PUBLIC_CHECK_AUTHORIZATION
NOTE: In APEX5 you’ll want to switch from
APEX_UTIL.PUBLIC_CHECK_AUTHORIZATIONtoAPEX_AUTHORIZATION.IS_AUTHORIZED. Thank you to Dali for the comment. –April, 27 2015
APEX Authorization Schemes are a very effective and simple way to restrict elements in our applications. Once defined, these authorizations can be applied to the majority of elements in APEX: Pages, Regions, Items, Buttons, Processes, Branches, etc…
There are several ways to code them, it will depend on your needs, but ultimately they return TRUE or FALSE. Is the user ADMIN or NOT ADMIN. Say for example that we have a MYAPP_USER_ROLES table that stores ROLE_KEY and USERNAME columns. In this case, we could define an “ADMIN” Authorization Scheme of type “Exists SQL Query” that looks like this:
select 1
from myapp_user_roles
where role_key = 'ADMIN'
and username = :APP_USER
Then we could secure a page by setting the Authentication Scheme to ADMIN. This would make the page completely unavailable to anyone that does not have the ADMIN role_key assigned. We could have a page with a form available to any user, but make a Delete button available only to ADMIN. Or have a field on the form to show for ADMIN only but unavailable (removed) to everyone else. Assigning the Authorization Scheme to a element, effectively eliminates that element.
However, what if we want to make an item read only for all users and editable to ADMIN? In this case we cannot use the Authorization Scheme drop down because that would make the item disappear. We’ll want to use the “Read Only” condition.
Use the APEX_UTIL.PUBLIC_CHECK_AUTHORIZATION API function call to see if a given Authorization Scheme is available to the current user or not. The function receives a one case sensitive value, the name of the scheme to check.
Set your Read Only condition to “PL/SQL Expression” and the code to
not APEX_UTIL.PUBLIC_CHECK_AUTHORIZATION('ADMIN')
You can also use this API call in your PL/SQL processes to enhance your logic.
As a quick example, maybe Admin users get a record initialized with a different status than regular users.
if apex_util.public_check_authorization('ADMIN') then
-- Administrators can skip the pending status
l_status := 'IN PROGRESS';
else
l_status := 'PENDING';
end if;
Another useful application is when you need to combine multiple Authorization Schemes and it’s not practical to create a new unique Scheme.
apex_util.public_check_authorization('ADMIN')
or apex_util.public_check_authorization('Approver')
or apex_util.public_check_authorization('Super User')
Hi, I'm Jorge Rimblas. Father, husband, photographer, Oraclenerd, Oracle APEX expert, Oracle ACE, coffee lover, car guy, gadget addict, etc... I'm an APEX Tech Lead DRW. I have worked with Oracle since 1995 and done eBusiness Suite implementations and customizations. Nowadays I specialize almost exclusively in Oracle APEX.
nice post, do you know one way to join default user logins with new autorization schemes like Opportunity Tracker application?
If you’re using the default APEX authentication your users are in APEX_WORKSPACE_APEX_USERS.
Good post,
I think public_check_authorization was deprecated see :
http://apextips.blogspot.ca/2015/02/apex-5-api-changes.html
Instead use apex_authorization.is_authorized
Thanks,
Thank you for the comment! I’ve added a note to the post to draw attention to this.