Authorization scheme for link

this is my problem
i have a repor that has a link in a form.
i want that the user can see the link only if one field have a specific value.
example.
my report
select "SCRIPT_ID", (this is a link)
"SCHEMA_VERSION_ID_VER04",
"DESCRIPTION",
"ORA_FILE"
from mytable
i want that the link in a raw is visible only if length(ora_file<32000) how can i do?

Something like:
select case when length(ora_file) < 32000 then [anchor] else null end case from mytable...
Scott

Similar Messages

  • Authorization scheme for users stored in a database table?

    Hello!
    I'm trying to find out how to make an authorization scheme for database users.
    I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
    A word of explanation:_
    I have a table in my database, named "USERS". Inside this table, I have the following columns:
    - USERID (NUMBER)
    - USERNAME (VARCHAR2(50))
    - PASSWORD (VARCHAR2(50))
    - EMAIL (VARCHAR2(200))
    For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
    What I want:_
    When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
    So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
    I also want the UserID to be stored somewhere in the application (if possible, in an application item).
    How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
    Any help is greatly appreciated.

    I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
    From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
    function validate_login (
       p_username   in   varchar2
    , p_password   in   varchar2) return boolean
    is
    v_result varchar2(1);
    begin
    select null into v_result
    from USERS
    where userid = p_username
    and password = p_password;
    return true;
    when no_data_found then return false;
    end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
    And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
    Rod West

  • Generic Authorization Scheme for items?

    I have created a generic authorization scheme for our application pages, and I would like to extend that to items if possible.
    The page one was easy enough as I could identify the calling page through :APP_PAGE_ID in the authorization scheme. Unfortunately, I do not know of any built in variables that would identify a calling item on a page.
    Is there such a variable or some other way of identifying the item?
    thanks!
    John

    John,
    No, currently you cannot pass any parameters to an Authorization Scheme. I have requested that this be a new feature in a future release of APEX, as it makes all the sense in the world. It would be a lot easier to have 1 scheme that can take a parameter for 100 items vs. 100 schemes, one for each of 100 items.
    In the mean time, you'll have to default to using a condition to determine if an item should be rendered or not. The trick here is that conditions are often used for business rules (such as not showing the SAVE button when you're inserting). Thus, you'll have to account for that when creating your conditions, and thus check both.
    Hope this helps.
    Thanks,
    - Scott -
    http://spendolini.blogspot.com/
    http://sumnertechnologies.com/

  • Best Approach to create Security / Authorization Schema for an APEX Apps

    Hi,
    I am planning to create a Security / Authorization Schema for an APEX Application.
    Just want to know what is the best approach to create the security feature in APEX, so that it should be re-used in other APEXApplications too..
    I am looking for following features...
    1. users LOGIN and then user's name is stored in APEX_USER...
    2. Based on the user, I want to restrict the Application on following levels.
    - TABS
    - TABS - Page1 (Report
    - Page2 (Form)
    - Page2 (Region1)
    - Page2 (Region1, Button1)
    - Page2 (Region1, Items,....)
    AND so on.....basically depending on user....he will have access to certain TABS, Pages, Regions, Buttons, Items...
    I know, we have to create the Authorization Schema for this and then attach these Authorization Schema to the different Level we want.
    My Question is, what should be the TABLE structure to capture these info for each user...where we will say...this USER will have following access...AND then we create Authorization Schema from this table...
    Also what should be the FRONT end, we should have to enter these detail...
    SO, wondering, lot of people may already have implemented this feature....so if guys can provide the BEST Approach (re-usable for other APEX Application)....that will be really nice..
    Thanks,
    Deepak

    Hi Raghu,
    thanks for the detial info.
    so that means..I should have 2 table...
    master table (2 columns - username, password)
            username    password
       user1       xxxx
       user2       xxxx2nd table (2 columns - username, chq_disp_option)
    - In this table, we don't have Y/N Flag you mentioned..
    - If we have to enter all the regions/tabs/pages in the Applications here or just those regions/tabs/pages for which are conditionally diaplayed.
    - so that means in all the Pages/Regions/tabs/items in the entire Application, we have to call the Conditionally display..
    - suppose we have 3 tabs, 5 pages, 6 regions, 15 items..that means in this table we have to enter (3+5+6+15) = 29 records for each individual users..
              username    chq_disp_option
       user1       re_region1
       user1       re_region2
       user1       tb_main
       user1       Page1
       user1       Page5
       ----        ----     - how you are defining unique name for Regions..i mean in static ID or the Title
    - is the unique name for tab & item is same as the TAB_NAME (T_HOME) & Item Name (P1_ITEM1) or you are defining somewhere else.
    Thanks,
    Deepak

