As an Oracle APEX expert, understanding how to reset the authorization scheme state is crucial when you need to re-evaluate a user's access rights during an active session. Oracle APEX caches the result of authorization schemes for performance reasons, so if the user's privileges change mid-session (such as after a role update or a login-as function), you must explicitly clear the authorization result cache to reflect the new state.
Below is a detailed explanation of how to reset or refresh the authorization scheme state in Oracle APEX:
Why Reset Authorization Scheme State?
Oracle APEX caches the evaluation result of an authorization scheme per session to avoid re-executing the logic repeatedly. While this improves performance, it means that if a user's authorization context changes, APEX may continue to rely on outdated results. For scenarios where authorization results are dynamic—based on session variables, roles, or temporary states—you must manually clear the cached result.
Step-by-Step: How to Reset the Authorization Scheme State
1. Use apex_authorization.reset_cache API
Oracle APEX provides a built-in PL/SQL API to reset the cached results for authorization schemes:
begin
apex_authorization.reset_cache(p_authorization_name => 'IS_ADMIN');
end;
This command clears the cached result of the named authorization scheme for the current session. The next time APEX evaluates this scheme, it will re-execute the logic as defined.
Parameters:
-
p_authorization_name: The name of the authorization scheme, not the static ID.
2. Reset All Authorization Schemes
If you want to reset all authorization schemes for the current session:
begin
apex_authorization.reset_cache;
end;
This approach is useful after global context changes—such as role switching, user impersonation, or setting session variables that affect multiple access controls.
3. Where to Use This
You can place this PL/SQL logic in:
-
Dynamic Actions (on button clicks or page load)
-
After Login Procedures
-
Custom Authentication plug-ins
-
Process-level code (for conditional access refreshes)
-
REST APIs or background PL/SQL procedures
Example Use Case: Resetting After Role Change
Suppose your application allows an admin to temporarily promote a user to a higher role, and your authorization schemes rely on session variables like :APP_ROLE.
After updating the role:
:APP_ROLE := 'ADMIN';
apex_authorization.reset_cache;
This ensures the new role is recognized across the entire application for authorization decisions.
Debugging Tip
To confirm that an authorization scheme is being re-evaluated:
-
Enable Debug Mode in the developer toolbar.
-
Trigger the component (page, region, button).
-
Search for authorization evaluations in the debug log.
You’ll see a line like:
Evaluating authorization scheme "IS_ADMIN"...
If you don't see this, the result is still cached, and reset_cache may not have been executed properly.
Best Practices
-
Avoid calling
reset_cacheon every page load—this negates the performance benefit of caching. -
Only reset schemes when necessary, such as after a user privilege change.
-
Use static names for authorization schemes for easier referencing in PL/SQL.
-
Combine with session state logic for dynamic authorization rules.
Oracle APEX caches the validation results of authorization schemes in a user's session to improve performance. If an authorization scheme is set to validate once per session, its result is stored in the session cache. However, in some cases, you may need to reset the authorization state, such as when user roles change dynamically.
To reset the authorization scheme state for a session, you can use the APEX_AUTHORIZATION.RESET_CACHE API. This allows the application to revalidate authorization schemes without requiring the user to log out and start a new session.
Copying or Subscribing to an Authorization Scheme
Developers can copy an authorization scheme either from the current application or from another application. If copying from another application, there is also an option to subscribe to the scheme.
Subscribing to an authorization scheme ensures that any updates made to the master scheme will automatically reflect in all subscribed applications. This is particularly useful for maintaining consistency in security settings across multiple applications in a workspace.
To learn more about how shared component subscriptions work, refer to the Using Shared Component Subscriptions documentation in Oracle APEX.
apex_authorization.reset_cache API, you ensure that APEX re-evaluates the user's current access privileges immediately, maintaining secure and consistent behavior across your application. Use this feature wisely to balance security accuracy with performance.
