Create Authorization Scheme for LDAP Groups

Similar Messages

• Best Approach to create Security / Authorization Schema for an APEX Apps

  Hi,
  I am planning to create a Security / Authorization Schema for an APEX Application.
  Just want to know what is the best approach to create the security feature in APEX, so that it should be re-used in other APEXApplications too..
  I am looking for following features...
  1. users LOGIN and then user's name is stored in APEX_USER...
  2. Based on the user, I want to restrict the Application on following levels.
  - TABS
  - TABS - Page1 (Report
  - Page2 (Form)
  - Page2 (Region1)
  - Page2 (Region1, Button1)
  - Page2 (Region1, Items,....)
  AND so on.....basically depending on user....he will have access to certain TABS, Pages, Regions, Buttons, Items...
  I know, we have to create the Authorization Schema for this and then attach these Authorization Schema to the different Level we want.
  My Question is, what should be the TABLE structure to capture these info for each user...where we will say...this USER will have following access...AND then we create Authorization Schema from this table...
  Also what should be the FRONT end, we should have to enter these detail...
  SO, wondering, lot of people may already have implemented this feature....so if guys can provide the BEST Approach (re-usable for other APEX Application)....that will be really nice..
  Thanks,
  Deepak

  Hi Raghu,
  thanks for the detial info.
  so that means..I should have 2 table...
  master table (2 columns - username, password)
          username    password
     user1       xxxx
     user2       xxxx2nd table (2 columns - username, chq_disp_option)
  - In this table, we don't have Y/N Flag you mentioned..
  - If we have to enter all the regions/tabs/pages in the Applications here or just those regions/tabs/pages for which are conditionally diaplayed.
  - so that means in all the Pages/Regions/tabs/items in the entire Application, we have to call the Conditionally display..
  - suppose we have 3 tabs, 5 pages, 6 regions, 15 items..that means in this table we have to enter (3+5+6+15) = 29 records for each individual users..
            username    chq_disp_option
     user1       re_region1
     user1       re_region2
     user1       tb_main
     user1       Page1
     user1       Page5
     ----        ----     - how you are defining unique name for Regions..i mean in static ID or the Title
  - is the unique name for tab & item is same as the TAB_NAME (T_HOME) & Item Name (P1_ITEM1) or you are defining somewhere else.
  Thanks,
  Deepak

• Authorization scheme for users stored in a database table?

  Hello!
  I'm trying to find out how to make an authorization scheme for database users.
  I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
  A word of explanation:_
  I have a table in my database, named "USERS". Inside this table, I have the following columns:
  - USERID (NUMBER)
  - USERNAME (VARCHAR2(50))
  - PASSWORD (VARCHAR2(50))
  - EMAIL (VARCHAR2(200))
  For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
  What I want:_
  When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
  So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
  I also want the UserID to be stored somewhere in the application (if possible, in an application item).
  How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
  Any help is greatly appreciated.

  I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
  From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
  function validate_login (
     p_username   in   varchar2
  , p_password   in   varchar2) return boolean
  is
  v_result varchar2(1);
  begin
  select null into v_result
  from USERS
  where userid = p_username
  and password = p_password;
  return true;
  when no_data_found then return false;
  end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
  And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
  Rod West

• Generic Authorization Scheme for items?

  I have created a generic authorization scheme for our application pages, and I would like to extend that to items if possible.
  The page one was easy enough as I could identify the calling page through :APP_PAGE_ID in the authorization scheme. Unfortunately, I do not know of any built in variables that would identify a calling item on a page.
  Is there such a variable or some other way of identifying the item?
  thanks!
  John

  John,
  No, currently you cannot pass any parameters to an Authorization Scheme. I have requested that this be a new feature in a future release of APEX, as it makes all the sense in the world. It would be a lot easier to have 1 scheme that can take a parameter for 100 items vs. 100 schemes, one for each of 100 items.
  In the mean time, you'll have to default to using a condition to determine if an item should be rendered or not. The trick here is that conditions are often used for business rules (such as not showing the SAVE button when you're inserting). Thus, you'll have to account for that when creating your conditions, and thus check both.
  Hope this helps.
  Thanks,
  - Scott -
  http://spendolini.blogspot.com/
  http://sumnertechnologies.com/

• How to create authorization role for just displaying query prefix Q and X.

