Search This Blog
Showing posts with label Attaching an Authorization Scheme to an Application in Oracle APEX. Show all posts
Showing posts with label Attaching an Authorization Scheme to an Application in Oracle APEX. Show all posts

Tuesday, July 1, 2025

Attaching an Authorization Scheme to an Application in Oracle APEX

In Oracle APEX, attaching an Authorization Scheme to an application allows you to enforce access control across various components such as pages, buttons, regions, items, and processes. This mechanism ensures that only users with appropriate permissions can access or interact with parts of the application. Below is a detailed guide on how to create and attach an Authorization Scheme within your APEX application.

Step 1: Create an Authorization Scheme

  1. Open your APEX application.

  2. From the App Builder, select your application and navigate to the Shared Components.

  3. Under the Security section, click Authorization Schemes.

  4. Click Create and choose from the available options:

    • From Scratch

    • From Scratch - PL/SQL Function Returning Boolean

    • From Scratch - SQL Query Returning Rows

    • Based on Existing Scheme

    • Is In Role

    • Must Not Be Public User

  5. Provide a Name for your scheme (e.g., Is_Admin_Access).

  6. Choose the appropriate Evaluation Type (PL/SQL, SQL, etc.).

  7. Enter your authorization logic. For example, for PL/SQL:

    return :APP_USER in ('ADMIN', 'MANAGER');

  8. (Optional) Enter an error message to be displayed if the authorization fails.

  9. Click Create Authorization Scheme.

Step 2: Attach the Authorization Scheme at the Application Level

Attaching a scheme at the application level provides a global layer of protection.

  1. Go back to Shared Components.

  2. Under Security, click Authentication Schemes and ensure you have an authentication method enabled.

  3. Then, go to Authorization Schemes and find your scheme in the list.

  4. Click the Edit icon (pencil) next to the scheme.

  5. Scroll down to the Available for Public Page Access option and set appropriately.

  6. Now go to Shared Components > Application Definition Attributes.

  7. Under the Security section, find the setting for Authorization Scheme.

  8. Select your created scheme from the dropdown menu.

  9. Click Apply Changes.

Now your entire application enforces this scheme by default. If a user fails this scheme, they will not be able to access the application unless explicitly allowed at a component level.

Step 3: Attach the Authorization Scheme to Specific Components

You can also attach the same or different authorization schemes to pages, regions, buttons, items, and processes:

  • Page-Level Authorization

    • Open any page in Page Designer.

    • In the Page Attributes, find Security > Authorization Scheme.

    • Select your scheme from the list.

    • This will restrict access to the entire page.

  • Region-Level Authorization

    • Select a region in Page Designer.

    • Go to the Security section.

    • Choose the Authorization Scheme.

    • The region will only be visible if the user passes the scheme.

  • Button, Item, or Process-Level Authorization

    • Similar to regions, locate the Security section for the component.

    • Apply the desired scheme.

Step 4: Test the Authorization Scheme

  1. Run the application as a user who should pass the scheme.

  2. Confirm that all protected pages and components are accessible.

  3. Run the application as a user who should not pass the scheme.

  4. Ensure access is denied or content is hidden as expected.

Use APEX Developer Toolbar during runtime to check the current :APP_USER and simulate various scenarios.

Attaching an authorization scheme to an application helps enforce security by restricting user access based on defined conditions. By associating an authorization scheme with an application, you can control overall access and determine how security rules are applied throughout the application.

Steps to Attach an Authorization Scheme to an Application

  1. Open Oracle APEX and navigate to the Workspace home page.

  2. Click on App Builder to view the list of available applications.

  3. Select the application where you want to apply the authorization scheme.

  4. Click on Shared Components to access application-wide settings.

  5. Locate the Security section and click on Security Attributes.

  6. Scroll down to the Authorization section and choose an authorization scheme from the Authorization Scheme dropdown list.

  7. Configure the Run on Public Pages setting: 

    • On: The authorization scheme will be checked on public pages (pages that do not require authentication).

    • Off: The authorization scheme will not be checked on public pages.

  8. If you need to create a new authorization scheme, click Define Authorization Schemes and follow the setup process.

By completing these steps, the selected authorization scheme will be applied at the application level, ensuring that security rules are consistently enforced throughout the application.

Attaching an Authorization Scheme in Oracle APEX allows for fine-grained control over who can access or interact with specific areas of your application. By configuring schemes and assigning them to your application, pages, or UI elements, you create a layered and secure environment that adheres to business rules. Whether using simple role checks or complex PL/SQL logic, authorization schemes are essential for maintaining the integrity and security of your APEX apps.

at No comments:
Labels:
Subscribe to: Posts (Atom)