10.10 Controlling Access to Applications, Pages, and Page Components

You can control access to an application, individual pages, or page components by creating an access control list. To create an access control page, the application schema must have CREATE TABLE, CREATE TRIGGER, CREATE SEQUENCE privileges.

Topics:

See Also:

"Building Queries with Query Builder" in Oracle Application Express SQL Workshop Guide

10.10.1 How the Access Control List Works

You create an access control list by running the Access Control Wizard. The Access Control Wizard creates a page named Access Control Administration. This page contains a list of application modes and an Access Control List. Once you create the Access Control Administration page, you:

  1. Run the Access Control Administration page.

  2. Select one of the following application modes:

    • Full access to all, access control list not used.

    • Restricted access. Only users defined in the access control list are allowed.

    • Public read only. Edit and administrative privileges controlled by access control list.

    • Administrative access only.

  3. Add users to the Access Control List.

In addition to creating the Access Control Administration page, the Access Control Wizard also creates:

  • two tables within the application's default schema to manage the access control

  • the authorization schemes that correspond to the application mode list options

  • the privileges available in the Access Control List

You can control access to a specific page or page component by selecting one of these authorization schemes on the page or component attributes pages. Once you create an Access Control, you can customize the page, tables and values to suit the specific needs of your application.

10.10.2 Creating an Access Control List

You create an access control list by creating a page. You can create a page on the Application home page, while viewing a Page Definition, or by clicking Create on the Developer toolbar.

Topics:

10.10.2.1 Creating an Access Control from the Application Home Page

To create an access control list from the Application home page:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

    The Application home page appears.

  3. Click Create Page.

  4. For page type, select Access Control and click Next.

    The Access Control Wizard appears.

  5. Specify a page number and click Next.

  6. Select a tab option and click Next.

  7. Review the confirmation page and click Create.

10.10.2.2 Creating an Access Control from the Page Definition

To create an access control list from the Page Definition:

  1. Navigate to the appropriate Page Definition. See "Accessing the Page Definition".

  2. Click the Create button at the top of the page.

  3. Click New page and select New Page.

  4. For page type, select Access Control and click Next.

    The Access Control Wizard appears.

  5. Specify a page number and click Next.

  6. Select a tab option and click Next.

  7. Review the confirmation page and click Finish.

10.10.2.3 Creating an Access Control List from the Developer Toolbar

To create an access control list from the Developer toolbar:

  1. Run the application. See "Running an Application or Page".

  2. On the Developer toolbar, click Create.

    The New Component Wizard appears.

  3. Select New page and click Next.

  4. For page type, select Access Control and click Next.

    The Access Control Wizard appears.

  5. Specify a page number and click Next.

  6. Select a tab option and click Next.

  7. Review the confirmation page and click Finish.

10.10.3 Selecting an Application Mode and Adding Users

You can control access to an application by running the Access Control Administration page, selecting an application mode, and then adding users to the Access Control list.

Topics:

10.10.3.1 Selecting an Application Mode

To select an application mode:

  1. Create an access control list. See "Creating an Access Control List".

    The wizard creates a page named Access Control Administration.

  2. Run the Access Control Administration page. See "Running an Application or Page".

  3. Select an Application Mode. Options include:

    • Full access to all, access control list not used.

      Select this option to enable all users access to an application.

    • Restricted access. Only users defined in the access control list are allowed.

      Select this option to restrict access to users on the Access Control List. Only users on the Access Control List can view pages and components associated with an authorization scheme.

    • Public read only. Edit and administrative privileges controlled by access control list.

      Provides public access to pages and components associated with the access control - view authorization scheme.

    • Administrative access only.

      Only users with Administrator privileges can access pages or components associated with an authorization scheme.

  4. Click Set Application Mode.

    Description of access_control_1.gif follows
    Description of the illustration access_control_1.gif

    The user interface of your page depends on the theme you selected for your application. See "Managing Themes".

    Next, add users to the Access Control List.

10.10.3.2 Adding Users to the Access Control List and Selecting Privileges

To add users to the Access Control List:

  1. Under Access Control List, click Add User.

    A new row appears.

    Description of access_control_2.gif follows
    Description of the illustration access_control_2.gif

  2. Enter a user in the Username field.

  3. Associate a privilege with the user. Available options include:

    • Administrator

    • Edit

    • View

  4. Click Apply Changes.

  5. Repeat steps 1 to 5 for all users.

10.10.3.3 Removing Users from the Access Control List

To remove users from the Access Control List:

  1. Select the user to be removed by selecting the check box to the left of the user name.

  2. Click Delete.

10.10.4 Controlling Access for Pages and Page Components

The Access Control Wizard creates authorization schemes that correspond to the application mode list options and the privileges available in the Access Control List.

You can control access to a specific page or page component by selecting one of the following authorization schemes on the page or component attributes pages:

  • access control administrator. Only users with Administrator privileges can view the page or component.

  • access control - edit. Users with both Edit and Administrator privileges can view the page or component. Users with View privileges cannot view the page or component.

  • access control - view. Users with Administrator, Edit, or View privileges can view the page or component.

  • Not access control administrator. Users with Administrator privileges cannot view the page or component.

  • Not access control - edit. Users with both Edit and Administrator privileges cannot view the page or component. Users with View privileges can view the page or component.

  • Not access control - view. Users with Administrator, Edit, or View privileges cannot view the page or component.