check_privilege function (at least)

Related topics

Contained in package wwsec_app_priv.

Call this function to check if the user has at least a given privilege code value for those privileges that have hierarchical code values. When using this function, set the privilege_code to the minimum privilege that you expect the user to have to access the object.

Note: A typical use would be to learn if a user has a VIEW privilege for a particular folder.

function check_privilege

(

p_object in varchar2,

p_privilege_code in number,

p_name in varchar2,

p_auto_redirect in boolean default TRUE,

p_requested_URL in varchar2 default wwctx_aping_product_schema || '.home',

p_owner in varchar2 default wwctx_api.get_product_schema

p_reqd_auth_level in NUMBER default wwctx_api.REQUIRED_AUTHENTICATION_LEVEL

)

return boolean;

Version: Oracle Portal 3.0.6.6.5 or later

Parameters:

p_object

The type of object being secured.

Note: For most UI administrative processes, the object type is wwsec_api.ADMIN_OBJ.

Datatype: in varchar2

p_privilege_code

The privilege code being checked.

Note: Set this parameter to the minimum privilege code the user should have to access the object.

Datatype: in number

p_name

A unique identifier for the specified object instance.

Datatype: in varchar2

p_auto_redirect

Indicates if the screen should display the log on page if a user is not logged in and does not have sufficient privileges in public mode to access the object.

Notes:

If FALSE is returned, the user is redirected to the log on page.

Because this parameter defaults to TRUE, it has no effect if the user is already logged in.

Datatype: in boolean
Default: TRUE

p_requested_url

The URL of the object for which privileges are being checked.

Note: The location in p_requested_url is where the user's browser points after a successful authorization.

Datatype: in varchar2
Default: wwctx_api.get_product_schema || '.home'

p_owner

The name of the schema that owns the p_name object.

Datatype: in varchar2
Default: wwctx_api.get_product_schema

p_reqd_auth_level

The minimum authentication level that a calling function requires in order to pass a privilege check.

The API fails the authorization check if the current authentication level (returned by wwctx_api.get_authentication_level) is less than the value of this parameter.

Note: If the object is granted PUBLIC access, the authentication level is not checked at all.

The default value for this parameter is REQUIRED_AUTHENTICATION_LEVEL and this is equivalent to PUBLIC_AUTHENTICATION. This implies that the user must be authenticated by the Single Sign-On Server for the authorization check to pass.

Portlets that require authorization fail the authorization check for a weakly authenticated user. If a portlet wants to display itself to a weakly authenticated user, it should pass p_reqd_auth_level as WEAK_AUTHENTICATION while invoking the authorization APIs.

Note: This parameter is available in Oracle Portal 3.0.9 or later.

Datatype: number
Default: wwctx_api.REQUIRED_AUTHENTICATION_LEVEL

Returns:

This function returns TRUE if the user has at least the specified privilege code. If the user does not, it returns FALSE.

Exceptions:

This function returns no exceptions. Unexpected errors are stacked and, if the user has insufficient privileges to access the requested object, result in an error page being displayed. No redirect takes place.

Example:

if wwsec_app_priv.check_privilege

(

p_object => wwsec_api.PAGE_OBJ,

p_privilege_code => wwsec_api.PAGE_VIEW,

p_name => '0/156',

p_requested_url => wwctx_api.get_product_schema ||'.wwsec_app_user_mgr.display_user_mgr'

)

then...

Version: Oracle Portal 3.0.6.6.5 or later
Parameters:
p_object	The type of object being secured. Note: For most UI administrative processes, the object type is wwsec_api.ADMIN_OBJ. Datatype: in varchar2
p_privilege_code	The privilege code being checked. Note: Set this parameter to the minimum privilege code the user should have to access the object. Datatype: in number
p_name	A unique identifier for the specified object instance. Datatype: in varchar2
p_auto_redirect	Indicates if the screen should display the log on page if a user is not logged in and does not have sufficient privileges in public mode to access the object. Notes: If FALSE is returned, the user is redirected to the log on page. Because this parameter defaults to TRUE, it has no effect if the user is already logged in. Datatype: in boolean Default: TRUE
p_requested_url	The URL of the object for which privileges are being checked. Note: The location in p_requested_url is where the user's browser points after a successful authorization. Datatype: in varchar2 Default: wwctx_api.get_product_schema \|\| '.home'
p_owner	The name of the schema that owns the p_name object. Datatype: in varchar2 Default: wwctx_api.get_product_schema
p_reqd_auth_level	The minimum authentication level that a calling function requires in order to pass a privilege check. The API fails the authorization check if the current authentication level (returned by wwctx_api.get_authentication_level) is less than the value of this parameter. Note: If the object is granted PUBLIC access, the authentication level is not checked at all. The default value for this parameter is REQUIRED_AUTHENTICATION_LEVEL and this is equivalent to PUBLIC_AUTHENTICATION. This implies that the user must be authenticated by the Single Sign-On Server for the authorization check to pass. Portlets that require authorization fail the authorization check for a weakly authenticated user. If a portlet wants to display itself to a weakly authenticated user, it should pass p_reqd_auth_level as WEAK_AUTHENTICATION while invoking the authorization APIs. Note: This parameter is available in Oracle Portal 3.0.9 or later. Datatype: number Default: wwctx_api.REQUIRED_AUTHENTICATION_LEVEL
Returns: This function returns TRUE if the user has at least the specified privilege code. If the user does not, it returns FALSE. Exceptions: This function returns no exceptions. Unexpected errors are stacked and, if the user has insufficient privileges to access the requested object, result in an error page being displayed. No redirect takes place. Example: if wwsec_app_priv.check_privilege ( p_object => wwsec_api.PAGE_OBJ, p_privilege_code => wwsec_api.PAGE_VIEW, p_name => '0/156', p_requested_url => wwctx_api.get_product_schema \|\|'.wwsec_app_user_mgr.display_user_mgr' ) then...

Related topics
Security API package	PDK PL/SQL API Reference - Home