Authorization and user roles in Oracle Apex?
So Apex has "workspaces", which let you create users of three types - all of which are internal to the organization in nature. Also, there seems to be no way for a developer of an individual site on Apex to have "users" just for his site.
Am I missing something?
I need to be able to have external (business) users to be able to get access to just some features of the site, for example, accounting can only see pages A and B while executives can see A,B, and C.
I need to have ability to have several groups of people with difference degrees of access.
Can this only be done by creating workspaces/groups? Or can that be done internally on just my site?
Although APEX has a built-in user management concept called "Groups" I must confess I have never used it, and a quick perusal of the documentation doesn't make it clear to me how you use these to control access (but see Tom's answer here for that).
You will probably need to create user/role tables within your database and use these in conjunction with APEX Authorization Schemes to control access to pages. A single Authorization Scheme of type "PL/SQL Function returning Boolean" could be created with the function body:
return my_auth_pkg.is_authorized (p_user => :app_user,
p_app_id => :app_id
p_page_id => :app_page_id);
You would then implement the package to look up the user's privileges and decide whether to return TRUE or FALSE for the application and page id.
Alternatively you could just perform the SQL to check for access directly in the Authorization Scheme:
(NB "user_roles" and "role_pages" are names I made up, to represent your tables)
- Cross Domain Form POSTing
- Vulnerabilities in spring-webmvc-5.3.39 to 5.3.40
- How is PHP's mt_rand seeded?
- Limit GraphQL Queries by Breadth
- Customize android app preview when it is in background with secure flag
- Can a client-side login be safe?
- How to store sensitive data in React Native or expo code ? ( with Keychain and Keystore )
- Amazon Web Services : Setting S3 policy to allow putObject and getObject but deny listBucket
- How to validate if a URL is an Okta domain?
- How to make Google Analytics respond to "Do Not Track"
- My Vercel API tokens leaked on GitHub. How do I regenerate them?
- Implementing Custom Expression Handling with Spring Security 6
- What are the security concerns for JSF?
- App attestation failed with Firebase App check in release on Android
- SQL Server returns error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." in Windows application
- When should I use the deny access functions in Symfony 4.4 controllers?
- Install two traefik ingress controller on same kubernetes Cluster
- Logon events from within credential provider
- How to give access to my API for a mobile app?
- How to verify a JWKS's integrity and authenticity
- Changes in the front-end (Vue.js) part of the PatrolHears project (open source code)
- ECPrivateKey to ECPublicKey without BouncyCastle
- What TargetName to use when calling InitializeSecurityContext (Negotiate)?
- java.security.NoSuchAlgorithmException:Cannot find any provider supporting AES/ECB/PKCS7PADDING
- Which procedure is more secure for encryption using Password and Seed
- Source security group isn't working as expected in AWS
- Google Authenticator available as a public service?
- Where do you store your salt strings?
- Can other software programs deny access to data sealed in a PCR of a TPM by extending measurements to that PCR?
- How do I skip certains rules for parameter in a path in ModSecurity?