  • Authorization scheme for display/read only conditions on item level

    Hi All,
    I have question. I want to use an authorization scheme to manage if users with a certain role have the permission to either update an item or have the persmission to only see the item or that they don't have permission to see it at all.
    So, the input for the scheme would be: 1. user role 2. the current page 3. the current item.
    The output would be: 0 (update) 1 (read only) 2 (not displayed).
    I think I can manage that.
    And I can attach this schema to the items.
    So far so good.
    But how can I make it so that the 0,1 and the 2 will actually do what they need to do?
    I have been thinking about making a function like GET_AUTHORISATON(ROLE,PAGE,ITEM) output: 0,1,2 but I still can't figure out how to connect this with the functionality I want to achieve.
    Can somebody give me a hint?
    Andre

    Thanks Hari,
    Thanks, it works, almost, but what if items are mandatory on a page, but not always mandatory?
    If a user has a certain role, some fields are manadatory, otherwise not.
    Again, a function would do the trick as far as the input and output information
    something like IS_MANDATORY(USER_ROLE, CURRENT_PAGE, CURRENT_ITEM) but how can I make it work?
    I guess a PL/SQL validation like:
    IF IS_MANDATORY(USER_ROLE, CURRENT_PAGE, CURRENT_ITEM) THEN ITEM IS NOT NULL
    END IF;
    Andre
    PS: personally I think item level security is not something you wish to implement in your system. I prefer different screens for different roles.
    Far more straightforeward. Easy for maintenance. When something disfunctions, it's far more easy to pinpoint the location of the cause.

  • Create Authorization Scheme for LDAP Groups

    I have installed APEX 4.0 in my staging environment and got the LDAPS to finally work. I can now login to the application with my LAN user name and password. The only problem is so can everyone else on the LAN. So I wanted to create an authorization scheme that would only allow a certain group or groups of LDAP users into the application rather than everyone.
    I am at the Create Authorization Scheme page and am kind of stuck. Has anyone done this before and can share some SQL or knowledge?