  Hi Expert,
  I hope someone can help me on how to create authorization role for just displaying and executing  BEX  Queries prefix Q and X. I'm currently using SAP BI 7.1.
  Actually, I already created one role called : Z_FORINDO_ONLYDISPLAY_QX
  where I only put in the Authorization Component (in the Role Maintenance - Tcode 'pfcg'):
  -->Manually Business Information Warehouse
      --> Manually Business Explorer - Components
  Activity : Display, Execute, Enter, Include, Assign
  InfoArea : *
  InfoCube : *
  Name(ID) of a reporting component : *
  Type of a reporting component : Calculated key figure, Restricted key figure, Template structure
      --> Manually Business Explorer - Components
  Activity : Display, Execute
  InfoArea : *
  InfoCube : *
  Name(ID) of a reporting component : Q* , X*
  Type of a reporting component : Query
  But, the problem is I still can make changes on that queries (Q* and X*). Even, I still can run query with prefix Z. I use S_RS_RREPU Tamplete for Query Display and execution.
  Please assist. Very much appreciate your help. Thanks.
  Edited by: nadiyah salleh on Mar 18, 2008 11:22 AM

  Question close. This issue has been resolved.

• How to create Users/Roles for ldap in weblogic without using admin console

  Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
  or is there any ant script for creating USers/Roles?
  Regards,
  Raghu.
  Edited by: user9942600 on Jul 2, 2009 1:00 AM
  Edited by: user9942600 on Jul 2, 2009 1:58 AM

  Hi..
  You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
  .e.g. wlst create user
  ..after connecting to admin server
  serverConfig()
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
  cmo.createUser("userName","Password","UserDesc")
  ..for adding/configuring a role
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
  cmo.createRole('','roleName', 'userName')
  ...see the mbean docs for all the different attributes, operations etc..
  ..Mark.

• Create no. range for excise group

  Plz suggest how to create no. range for excise group.
  Thanks in advance
  vibhuti

  DATA: spfli_wa TYPE spfli,
        r_carrid TYPE RANGE OF spfli-carrid,
        r_carrid_line LIKE LINE OF r_carrid.
  r_carrid_line-sign   = 'I'.
  r_carrid_line-option = 'BT'.
  r_carrid_line-low    = 'AA'.
  r_carrid_line-high   = 'LH'.
  APPEND r_carrid_line TO r_carrid.
  SELECT *
         FROM spfli
         INTO spfli_wa
         WHERE carrid IN r_carrid.
  ENDSELECT.

• Create Authorization Schemes with plsql

  Hello
  I´d like to create an Application, which has many "Authorization Schemes".
  The source of this schemes is a permission-table in the database.
  How could i create the schemes automaticly by script?
  That would save many time for creation and changes by hand.
  Thanks.
  Edited by: Scubus on Mar 13, 2009 2:36 PM

  Scubus,
  I found the syntax in the export file as well. By omitting p_id, APEX will generate an unique one.
  You have to run the sample as FLOWS or owner (with apex_administrator_role) with security group id set. You can find the security group ID from the export file (right below big APEX text), or run select &WORKSPACE_ID. from dual within application.
  The p_flow_id is the application ID.
  SQL > exec wwv_flow_api.set_security_group_id(p_security_group_id=>858728211457679);
  PL/SQL procedure successfully completed.
  SQL > begin
  wwv_flow_api.create_security_scheme(
  p_flow_id => 114,
  p_name=>'Check EMP4',
  p_scheme_type=>'EXISTS',
  p_scheme=>'select 1 from emp',
  p_caching=>'BY_USER_BY_PAGE_VIEW',
  p_error_message=>'EMP must exists');
  end;
  PL/SQL procedure successfully completed.
  SQL > commit;
  Commit complete.Ittichai

