Authorization is a broad term for controlling access to resources based on user privileges. While conditions control the rendering and processing of specific page controls or components, authorization schemes control user access to specific controls or components.
An authorization scheme extends the security of your application's authentication scheme. You can specify an authorization scheme for an entire application, page, or specific control such as a region, item, or button. For example, you could use an authorization scheme to selectively determine which tabs, regions, or navigation bars a user sees.
An authorization scheme either succeeds or fails. If a component or control level authorization scheme succeeds, the user can view the component or control. If it fails, the user cannot view the component or control. If an application or page-level authorization scheme fails, then Oracle Application Express displays a previously defined message.
When you define an authorization scheme, you give it a unique name. Once defined, you can attach it to any component or control in your application. To attach an authorization scheme to a component or control in your application, simply navigate to the appropriate attributes page and select an authorization scheme from the Authorization Scheme list.
Before you can attach an authorization scheme to an application or an application component or control, you must first create it.
To create an authorization scheme:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authorization Schemes.
Click Create.
Specify how to create an authorization scheme by selecting one of the following:
From Scratch
As a Copy of an Existing Authorization Scheme
Follow the on-screen instructions.
To edit attributes of an existing authorization scheme:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authorization Schemes.
The Authorization Schemes page appears. By default, each scheme displays as an icon.
You can customize the appearance the page using the Search bar at the top of the page. Available controls include:
Select columns to search - Resembles a magnifying glass. Click this icon to narrow your search. To search all columns, select All Columns.
Text area - Enter case insensitive search criteria (wildcard characters are implied) to search for items by name and then click Go.
Go button - Executes a search or applies a filter.
View Icons - Displays each scheme as a large icon. To edit a scheme, click the appropriate icon.
View Report - Displays each scheme as a line in a report. To edit a scheme, click the Edit icon.
Actions menu - Use the Actions menu to customize the report view. See "About the Actions Menu".
You can specify when your authorization scheme is validated in the Evaluation Point attribute. You can choose to have your authorization scheme validated once for each session or once for each page view.
Keep in mind, if you specify that an authorization scheme should be evaluated once for each session and the authorization scheme passes, then the underlying code, test, or query will not be executed again for the duration of the application session. If your authorization scheme consists of a test whose results might change if evaluated at different times during the session, then you should specify that the evaluation point be once for each page view.
If an authorization scheme is validated once for each session, Oracle Application Express caches the validation results in each user's session cache. You can reset a session's authorization scheme state by calling the APEX_UTIL.RESET_AUTHORIZATIONS
API.
Calling this procedure nulls out any previously cached authorization scheme results for the current session. Be aware that this procedure takes no arguments and is part of the publicly executable APEX_UTIL
package.
See Also:
"RESET_AUTHORIZATIONS Procedure" in Oracle Application Express API ReferenceOnce you have created an authorization scheme you can attach it to an entire application, page, control, or component.
To attach an authorization scheme to an application:
On the Workspace home page, click the Application Builder icon.
Select an application.
Click the Shared Components icon.
The Shared Components page appears.
Under Security, click Security Attributes.
Scroll down to Authorization and make a selection from the Authorization Scheme list.
For Run on Public Pages, select Yes or No to specify whether the application-level authorization scheme is checked on public pages (that is, pages that do not require authorization). To learn more, see "Authorization".
To define a new authorization scheme, click Define Authorization Schemes.
To attach an authorization scheme to a page:
On the Workspace home page, click the Application Builder icon.
Select an application.
Select a page.
To access the Edit Page:
Tree view - Under Page Rendering, double-click the page title at the top of the tree.
Component view- Under Page, click the page name.
Scroll down to Security and make a selection from the Authorization Scheme list.
To attach an authorization scheme to a page component or control:
On the Workspace home page, click the Application Builder icon.
Select an application.
Select a page.
Click the name of the component or control to which you want to apply the authorization scheme.
Scroll down to Security and make a selection from the Authorization Scheme list.
You can use the Authorization Scheme Subscription and Authorization Scheme Utilization reports to better manage authorization schemes within your application.
To view authorization scheme reports:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authorization Schemes.
Click the appropriate tab at the top of the page:
Subscription
by Component
Utilization
History
Use the Authorization Scheme Subscription report to view details about authorization schemes subscription.
Use the By Component report to view all components within this application which have an associated authorization scheme. For a component to be rendered it must pass authorization schemes placed on the component level, the page level, and at the application level.
Use the Authorization Scheme Utilization report to view details about authorization schemes utilization.
To view additional reports indicating which pages having authorization schemes and which do not, select one of the following from the Tasks list:
Report Pages With Authorization Schemes
Report Pages Without Authorization Schemes