    hi larosejh
    If you want to do that you must write your own procedures using the dbms_ldap package. I found some code a while back that searches the LDAP. Maybe you can use this to create a function for your authentication.
    DECLARE
    retval PLS_INTEGER;
    my_session DBMS_LDAP.session;
    my_attrs DBMS_LDAP.string_collection;
    my_message DBMS_LDAP.message;
    my_entry DBMS_LDAP.message;
    entry_index PLS_INTEGER;
    my_dn VARCHAR2(256);
    my_attr_name VARCHAR2(256);
    my_ber_elmt DBMS_LDAP.ber_element;
    attr_index PLS_INTEGER;
    i PLS_INTEGER;
    my_vals      DBMS_LDAP.STRING_COLLECTION ;
    ldap_host VARCHAR2(256);
    ldap_port VARCHAR2(256);
    ldap_user VARCHAR2(256);
    ldap_passwd VARCHAR2(256);
    ldap_base VARCHAR2(256);
    BEGIN
    retval := -1;
    -- Please customize the following variables as needed
    ldap_host := 'host';
    ldap_port := '389';
    -- In case of update/insert/delete need change ldap_user to other.
         -- ldap_user := 'cn=orcladmin';
         -- ldap_passwd:= 'welcome';
    -- set User and password to NULL for anonymous user.
    ldap_user := 'user';
    ldap_passwd:= 'password';
    ldap_base := 'CN=Users,DC=ee,DC=intern';
    -- end of customizable settings
    -- Start output Header--
    DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
    DBMS_OUTPUT.PUT('> DBMS_LDAP Search Example ');
    DBMS_OUTPUT.PUT_LINE('');
    DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Host ',25,' ') || ': ' || ldap_host);
    DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Port ',25,' ') || ': ' || ldap_port);
    -- Choosing exceptions to be raised by DBMS_LDAP library.
    DBMS_LDAP.USE_EXCEPTION := TRUE;
    my_session := DBMS_LDAP.init(ldap_host,ldap_port);
    DBMS_OUTPUT.PUT_LINE (RPAD('> Ldap session ',25,' ') || ': ' ||
    RAWTOHEX(SUBSTR(my_session,1,8)) ||
    '(returned from init)');
    -- bind to the directory
    retval := DBMS_LDAP.simple_bind_s(my_session,
    ldap_user, ldap_passwd);
    DBMS_OUTPUT.PUT_LINE(RPAD('> simple_bind_s Returns ',25,' ') || ': '
    || TO_CHAR(retval));
    -- issue the search
    my_attrs(1) := 'dn'; -- retrieve all attributes
    retval := DBMS_LDAP.search_s(my_session, ldap_base,
    DBMS_LDAP.SCOPE_SUBTREE,
    'objectclass=*',
    my_attrs,
    0,
    my_message);
    DBMS_OUTPUT.PUT_LINE(RPAD('> search_s Returns ',25,' ') || ': '
    || TO_CHAR(retval));
    DBMS_OUTPUT.PUT_LINE (RPAD('> LDAP message ',25,' ') || ': ' ||
    RAWTOHEX(SUBSTR(my_message,1,8)) ||
    '(returned from search_s)');
    -- count the number of entries returned
    retval := DBMS_LDAP.count_entries(my_session, my_message);
    DBMS_OUTPUT.PUT_LINE(RPAD('> Number of Entries ',25,' ') || ': '
    || TO_CHAR(retval));
    DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
    -- End output Heading --
    -- get the first entry
    my_entry := DBMS_LDAP.first_entry(my_session, my_message);
    entry_index := 1;
    -- Loop through each of the entries one by one
    while my_entry IS NOT NULL loop
    -- print the current entry
    my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
    -- DBMS_OUTPUT.PUT_LINE (' entry #' || TO_CHAR(entry_index) ||
    -- ' entry ptr: ' || RAWTOHEX(SUBSTR(my_entry,1,8)));
    DBMS_OUTPUT.PUT_LINE (' dn: ' || my_dn);
    my_attr_name := DBMS_LDAP.first_attribute(my_session,my_entry,
    my_ber_elmt);
    attr_index := 1;
    while my_attr_name IS NOT NULL loop
    my_vals := DBMS_LDAP.get_values (my_session, my_entry,
    my_attr_name);
    if my_vals.COUNT > 0 then
    FOR i in my_vals.FIRST..my_vals.LAST loop
    DBMS_OUTPUT.PUT_LINE(' ' || my_attr_name || ' : ' ||
    SUBSTR(my_vals(i),1,200));
    end loop;
    end if;
    my_attr_name := DBMS_LDAP.next_attribute(my_session,my_entry,
    my_ber_elmt);
    attr_index := attr_index+1;
    end loop;
    my_entry := DBMS_LDAP.next_entry(my_session, my_entry);
    DBMS_OUTPUT.PUT_LINE(' --------------------------------------------------- ');
    entry_index := entry_index+1;
    end loop;
    -- unbind from the directory
    retval := DBMS_LDAP.unbind_s(my_session);
    DBMS_OUTPUT.PUT_LINE(RPAD('unbind_res Returns ',25,' ') || ': ' ||
    TO_CHAR(retval));
    -- Start Output Footer --
    DBMS_OUTPUT.PUT_LINE('Directory operation Successful .. exiting');
    -- Start Output Footer --
    -- Handle Exceptions
    EXCEPTION
    WHEN OTHERS THEN
    DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
    DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
    DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
    END;
    /

  • Authorization Scheme for Application - Login Page?