• Create authorization check for a report

  Hi,
  I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
  Say the report name is ZHR_TIMEABC.
  Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
  Thanks in advance,
  VG

  Hi,
  Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
  If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
  Your inputs will be helpful to understand this concept.
  Thanks,
  VG

• How to get pages list for a group space or create a page for a group space

  hi All,
  I am using wc11.1.1.3, I want to use java api to implementing the following functions in site template:
  1. Get pages list for a given group space
  2. Create a page for a given group space
  I researched the following codes from web site:
  PageDef newPage = mPageService.createPage(
  PERSONAL_USER_PAGE, pageNameFormat, pageTitle,
  "MyPageTemplate1.jspx",
  "/mytemplates/",
  null, null, null);
  What should be used instead of PERSONAL_USER_PAGE if a group space page is intended to be created? which parameter is for defining group space name that the page should be created for?
  By the way, PageService seems has method for getting list of pages, but how to use it to get page list which is in a specified gs?
  Best regards

  did you manage to get the page list using Page Service API?

• Unable to create a notification for a group (Cisco Unity Express 3.2)

  There is Cisco ISR 2821 with CME 7.1 and Cisco Unity Express 3.2.
  I am trying to create notifications for a group named AAA in CUE.
  I do following (GUI):
  1. Go to Configure -> Groups
  2. Click on the group name AAA.
  3. In Group Profile window 'Enable notification for this user/group' option is enabled.
  4. Go to Mailbox tab. There is an associated mailbox with ticks against Enabled and Fax Enabled.
  5. Go to Notification tab and see the warning:
  No Notification Devices found for User/Group
  Also, there are another several groups on this system and I am able to turn notification on for them. These groups have the same owners and members that AAA has. Moreover, if I create a new group and set it up absolutely the same as AAA, I can turn notifications on for it.
  The problem in this way is that we have our custom greetings and after I created a new group, for example BBB, with the same settings (as AAA, inluding Primary Extansion and Primary E.164 Number) and remove these numbers from AAA, then it works and users would receive notification about new voice messages. BUT, when I call BBB I listen to standart Cisco greeting promts.
  I don't undestand why it happens, because all these greetings are determined in Voicemail -> Auto Attendant section and I did not any changes here at all.
  How can I fix this 'notification' problem?
  Thanks.

  Process with success:
  unzip the packet in: C:\APEX
  1. Install:
  @apexins SYSAUX SYSAUX TEMP /i/
  2. Change to password:
  @apxchpwd,
  3. Run apex_epg_config.sql
  On windows:
  @apex_epg_config.sql (page 30, the guide of intallation)
  Important:Replace SYSTEM_DRIVE:\TEMP by C:
  E.g.: @apex_epg_config C:
  After this, follow the next steps
  4. ALTER USER ANONYMOUS ACCOUNT UNLOCK;
  Finish! Just execute apxldimg.sql script if you is upgrading from a preview release.
  Now try the connect on the browser IE6 o later:
  http://localhost:8080/apex/apex_admin
  Then create your workspace.
  Edited by: [email protected] on 10/03/2009 11:59

• Adding authorization object for "Function Group"s ?

  Is it possible to add any authorization object for any function group ?
  We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
  Function Group you can check through SE37->GoTO->Display Function Group
  Now is it possible to add authorization for any "Function Group" ?

  You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
  However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
  In this case, add only the function group that the user requires in this instance into S_RFC

• Authorization scheme for display/read only conditions on item level

  Hi All,
  I have question. I want to use an authorization scheme to manage if users with a certain role have the permission to either update an item or have the persmission to only see the item or that they don't have permission to see it at all.
  So, the input for the scheme would be: 1. user role 2. the current page 3. the current item.
  The output would be: 0 (update) 1 (read only) 2 (not displayed).
  I think I can manage that.
  And I can attach this schema to the items.
  So far so good.
  But how can I make it so that the 0,1 and the 2 will actually do what they need to do?
  I have been thinking about making a function like GET_AUTHORISATON(ROLE,PAGE,ITEM) output: 0,1,2 but I still can't figure out how to connect this with the functionality I want to achieve.
  Can somebody give me a hint?
  Andre

