Skip to main content

APEX 5 New Authorization Evaluation Point Features

By
In APEX 4 you can define Authorization Schemes. This is a very useful feature to prevent code repetition all over the place. For instance and Authorization Scheme "Is Admin" might use a select on one or more tables (or web service calls or whatever is necessary) to determine whether a user, the :APP_USER, has an Admin role or not. And you can use any value in session state, like :APP_ID or :APP_PAGE_ID in your query (or function call). The result of this call is usually pretty static. So you could specify when the code should be evaluated: Once per Page View or Once per Session. The latter is obviously more efficient as it will run only once from login to logout.
This works fine. Until you want to build your own fine-grained access control mechanism. As an example: If you have a page with three buttons on it, you can define an Authorization Scheme for this buttons and use that. So all three buttons use the same Authorization Scheme and are all visible on the page or not. As the Authorization Scheme will be evaluated once and only once for that Page. And if you need more fine grained controle you had to define three different Authorization Schemes, one for each button. And that will grow into a maintenance nightmare.

In APEX 5 this will be resolved. Next to the "old" options you can now specify an evaluation "Once per Component" and "Always".
"Once per Component" means the code is evaluated once per component for the duration of the session. So using this setting you can (re)use the same Authorization Scheme for the three buttons - as it will be evaluated three times. To make it even more useful : They also included three new bind variables (:APP_COMPONENT_TYPE, :APP_COMPONENT_ID and :APP_COMPONENT_NAME) that you can use in your query. So using these new bind vars (or one of them) you can create functionality that supports things like DYI fine grained access control - where a privileged user can grant or revoke access to certain elements on a page! 
Labels:

Comments

Post a Comment

Popular posts from this blog

How to create neatly formatted Excel documents using PL/SQL?

By
If there is a requirement to produce output from an application into Excel, you would probably create a CSV (Comma Separated File) with the data and start Excel to show the data - at least that's what I did...until now. The drawback of this solution is that you could only produce data and no nice layout. But Excel is also capable of opening HTML-files and using this you could create Excel files with data and magnificent layout! Let me give an example: 1. Create a procedure to show the data in formatted in an HTML table. CREATE OR REPLACE PROCEDURE display_emp_list IS v_emp_count NUMBER(5); v_empno NUMBER(8); v_ename VARCHAR2(50); v_job emp.job%TYPE; v_sal emp.sal%TYPE; v_bg_color VARCHAR2(10) := ''; CURSOR c_emp IS SELECT empno, initcap(ename), job, sal FROM emp ORDER BY ename; BEGIN SELECT COUNT(*) INTO v_emp_count FROM emp; owa_util.mime_header('application/ms-excel', FALSE); htp.p('Content...
21 comments
Read more

Refresh selected row(s) in an Interactive Grid

By
In my previous post I blogged about pushing changed rows from the dabatase into an Interactive Grid . The use case I'll cover right here is probably more common - and therefore more useful! Until we had the IG, we showed the data in a report (Interactive or Classic). Changes to the data where made by popping up a form page, making changes, saving and refreshing the report upon closing the dialog. Or by clicking an icon / button / link in your report that makes some changes to the data (like changing a status) and ... refresh the report.  That all works fine, but the downsides are: The whole dataset is returned from the server to the client - again and again. And if your pagination size is large, that does lead to more and more network traffic, more interpretation by the browser and more waiting time for the end user. The "current record" might be out of focus after the refresh, especially by larger pagination sizes, as the first rows will be shown. Or (even wors...
Post a Comment
Read more

APEX ReadOnly Pages - The easy way

By
If your Oracle APEX Application requires different types of access - full access or readonly - for different types of users, you can specify a Read Only Condition on Page level (or Region, Item, Button, etc.).  You can set an Authorization Scheme on Application level, so it'll be applied to all pages. So if you have an Authorization Scheme named 'User Can Access Page' defined by a PL/SQL function like this: return apex_authorization.user_can_access_page ( p_app_id  => :APP_ID , p_page_id => :APP_PAGE_ID , p_user    => :APP_USER );  then you can code all the logic in the database using the APEX Repository, your own tables or a combination to define whether a user has access to that page or not. But alas it is not possible to define something similar Application wide for a Read Only condition. You can specify an Authorization Scheme 'User has Read Only Access' using a similar signature as the one above and use that on each and e...
Post a Comment
Read more