    Hi,
    When I set an Authorization Scheme at Application level, HTML DB prevents access to my login page. Is there a way around this?
    Thanks,
    Stephen Baishya

    If you follow the above route you have to run the check on each page view.
    If you leave as per session the first time you run the authorisation check on the login page it returns true and the user will be allowed onto the application!
    I'm looking for an alternative way to run the authZ check after the authN check passes the credentials to validate the user access right to the app. I'll post my findings later ...
    cheers
    Craig

  • Authorization check for links on a page

    We are trying to control whether links on a JSP page are displayed or hidden based on an authorization check.
    We've already got the checks working on individual pages but not for the links within a page, because the security framework does not list links as their own Resource.
    Is there a way to call the Authorization security provider ourselves, for each link on our JSPs? This call would be outside of the initial security check for the main JSP.

    It's not going to be easy without DOM. Parsing HTML is a real pain, since there's all kinds of optional tags and quotation marks (pre-XHTML, that is). That makes any kind of ad-hoc parsing using regular expressions difficult, and less accurate than pulling the entire file into a DOM representation.
    Why don't you want to use DOM? Are you just making up silly requirements?
    EDIT:
    I guess you could use an event-based HTML parser (HTML::Parser in Perl works this way. Is there a Java equivalent?) Set up an event for IMG and A start tags, and extract the href/src attributes there. Finding out if they are valid or not will require either:
    1) Simply validate that the URL is well-formed by creating a URL object from it. This won't tell you if the link is active or not
    2) Validate the URL by connecting to it with an URLConnection. However, the URL will be marked invalid if the server is down or the URL is otherwise unavailable.
    Brian
    Message was edited by:
    [email protected]

  • Current Item for Authorization Scheme

    I would like to write a generic PL/SQL authorization scheme for each page item (including buttons). I can pass the user, the app and the page through substitution strings but I cannot seem to find how the pass the item for which the authorization scheme is being evaluated. Is there an undocumented string like APP_ITEM_ID or a way to access it through the globals in the WWV_FLOW package? If not, can this be an enhancement as I'm sure it could be useful for others as well?
    I realize I can accomplish this through the Conditional Display properties but my preference is to do it through the Authorization Scheme as this would allow for Conditional Display based on other criteria.

    Thanks for the quick reply. I can work around it.
    In spite of a few items such as this, I have become an evangelist for HTML DB. Great job!! Please pass on my appreciation to the others involved in its development and support.

  • Authorization Scheme problem using query

    Greetings:
    I have an application with 4 different roles in my application. Depending on the user role, the access to different pages within the application are filtered. We have 4 group types: admin, general, transactional and read_only; each, with descending levels of authorization.
    The application utilizes a two-level tab navigation system in which I hide the tabs that the users are not supposed to see, depending on the level of authorization that they have. I have implemented three authorization schemes for three different types of access depending on the pages within my application. The only page without any auhorization is the login page.
    The three created authorization schemes are as follows.
    My first scheme (set as scheme type: exists SQL Query):
    Select APP_USER_NAME, APP_GROUP_TYPE from APP_USERS
    where
    APP_USER_NAME = :APP_USER
    AND
    APP_GROUP_TYPE != 'READ_ONLY'
    This one is supposed to negate access to the READ_ONLY group, but allow access to all other groups.
    My Second scheme (set as scheme type: exists SQL Query):
    Select APP_USER_NAME, APP_GROUP_TYPE from APP_USERS
    where
    APP_USER_NAME = :APP_USER
    AND
    (APP_GROUP_TYPE != 'READ_ONLY'
    and
    APP_GROUP_TYPE != 'transactional')
    The second one, I have added the transactional group as to be explicitly negated access.
    My Third scheme
    Select APP_USER_NAME, APP_GROUP_TYPE from APP_USERS
    where
    APP_USER_NAME = :APP_USER
    AND
    (APP_GROUP_TYPE != 'READ_ONLY'
    AND
    APP_GROUP_TYPE != 'transactional'
    AND
    APP_GROUP_TYPE != 'general')
    the last one, I have added the general group as to be explicitly negated access.
    I am thinking that, logically, this would work, but the pages do not display properly. I am always getting the failed authorization page, even with my admin user. Is there something wrong with my methodology? Should I be white-listing instead of black-listing in my queries? Thanks for your support.

    I appreciate your help Jeff, you helped me a great deal, but not in the way you may think. In your link, there was a post that offered a solution with a simple query. There was one person that posted a query using (upper) to bring the username to uppercase so it can be properly compared to :APP_USER. Yes, the users were entered as lowercase, the logic was ok. I changed the query logic to a white list as to avoid possible users that may be able to authenticate into the application without a proper group configured.
    Thanks for your support. Maybe this can help someone on the forums out.