  Thanks Hari,
  Thanks, it works, almost, but what if items are mandatory on a page, but not always mandatory?
  If a user has a certain role, some fields are manadatory, otherwise not.
  Again, a function would do the trick as far as the input and output information
  something like IS_MANDATORY(USER_ROLE, CURRENT_PAGE, CURRENT_ITEM) but how can I make it work?
  I guess a PL/SQL validation like:
  IF IS_MANDATORY(USER_ROLE, CURRENT_PAGE, CURRENT_ITEM) THEN ITEM IS NOT NULL
  END IF;
  Andre
  PS: personally I think item level security is not something you wish to implement in your system. I prefer different screens for different roles.
  Far more straightforeward. Easy for maintenance. When something disfunctions, it's far more easy to pinpoint the location of the cause.

• Exception  thrown while creating the schema for FOD. please help.

  I couldn't run the schema for the FOD demo application. when I follow the steps, I get some exception during the database create part.
  From the File menu, choose Open. Open the workspace c:\temp\Infrastructure\infrastructure.jws.
  ( I edited the build.properties with correct values)
  In the MasterBuildScript project, select the build.xml file. In the Structure window, right-click the refreshSchema target and choose Run Target "refreshSchema."
  refreshSchema:
  [sql] Feb 13, 2008 4:44:54 PM oracle.jdbc.driver.OracleDriver registerMBeans
  [sql] SEVERE: Found Oracle Apps MBeanServer but the getMBeanServer method threw an exception.
  [sql] java.lang.reflect.InvocationTargetException
  [sql]      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  [sql]      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  [sql]      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  [sql]      at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
  [sql]      at oracle.jdbc.driver.OracleDriver.registerMBeans(OracleDriver.java:274)
  [sql]      at oracle.jdbc.driver.OracleDriver$1.run(OracleDriver.java:224)
  [sql]      at java.security.AccessController.doPrivileged(Native Method)
  [sql]      at oracle.jdbc.driver.OracleDriver.<clinit>(OracleDriver.java:220)
  [sql]      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  [sql]      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  [sql]      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  [sql]      at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
  [sql]      at java.lang.Class.newInstance0(Class.java:350)
  [sql]      at java.lang.Class.newInstance(Class.java:303)
  [sql]      at org.apache.tools.ant.taskdefs.JDBCTask.getDriver(JDBCTask.java:364)
  [sql]      at org.apache.tools.ant.taskdefs.JDBCTask.getConnection(JDBCTask.java:304)
  [sql]      at org.apache.tools.ant.taskdefs.SQLExec.execute(SQLExec.java:346)
  [sql]      at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
  [sql]      at org.apache.tools.ant.Task.perform(Task.java:364)
  [sql]      at org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:64)
  [sql]      at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
  [sql]      at org.apache.tools.ant.Task.perform(Task.java:364)
  [sql]      at org.apache.tools.ant.taskdefs.MacroInstance.execute(MacroInstance.java:378)
  [sql]      at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
  [sql]      at org.apache.tools.ant.Task.perform(Task.java:364)
  [sql]      at org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:64)
  [sql]      at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
  [sql]      at org.apache.tools.ant.Task.perform(Task.java:364)
  [sql]      at org.apache.tools.ant.taskdefs.MacroInstance.execute(MacroInstance.java:378)
  [sql]      at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
  [sql]      at org.apache.tools.ant.Task.perform(Task.java:364)
  [sql]      at org.apache.tools.ant.Target.execute(Target.java:341)
  [sql]      at org.apache.tools.ant.Target.performTasks(Target.java:369)
  [sql]      at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)
  [sql]      at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:37)
  [sql]      at org.apache.tools.ant.Project.executeTargets(Project.java:1068)
  [sql]      at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:382)
  [sql]      at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
  [sql]      at org.apache.tools.ant.Task.perform(Task.java:364)
  [sql]      at org.apache.tools.ant.Target.execute(Target.java:341)
  [sql]      at org.apache.tools.ant.Target.performTasks(Target.java:369)
  [sql]      at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)
  [sql]      at org.apache.tools.ant.Project.executeTarget(Project.java:1185)
  [sql]      at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40)
  [sql]      at org.apache.tools.ant.Project.executeTargets(Project.java:1068)
  [sql]      at org.apache.tools.ant.Main.runBuild(Main.java:668)
  [sql]      at org.apache.tools.ant.Main.startAnt(Main.java:187)
  [sql]      at org.apache.tools.ant.Main.start(Main.java:150)
  [sql]      at org.apache.tools.ant.Main.main(Main.java:240)
  [sql] Caused by: java.lang.ClassNotFoundException: oracle.as.jmx.framework.standardmbeans.spi.JMXFrameworkProviderImpl
  [sql]      at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
  [sql]      at java.security.AccessController.doPrivileged(Native Method)
  [sql]      at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
  [sql]      at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
  [sql]      at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
  [sql]      at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
  [sql]      at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
  [sql]      at java.lang.Class.forName0(Native Method)
  [sql]      at java.lang.Class.forName(Class.java:242)
  [sql]      at oracle.as.jmx.framework.PortableMBeanFactory.init(PortableMBeanFactory.java:1687)
  [sql]      at oracle.as.jmx.framework.PortableMBeanFactory.<init>(PortableMBeanFactory.java:156)
  [sql]      at oracle.as.jmx.framework.PortableMBeanFactory.<init>(PortableMBeanFactory.java:164)
  [sql]      ... 49 more
  [sql] Executing file: C:\temp\Infrastructure\DBSchema\Scripts\SQLRunner56601127.sql
  [sql] 11 of 11 SQL statements executed successfully
  Message was edited by:
  user620063

