Pages

Sunday, May 23, 2010

Step 18 – Apex Developer Day - Restricting Access

Now that you have users defined, you can restrict access to certain portions of the application. In this topic, you allow only certain users to edit tasks. To do this, perform the following steps:

A

Add an Access Control Page

B.

Identify Privileged Users

C.

Apply Authorization Schemes to Application Components.

Back to Topic List

A. Add an Access Control Page

To secure the application so that only privileged users can perform certain operations, you create an Access Control Page that is used to define which users can access which part of the application. Perform the following steps:

1.

Click the Project Tasks Application.

clip_image002

2.

Click Create Page.

clip_image004

3.

Select the Access Control page type and click Next >.

clip_image006

4.

Accept the default page value, #, and click Next >.

clip_image008

5.

Make sure Do not use tabs is selected and click Next >.

clip_image010

6.

Click Finish.

clip_image012

7.

Click Run Page.

clip_image014

8.

You see the access control page you just added to the application. The page is divided into two regions, and the default setting for Application Model is Full Access. In this case, you want to restrict certain users from certain parts of the application. Select Restricted Access and click Set Application Mode.

clip_image016

9.

The Application mode has been set. In the next topic, you identify your privileged users. Click Add User.

clip_image018

B. Identify Privileged Users

In a previous topic, you created 3 users: demos.oracle, demos2.oracle and demos3.oracle. In this topic, you identify demos.oracle to be allowed to edit the application but he can't change any user access. demos2.oracle can only view the information in the application, he can not make any changes. And finally demos3.oracle is the administrator of the application so he can change anything in addition to changing the user privileges. Peform the following steps:

1.

Enter demos2.oracle for the username and select View for the privilege, then click Add User again.

clip_image020

2.

Enter demos.oracle for the username and select Edit for the privilege, then click Add User again.

clip_image022

3.

Enter demos3.oracle for the username and select Administrator for the privilege, then click Apply Changes.

clip_image024

4.

Next you can define which areas of the application are restricted. Click the Application <n> link from the developer tool bar.

clip_image026

 

C. Apply Authorization Schemes to Application Components

With your authorization scheme created, users with View privilege can review the Employee Information but can not change it. Users with Edit privilege can make changes to Employee Information but can not make changes to the access control list. Users with Administrator privilege, can make any changes including to the access control list. Perform the following steps:

1.

Select the down arrow next to Shared Components and select Application>Definition.

clip_image028

2.

Click the Security tab.

clip_image030

3.

Under Authorization, change the scheme to access control - view and click Apply Changes.

clip_image032

clip_image034

4.

Now that you have given access to the application for view privileged users, you can restrict edit privileged users to Employee Information. Click 2 - Employee Information.

clip_image036

5.

In the Regions area, click the Interactive Report link. Note, you may need to click the Regions (clip_image038) icon under Page Rendering.

clip_image040

6.

Click the Edit (clip_image042) icon in front of EMPLOYEE_ID.

clip_image044

7.

Click the Authorization tab.

clip_image046

8.

Select access control - edit for the Authorization Scheme and click Apply Changes.

clip_image048

9.

Click Apply Changes.

clip_image050

10.

Because you only want the Create Button to appear if the user has Edit or Administrator privilege, you need to set the authorization scheme. Click the Button (clip_image052) icon under Page Rendering.

clip_image054

11.

Click the Create link.

clip_image056

12.

Click the Authorization section button.

clip_image058

13.

Select the access control - edit authorization scheme and click Apply Changes.

clip_image060

14.

You also want to protect against direct access to the page. So even though you restricted a user that didn't have edit privilege to edit or create users on page 2, they can still access page 3 if the correct URL is entered. To prevent this from happening, you need to restrict page 3 to only edit users. Click > for Page to advance to Page 3.

clip_image062

15.

Click the Show All (clip_image064) icon

clip_image066

16.

In the Page section, click the No link for the Authorization Page Attribute.

clip_image068

17.

For Authorization Scheme, select access control - edit. Click Apply Changes. Click the Run Page icon.

clip_image070

clip_image072

18.

Click the Application <n> link from the developer tool bar.

clip_image074

19.

Since users with the administrator privilege are only allowed to make changes to the access control list, you need to set the authorization scheme for page 9. Click 9 - Access Control Administration Page.

clip_image076

20.

Click the No link for Authorization.

clip_image078

21.

Select access control - administrator for the Authorization Scheme and click Apply Changes. Now you are ready to run the application.

clip_image080

22.

Enter 1 for Page and click <.

clip_image082

23.

Click Run.

clip_image084

24.

If you are already logged in as OBE, click Logout. Enter demos.oracle and oracle for the username and password. Then click Login.

clip_image086

25.

Select Employee Information.

clip_image088

26.

Notice that Brad can edit the Employees. Click Logout.

clip_image090

27.

Enter demos2.oracle and oracle for the username and password. Then click Login.

clip_image092

28.

Select Employee Information.

clip_image088[1]

29.

Click on edit button. John has only view privilege and therefore can not edit the Employees. An error is show up when he tried to edit the employee. He also does not see the Create button displayed.

clip_image094

clip_image096

30.

Change the page number in your URL to try and access Page 3. And click GO

Example url  …/f?p=426:2:2101953412249296357::NO
Change to    …/f?p=426:3:2101953412249296357::NO

clip_image098

Press the ENTER key on your keyboard. Notice that you receive a message denying you access to the page because you restricted Page 3 to edit privilege users only.

clip_image100

No comments:

Post a Comment