This topic presents an overview of the routines in the following API packages:
These Security API packages contain all the routines necessary to
perform the following operations:
|
User maintenance API (wwsec_api) method names and descriptions
|
|
user_name function
|
Returns a user name, given a person ID.
|
|
id function
|
Returns a person ID, given a user name or GUID.
|
|
id_sso function
|
Returns a person ID, given a user name or GUID. Also validates
that a user exists in the SSO Server and Oracle9iAS Portal.
|
|
db_user function
|
Returns a database user name, given the name of an Oracle Portal
user.
|
|
add_portal_user function
|
Adds an Oracle Portal user record to the appropriate table.
|
|
modify_portal_user procedure
|
Updates personal and business-related information relating to
an Oracle Portal user.
|
|
delete_portal_user procedure
|
Deletes an Oracle Portal user, given a user name.
|
|
person_info function (ID)
|
Returns user information, given a person ID.
|
|
person_info function (name)
|
Returns user information, given a user name.
|
|
get_manager function
|
Returns the user name of a specified user's manager, or null if
no manager is found.
|
|
activate_portal_user procedure
|
Activates an Oracle Portal user.
|
|
deactivate_portal_user procedure
|
Deactivates an Oracle Portal user, preventing the person from
logging on to Oracle Portal.
|
|
set_defaultgroup procedure
|
Sets the default group for a specified user.
|
|
get_defaultgroup function
|
Returns the default group for a specified user.
|
|
Group maintenance API (wwsec_api) method names and descriptions
|
|
create_list function
|
Creates a group and returns a group ID.
|
|
update_list procedure
|
Updates a group.
|
|
delete_list procedure
|
Deletes a group and any associated references to the group.
|
|
add_user_to_list procedure
|
Adds a user to a group and sets privileges if the user is specified
to be an owner of the group.
|
|
add_group_to_list procedure
|
Adds a group as a member of another group and sets privileges
if the former group is specified to be an owner of the latter group.
|
|
update_group_owner procedure
|
Modifies group-ownership for a group that is a member of another
group.
|
|
update_user_owner procedure
|
Modifies group-ownership for a user who is a member of a group.
|
|
delete_user_from_list procedure
|
Deletes a user from a group.
|
|
delete_group_from_list procedure
|
Deletes a group from the list of members of another group.
|
|
group_info function
|
Returns group information, given a group ID.
|
|
group_id function
|
Returns a group ID for a specified group name.
|
|
user_in_groups function
|
Returns a list of group IDs, given a user name.
|
|
is_user_in_group function
|
Checks whether a user belongs to a specific group.
|
|
is_user_in_direct group function
|
Checks whether a user was individually granted membership in a
specific group.
|
|
group_name function
|
Returns the group name when given a group ID.
|
|
lists function
|
Returns an array of 'LIST' type groups when given a site ID.
Deprecated Oracle9iAS Portal 9.0.2.
|
|
get_list_members function
|
Returns an array of the members of a 'LIST' group type when given
a group_id.
Deprecated Oracle9iAS Portal 9.0.2.
|
|
user_in_group function
|
Returns a list of group IDs when given a user name.
Deprecated Oracle9iAS Portal 9.0.2.
|
|
is_group_owner function
|
Returns 1 when the specified group member is a group's owner,
or 0 if not.
Deprecated Oracle9iAS Portal 9.0.2.
|
|
get_member_record function
|
Returns a member's record from the appropriate table.
Deprecated Oracle9iAS Portal 9.0.2.
|
|
Access control API (wwsec_api) method names and descriptions
|
|
set_user_acl procedure
|
Creates an entry in the Access Control List (ACL) that grants
a privilege on a given object to a specified user.
|
|
remove_user_acl procedure
|
Removes all privileges for a given user, object_type_name, and
name if null or if nothing is passed into p_privilege. If p_privilege
is specified, this procedure removes the specified privilege for
all persons.
|
|
update_user_acl procedure
|
Changes a user's privilege in the Access Control List.
|
|
update_group_acl procedure
|
Changes a group's privilege in the Access Control List.
|
|
set_group_acl procedure
|
Creates an entry in the Access Control List that grants a privilege
on a specified object to a specified group.
|
|
remove_group_acl procedure
|
Removes all privileges for a given group, object_type_name, and
name if null or if nothing is passed into p_privilege. If p_privilege
is specified, this procedure removes the specified privilege for
all groups.