  Hi,
  please post this to the JDeveloper 11 forum
  JDeveloper and OC4J 11g Technology Preview
  Frank

• Create DB schema for ORACLE JDeveloper 11g

  I'd like to learn ADF. For this reason I've installed:
  JDeveloper 11
  ORACLE XE
  And I've extracted : FOD_11.zip
  To follow the demo application I have to create DB schema.
  How I have to define: jdbc.driver
            jdbc.urlBase
  Execution : Run Ant Target -> Build All done errors:
  1.
  <target name="createDatabase">
  <ant antfile="build.xml" dir="../DBSchema"
  target="createDatabase" inheritrefs="true"/> <<<< Here error
  </target>
  2.
  <sqlRunner username="@{username}" password="@{password}"
  script="${sqlrunner.tempfile}" onerror="@{onerror}"/> <<<< Here error
  3.
  <sequential>
  <sql driver="${jdbc.driver}" url="${jdbc.url}" userid="@{username}"
  password="@{password}" classpathref="oracle.jdbc.path"
  src="@{script}" onerror="@{onerror}"/> <<<< Here error
  </sequential>
  I’m sorry but I have no experience in the installation software.

  I'd like to learn ADF. For this reason I've installed:
  JDeveloper 11
  ORACLE XE
  And I've extracted : FOD_11.zip
  To follow the demo application I have to create DB schema.
  How I have to define: jdbc.driver
            jdbc.urlBase
  Execution : Run Ant Target -> Build All done errors:
  1.
  <target name="createDatabase">
  <ant antfile="build.xml" dir="../DBSchema"
  target="createDatabase" inheritrefs="true"/> <<<< Here error
  </target>
  2.
  <sqlRunner username="@{username}" password="@{password}"
  script="${sqlrunner.tempfile}" onerror="@{onerror}"/> <<<< Here error
  3.
  <sequential>
  <sql driver="${jdbc.driver}" url="${jdbc.url}" userid="@{username}"
  password="@{password}" classpathref="oracle.jdbc.path"
  src="@{script}" onerror="@{onerror}"/> <<<< Here error
  </sequential>
  I’m sorry but I have no experience in the installation software.