  • Authorization Scheme -- Best Practices?

    Hi All --
    We have a reporting application containing approximately 300 pages and 60 or so menu items all using authorization schemes (exists SQL method) as a means to determine whether or not a use can see the menu items and/or access the pages. We've been seeing an issue where a user logging into the application experiences poor performance upon login and have traced it to our access checks and the number of "exists" queries run when a user logs in and before our menu is displayed.
    What would be considered best practice in a case such as this? Does anyone have any ideas on how to increase the performance on these authorizaton checks?
    Thanks,
    Leigh Johnson
    Fastenal Company

    Leigh - No, the asktom post Joel referred to is posted above: http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:62048567543425
    We just want to know if this post if from you folks or not.
    About the authorization schemes for each page, I would think that whatever scheme you code to authorize a link to a page, e.g., on a menu, would be the same scheme you'd want to attach to the page itself.
    So the authorization has to take place first at the point you render (or suppress) a link to a page and again at the point the page is requested (the latter being necessary because a user can bypass the menu links and try to access pages directly by entering the page ID in the URL.
    So again, if you have X links on the menu page, each requiring a distinct query for authorization, you'll have to pay the price to do all that authorization once per session because of the design of the menu page. More precisely, the authorization scheme code, e.g., their EXISTS queries, have to be executed once per session per resource access attempted. For performance purposes, the results of these checks are cached for the duration of the session (because you set them up to be evaluated once per session and not on every page view).
    One thing that might help you is region caching (or page caching) for the menu. You'd use the Cache By User option, of course. Then if the same named user logged in and out numerous times during the "cache valid" period, which is adjustable, the user would see the cached menu "instantly". Authorization checks will not have been performed during these page requests however, so you'd want to be sure that it makes sense to present cached versions of these links. However, the corresponding authorization schemes that you'd attach to the pages themselves would be evaluated when the user clicked on a "cached" link, so you'll get the protection you need, ultimately.
    Scott

  • Authorization Scheme - Getting handle on which object is calling the scheme

    Hi
    I'm currently trying to write a custom authorization scheme using a plsql returning boolean. What I'm wondering is whether there is a way to reference the application object (e.g. page, region, page item, button etc) that has triggered the authorization plsql to run.
    What I'm ultimately wanting to do is to create a generic authorization scheme that can be applied to any object, and that auth scheme will look up a database table containing what users can access what object. I can only do this if I know at run-time which object the plsql is currently checking authorization for. (I can get the user from :APP_USER.
    For example I have an authorization scheme "test_scheme". I have applied test_scheme to the button "CREATE" on page 1. This button has a button_id which I can find from APEX_APPLICATION_PAGE_BUTTONS view.
    During page rendering the buttons authorization scheme will be checked (and so the plsql returning boolean will be triggered). When the plsql is triggered I want to reference the fact that the CREATE button on page 1 (or better the button_id) has triggered the plsql, from within the plsql itself.
    I hope this makes sense.
    Many thanks in advance.

    Hi Scott,
    Looks like there are a few others out there encountering the limiatations of authorization schemes.
    Hopefully there will be an enhancement at some point to enable referencing the component id which has triggered the authorization scheme to run.
    Until then I will go down the route of creating an authorization scheme for each component that needs one.
    Many thanks for pointing me to that discussion.
    Jimbo

  • Implement an authorization scheme using to check users

    Hello,
    I want to implement an authorization scheme for my application in which i want to
    give access to only threee users to view my application. Can anyone help me what would be my pl/sql expression.
    something like :APP_USER in ('R123',Y7654','TY7890')
    can anyone help me with what type of scheme I need to create??
    thanks,
    orton

    Hi,
    I have exactly similar application for my organisation with SSO organisation, but the application need to be accessed only by my TEAM members
    What is did is i created a user table.. that will hold the user detail like email id , etc..
    after that i went to shared component -> Security -> authorization scheme
    Clicked on create button to create new authorization scheme..
    Selected From scratch option .
    Give a name to the authorization scheme.. i named is as VALID USERS
    Scheme type - select Exits SQL Query
    then in expression 1 i entered
    select * from user_table where upper(user_email_id) = upper(:APP_USER)
    and in error message enter ...Unauthorized USER.
    Regards,
    Shijesh

