Adding Security to your Application

Purpose

This tutorial shows you how to add security to your application using Oracle Application Express.

Time to Complete

Approximately 30 minutes.

Topics

This tutorial covers the following topics:

 Overview
 Prerequisites
 Creating Users
 Restricting Access
 Summary

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: This action loads all screenshots simultaneously, so response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over an individual icon in the following steps to load and view only the screenshot associated with that step. You can hide an individual screenshot by clicking it.

Back to Topic List

Overview

In this tutorial, you create a number of end users. You create an Access Control page and set the application mode to restricted access and assign different authorization levels to the users you added previously. Then you assign various application components a particular authorization level and test the results.

Back to Topic List

Prerequisites

Before you perform this tutorial, you should:

1.

Perform the Manipulating Database Objects tutorial.

2.

Perform the Creating and Running an Application tutorial.

2.

Perform the Adding Additional Components to your Existing Application tutorial.

Back to Topic List

Creating Users  

As mentioned earlier, this application uses Oracle Application Express Authentication. To create new users, you use the functions already available in Oracle Application Express. You create some new users and then in the next topic you restrict access to certain areas of the application to certain people. To do this, perform the following steps:

1.

Click the Home link in the breadcrumb menu.

 

2.

In the Administration box on the right, select Manage Application Express Users.

 

3.

Click Create End User.

 

4.

Enter the following information, and then click Create and Create Another .

User Name: Brad.Knight
Password and Confirm Password: welcome1
Email Address: brad.knight@oracle.com
Default Schema: OBE
User is a developer: No
User is a Workspace Administrator: No

 

5.

Enter the following information, and then click Create and Create Another .

User Name: Susie.Parker
Password and Confirm Password: welcome1
Email Address: susie.parker@oracle.com
Default Schema: OBE
User is a developer: No
User is a Workspace Administrator: No

 

6.

Enter the following information, and then click Create User.

User Name: John.Bell
Password and Confirm Password: welcome1
Email Address: john.bell@oracle.com
Default Schema: OBE
User is a developer: No
User is a Workspace Administrator: No

 

7.

Notice that the three users have been created. You now set up administrator access to the application. Click the Application Builder tab.

 

Back to Topic List

Restricting Access

Now that you have users defined, you can restrict access to certain portions of the application. In this topic, you allow only certain users to edit tasks. To do this, perform the following steps:

A Add an Access Control Page
B. Identify Privileged Users
C. Apply Authorization Schemes to Application Components.

Back to Topic List

A. Add an Access Control Page

To secure the application so that only privileged users can perform certain operations, you create an Access Control Page that is used to define which users can access which part of the application. Perform the following steps:

1.

Click the Project Tasks Application.

 

2.

Click Create Page.

 

3.

Select the Access Control page type and click Next >.

 

4.

Accept the default page value, and click Next >.

 

5.

Make sure Do not use tabs is selected and click Next >.

 

6.

Click Finish.

 

7.

Click Run Page.

 

8.

You see the access control page you just added to the application. The page is divided into two regions, and the default setting for Application Model is Full Access. In this case, you want to restrict certain users from certain parts of the application. Select Restricted Access and click Set Application Mode.

 

9.

The Application mode has been set. In the next topic, you identify your privileged users. Click Add User.

 

Back to Topic

B. Identify Privileged Users

In a previous topic, you created 3 users: Brad.Knight, John.Bell and Susie.Parker. In this topic, you identify Brad.Knight to be allowed to edit the application but he can't change any user access. John.Bell can only view the information in the application, he can not make any changes. And finally Susie.Parker is the administrator of the application so she can change anything in addition to changing the user privileges. Peform the following steps:

1.

Enter john.bell for the username and select View for the privilege, then click Add User again.

 

2.

Enter brad.knight for the username and select Edit for the privilege, then click Add User again.

 

3.

Enter susie.parker for the username and select Administrator for the privilege, then click Apply Changes.

 

4.

Next you can define which areas of the application are restricted. Click the Application <n> link from the developer tool bar.

 

Back to Topic

C. Apply Authorization Schemes to Application Components

With your authorization scheme created, users with View privilege can review the Employee Information but can not change it. Users with Edit privilege can make changes to Employee Information but can not make changes to the access control list. Users with Administrator privilege, can make any changes including to the access control list. Perform the following steps:

1.

Select the down arrow next to Shared Components and select Application>Definition.

 

2.

Click Show All. Then, click the Security tab.

 

3.

Under Authorization, change the scheme to access control - view and click Apply Changes.

 

4.

Now that you have given access to the application for view privileged users, you can restrict edit privileged users to Employee Information. Click 1 -Projects.

 

5.

In the Regions area, click the Report link. Note, you may need to click the Regions (  ) icon under Page Rendering.

 

6.

Click the Edit (  ) icon in front of PROJECT_ID.

 

7.

Click the Authorization tab.

 

8.

Select access control - edit for the Authorization Scheme and click Apply Changes.

 

9.

Click Apply Changes.

 

10.

Because you only want the Create Button to appear if the user has Edit or Administrator privilege, you need to set the authorization scheme. Click the Button (  ) icon under Page Rendering.

 

11.

Click the Create link.

 

12.

Click the Authorization section button.

 

13.

Select the access control - edit authorization scheme and click Apply Changes.

14.

You also want to protect against direct access to the page. So even though you restricted a user that didn't have edit privilege to edit or create users on page 1, they can still access page 2 if the correct URL is entered. To prevent this from happening, you need to restrict page 2 to only edit users. Click > for Page to advance to Page 2.

 

15.

Click the Show All (  ) icon

 

16.

In the Page section, click the No link for the Authorization Page Attribute.

 

17.

For Authorization Scheme, select access control - edit. Click Apply Changes. Click the Run Page icon.

 

18.

Click the Application <n> link from the developer tool bar.

 

19.

Since users with the administrator privilege are only allowed to make changes to the access control list, you need to set the authorization scheme for page n. Click n - Access Control Administration Page.

 

20.

Click the No link for Authorization.

21.

Select access control - administrator for the Authorization Scheme and click Apply Changes. Now you are ready to run the application.

22.

Enter 1 for Page and click <.

 

23.

Click Run.

24.

If you are already logged in as OBE, click Logout. Enter brad.knight and welcome1 for the username and password. Then click Login.

25.

Select Obe Projects.

26.

Click the Edit (  ) icon in front of Email Integration.

27.

Notice that Brad can edit the Employees. Click Logout.

28.

Enter john.bell and welcome1 for the username and password. Then click Login.

29.

Select Obe Projects again.

30.

John has only view privilege and therefore can not edit Project information. He also does not see the Create button displayed.

31.

Change the page number in your URL to try and access Page 3.

Example url  …/f?p=100:2:2101953412249296357::NO
Change to    …/f?p=100: 3:2101953412249296357::NO

Press the ENTER key on your keyboard. Notice that you receive a message denying you access to the page because you restricted Page 3 to edit privilege users only.

 

Back to Topic List

Summary

 

In this tutorial, you learned how to:

 Create a user
 Limit access to a user

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

 

 

Left Curve
Popular Downloads
Right Curve
Untitled Document