|
|
has_privilege function
|
Checks whether a specified user has a specified privilege on a
specified file.
|
|
has_privilege (one of a list) function
|
Checks whether a specified user has at least one of a list of
privileges.
|
|
has_privilege (specified privilege) function
|
Checks whether a specified user has a specified privilege. This
version uses a privilege code, instead of the privileges string,
for better performance.
|
|
is_privilege_at_least function
|
Checks whether a specified user or a group a user belongs to has
a privilege on a specified object that is at least as high as privilege
specified. This check assumes that privileges are defined hierarchically,
and that the highest privilege has the highest privilege code.
|
|
get_privilege_level function
|
Returns the highest privilege that a user has on a given object,
considering all groups that the user belongs to, including indirect
grants.
|
|
get_granted_group_privilege function
|
Returns the highest privilege that the specified group has on
the specified object.
|
|
get_granted_user_privilege function
|
Returns the highest privilege that the user has on the specified
object.
|
|
accessible_objects (single privilege) function
|
Returns a list of accessible objects of a single object type and
single privilege level to which a specified user, or a specified
group that the user belongs to, has privileges.
|
|
accessible_objects (list of privileges)
function
|
Returns a list of accessible objects to which a specified user
or a specified group the user belongs to has privileges, given a
specified object_type_name and a list of privileges.
|
|
grantee_list function
|
Returns a list of grantees for a named object and specified owner.
|
|
privilege_list function
|
Returns a list of privileges for a specified object_type_name.
|
|
copy_privileges procedure
|
Copies all privileges from a source object to a destination object.
The source object must exist and must be of the object type you
specify.
|
|
get_public_objects function
|
Returns a list of objects of specified type for the specified
owner, with the option of returning a list of objects of specified
type granted to PUBLIC.
|
|
Application privilege API (wwsec_app_priv)
method names and descriptions
|
|
check_privilege function (basic routine)
|
Checks if the user has the privilege necessary to access an object
and creates an error message if the user does not.
|
|
check_privilege function (from a list)
|
Checks if a user has any of a passed-in list of privileges.
|
|
check_privilege function (at least)
|
Allows a check for at least a given privilege code for those privileges
that are hierarchical.
|
|
check_if_logged_on function
|
Checks if the user is logged in and displays the log on page if
the user is not.
|
|
login procedure
|
Performs a redirect of the browser to the user Login Page.
|
|
get_login_url function
|
Provides the applications with the URL to the user Login Page.
|
|
get_login_link function
|
Provides applications with a hyperlink to the user Login Page.
|
|
logout procedure (URL)
|
Logs the current user off Oracle Portal and the Single Sign-On
Server, then points the user's browser to a specified URL.
Deprecated Oracle9iAS Portal 9.0.2.
|
|
logout procedure (image)
|
Logs the current user off Oracle Portal and the Single Sign-On
Server, then displays an image for successful logout.
|
|
get_logout_url function
|
Returns the URL of the procedure that logs off the current user
from Oracle Portal and the Single Sign-On Server.
|
|
get_logout_link function
|
Returns the anchor tag that generates the logout hyperlink.
|
|
get_portal_login_url function
|
Returns the URL for the login or log off link based on whether
the current user is logged in.
|
|
get_portal_login_link_text function
|
Returns the text string for the log in or log off link , depending
on whether the user is logged in.
|
|
Security API package reference
topics
|
|
wwsec_api object level privileges, constants
|
Presents privilege details for objects in the wwsec_api package.
|
|
wwsec_api global privilege objects
|
Presents privilege details for global objects in the wwsec_api
package.
|
|
wwsec_api_priv global privilege objects
|
Presents privilege details for global objects in the wwsec_api_priv.
|
|
ACL grantee_type constants
|
Presents a table of grantee_type constants used when assigning
privileges to users and groups.
|
|
User-defined types
|
Presents user-defined datatypes: array and idarray. They receive
data from various security routines.
|
|
Security exceptions
|
A table of exceptions that may be raised by the Security API packages.
|
|
Global Unique Identifiers (GUIDs)
|
Describes the use of Global Unique Identifiers (GUIDs) in Oracle
Portal.
|
|
Application privileges
|
Describes how these privileges are used by Oracle Portal applications
to check user access privileges before before routines are executed,
and to redirect browsers to the Single Sign-On Server when authentication
is necessary.
|
|
Check privilege function logic
|
Explains the logic for checking user privileges.
|
