What are authorization schemes and how do you create them?
http://docs.oracle.com/cd/E17556_01/doc/user.40/e15517/sec.htm#BABEDFGB
http://apps2fusion.com/at/64-kr/399-security-using-authorization-in-apex
There are a couple of hidden ways to check the authorization schemes differently to the standard way.
To check more then one authorization scheme with pl/sql use this hint from Denes Kubicek:
http://deneskubicek.blogspot.com/2009/05/checking-authorization-scheme-within.html
To check authorization schemes inside SQL follow this solution:
http://www.oracle.com/webfolder/technetwork/de/community/apex/tipps/repo-2/index.html
For those who do not understand German. Just create a simple function which let you use the authorization scheme function inside a sql statement:
create or replace function
my_check_auth(p_security_scheme in varchar2)
return number is begin if apex_util.public_check_authorization(p_security_scheme)
then return 1; else return 0; end if; end;
select 'VALID_USER' as return_val from my_table where col1 = 'NEW' and (my_check_auth('AUTH_VALID_USER') = 1
or my_check_auth('AUTH_NEW_USER')
)
2 Comments:
Hi Tobias!
One thing that might not be obvious when using our authorization checking function in SQL or PL/SQL is that caching still takes place. The authorization will only be evaluated at most once ("Once per page view") or not at all, if it's result is already stored in session state.
If you are using the function in SQL, a non-optimal execution plan might still cause many context switches to PL/SQL. In that case, you could use scalar subqueries, e.g.
select
'VALID_USER' as return_val
from my_table
where col1 = 'NEW'
and ( (select my_check_auth('AUTH_VALID_USER') from dual)=1
or (select my_check_auth('AUTH_NEW_USER') from dual)=1 );
Regards,
Christian
Hi Christian,
thanks for the interesting information.
Tobias
Post a Comment