrs DBMS_LDAP.string_collection;
  my_message DBMS_LDAP.message;
  my_entry DBMS_LDAP.message;
  entry_index PLS_INTEGER;
  my_dn VARCHAR2(256);
  my_attr_name VARCHAR2(256);
  my_ber_elmt DBMS_LDAP.ber_element;
  attr_index PLS_INTEGER;
  i PLS_INTEGER;
  my_vals      DBMS_LDAP.STRING_COLLECTION ;
  ldap_host VARCHAR2(256);
  ldap_port VARCHAR2(256);
  ldap_user VARCHAR2(256);
  ldap_passwd VARCHAR2(256);
  ldap_base VARCHAR2(256);
  BEGIN
  retval := -1;
  -- Please customize the following variables as needed
  ldap_host := 'host';
  ldap_port := '389';
  -- In case of update/insert/delete need change ldap_user to other.
       -- ldap_user := 'cn=orcladmin';
       -- ldap_passwd:= 'welcome';
  -- set User and password to NULL for anonymous user.
  ldap_user := 'user';
  ldap_passwd:= 'password';
  ldap_base := 'CN=Users,DC=ee,DC=intern';
  -- end of customizable settings
  -- Start output Header--
  DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
  DBMS_OUTPUT.PUT('> DBMS_LDAP Search Example ');
  DBMS_OUTPUT.PUT_LINE('');
  DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Host ',25,' ') || ': ' || ldap_host);
  DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Port ',25,' ') || ': ' || ldap_port);
  -- Choosing exceptions to be raised by DBMS_LDAP library.
  DBMS_LDAP.USE_EXCEPTION := TRUE;
  my_session := DBMS_LDAP.init(ldap_host,ldap_port);
  DBMS_OUTPUT.PUT_LINE (RPAD('> Ldap session ',25,' ') || ': ' ||
  RAWTOHEX(SUBSTR(my_session,1,8)) ||
  '(returned from init)');
  -- bind to the directory
  retval := DBMS_LDAP.simple_bind_s(my_session,
  ldap_user, ldap_passwd);
  DBMS_OUTPUT.PUT_LINE(RPAD('> simple_bind_s Returns ',25,' ') || ': '
  || TO_CHAR(retval));
  -- issue the search
  my_attrs(1) := 'dn'; -- retrieve all attributes
  retval := DBMS_LDAP.search_s(my_session, ldap_base,
  DBMS_LDAP.SCOPE_SUBTREE,
  'objectclass=*',
  my_attrs,
  0,
  my_message);
  DBMS_OUTPUT.PUT_LINE(RPAD('> search_s Returns ',25,' ') || ': '
  || TO_CHAR(retval));
  DBMS_OUTPUT.PUT_LINE (RPAD('> LDAP message ',25,' ') || ': ' ||
  RAWTOHEX(SUBSTR(my_message,1,8)) ||
  '(returned from search_s)');
  -- count the number of entries returned
  retval := DBMS_LDAP.count_entries(my_session, my_message);
  DBMS_OUTPUT.PUT_LINE(RPAD('> Number of Entries ',25,' ') || ': '
  || TO_CHAR(retval));
  DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
  -- End output Heading --
  -- get the first entry
  my_entry := DBMS_LDAP.first_entry(my_session, my_message);
  entry_index := 1;
  -- Loop through each of the entries one by one
  while my_entry IS NOT NULL loop
  -- print the current entry
  my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
  -- DBMS_OUTPUT.PUT_LINE (' entry #' || TO_CHAR(entry_index) ||
  -- ' entry ptr: ' || RAWTOHEX(SUBSTR(my_entry,1,8)));
  DBMS_OUTPUT.PUT_LINE (' dn: ' || my_dn);
  my_attr_name := DBMS_LDAP.first_attribute(my_session,my_entry,
  my_ber_elmt);
  attr_index := 1;
  while my_attr_name IS NOT NULL loop
  my_vals := DBMS_LDAP.get_values (my_session, my_entry,
  my_attr_name);
  if my_vals.COUNT > 0 then
  FOR i in my_vals.FIRST..my_vals.LAST loop
  DBMS_OUTPUT.PUT_LINE(' ' || my_attr_name || ' : ' ||
  SUBSTR(my_vals(i),1,200));
  end loop;
  end if;
  my_attr_name := DBMS_LDAP.next_attribute(my_session,my_entry,
  my_ber_elmt);
  attr_index := attr_index+1;
  end loop;
  my_entry := DBMS_LDAP.next_entry(my_session, my_entry);
  DBMS_OUTPUT.PUT_LINE(' --------------------------------------------------- ');
  entry_index := entry_index+1;
  end loop;
  -- unbind from the directory
  retval := DBMS_LDAP.unbind_s(my_session);
  DBMS_OUTPUT.PUT_LINE(RPAD('unbind_res Returns ',25,' ') || ': ' ||
  TO_CHAR(retval));
  -- Start Output Footer --
  DBMS_OUTPUT.PUT_LINE('Directory operation Successful .. exiting');
  -- Start Output Footer --
  -- Handle Exceptions
  EXCEPTION
  WHEN OTHERS THEN
  DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
  DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
  DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
  END;
  /

• Form personalization for a read only responsibility for a custom form

  Hi,
  I have a read only responsibility. My requirement is to make a custom form updatable through this responsibility but wth a condition that only the specific custom form should be updatable and rest all other form accessed through read only responsibility be read only. How can i achieve this using form personalization?
  Pls give me detailed steps if possible.
  Thanks

  I tried override Query Only values through Forms Personalization but it did not work for me. With a bit of determination I might have been able to work around it but no luck on that front.
  You can do it this way, although it's a bit cumbersome:
  1. Clone every function and menu in the Responsibility
  2. In all but your custom function set the Function parameter QUERY_ONLY=YES

• Display read only field in table / form from another vo

  i came across couple of scenarios where i had to bring a field in a table / from from other vo than on which most fields in table / form were based. in all cases i had to display the field from another vo as read only and there was only one record in other vo which was related to previous vo in table / form. for this i created a view accessor and created a soc with model driven lov. the problem with this is that first element alwasy shows blank in soc. how can i display the filled soc with first element populated and read only in this scenario. i tried alternatively with groovy expressions but other people in team said it is not good practice to use groovy expressions to fill fields in one VO from other VO. how can i acheive this requirement with soc component / lov / view accessors. is there any other alternative as well. jdev 11 1 1 5

  1) in the attribute of the VO select the 'List of values' node and edit the list attribute you see there; in the dialog select the UI Hints tad and make sure the checkmark for the 'Include "no Selection Item' is off.
  2) you can base a VO on to EO which are then joined via one or more attributes (association)
  Timo