  • Authorization scheme issues

    Hi I'm using custom authenitication scheme sso with ntlm_page_sentry function.
    I've an authorization scheme 'Admin control" like this :
    declare
    v_role varchar2(55);
    begin
    select role into v_role from user_roles where lower(userid) = lower(:APP_USER);
    if v_role = 'ADMIN' then
    return true;
    else
    return false;
    end if;
    exception
    when NO_DATA_FOUND then return false;
    end;
    In a login page(page:101) :I've a process like this with process point as onload before header:
    declare
    v_role varchar2(55);
    v_nextpage number;
    begin
    select upper(role) into v_role from sales_inq.user_roles where lower(userid) = lower(:APP_USER);
    case v_role
    when 'ADMIN' then v_nextpage := 9;
    when 'EDIT' then v_nextpage := 1;
    when 'VIEW' then v_nextpage := 2;
    end case;
    owa_util.redirect_url('f?p=' || :APP_ID || ':' || v_nextpage);
    exception
    when NO_DATA_FOUND then
    owa_util.redirect_url('f?p=' || :APP_ID || ':101');
    end;
    I've assigned "admin control" authorization scheme to page9 and changed authentication to "page requires authentication"
    After loginto my system through networkid which is assigned to ADMIN role when I run login page(101) I'm unable to access page 9.Can't I test this in standalone mode in dev instance?For ex:my userid is in user_role table with a role of admin why I can't see that page?
    Thanks,
    Mahender.
    Edited by: user518071 on Oct 8, 2009 12:44 PM

    Hi Scott,
    How does the login page get invoked?
    I'm trying to implement this authorization scheme for the first time for this UI.
    Previous scenario:User needs to login so login page will be displayed automatically
    Current scenario:User comes to login screen which is a dummy page without any items or regions and I've created process (on load before header process code mentioned above)which will check the network user's role and branch to corresponding page
    Why is there a login page if you have an sso facility?
    There is no login page as such but it's common intermediary page for all users which is not displayed but automatically directed to their corresponding page based on the process (on load before header process code mentioned above)
    Is there a login page designated as the Session Not Valid Page in the authentication scheme?
    No
    or let me know how we can do this ?
    I've three roles for users :admin,edit,view and it's stored in user_roles table,user with role view can access only his page and user with edit can access all view pages as well as his pages,admin can access all pages.Then next issue is how to test this without using active directory in dev instance by adding security to corresponding pages(ex:admin control,page requires authentication)
    Thanks,
    Mahender.

  • Authorization schemes & verifing roles

    Hi,
    I'm having a hard time understanding how to use authorization schemes. My users log in as Oracle users. Each user is assigned to a role (with specific privileges granted to each type of role). I found that the privileges were not being enforced in the application according to the roles assigned to each user. From what I understand, this is because the SQL is being parsed according to the schema owner, not the individual user. So let's say for example I want to have a Create button only appear on a page if the user is assigned to role A or role B. Do I need to use an authorization scheme for this, or do I perform a query to determine the type of role the user is assigned to, and based on the result, conditionally show the button? I know there are lots of postings on authorization schemes in this forum (and I have read the Help manual), but I still do not understand how to get this working. Thank you.

    ....later same day...<br><br>
    I've been reading/researching all day and it seems like I need to either a) make a table that defines user/role or b) query the database for the role assigned to this user (which I would have to do in choice a also) and then assign it as an application item. I tried option b, by creating an item on page 1 in my application, using this query: <br><br><b>
    SELECT granted_role
    FROM dba_role_privs
    WHERE grantee = :APP_USER;
    <br><br></b>
    But I am getting this Oracle error message:<b><br>
    ORA-00942: table or view does not exist<br>
    Error ERR-1019 Error computing item default value: page=1 name=P1_ROLE.</b>
    <br><br>
    How can I query the dba_role_privs table from within Application Express?
    Do I need to GRANT SELECT priviliges to the schema owner to access this table?

Maybe you are looking for