NOTE: In APEX5 you’ll want to switch from APEX_UTIL.PUBLIC_CHECK_AUTHORIZATION to APEX_AUTHORIZATION.IS_AUTHORIZED. Thank you to Dali for the comment. –April, 27 2015

APEX Authorization Schemes are a very effective and simple way to restrict elements in our applications.  Once defined, these authorizations can be applied to the majority of elements in APEX: Pages, Regions, Items, Buttons, Processes, Branches, etc…

There are several ways to code them, it will depend on your needs, but ultimately they return TRUE or FALSE.  Is the user ADMIN or NOT ADMIN.  Say for example that we have a MYAPP_USER_ROLES table that stores ROLE_KEY and USERNAME columns. In this case, we could define an “ADMIN” Authorization Scheme of type “Exists SQL Query” that looks like this:

Then we could secure a page by setting the Authentication Scheme to ADMIN. This would make the page completely unavailable to anyone that does not have the ADMIN role_key assigned. We could have a page with a form available to any user, but make a Delete button available only to ADMIN. Or have a field on the form to show for ADMIN only but unavailable (removed) to everyone else. Assigning the Authorization Scheme to a element, effectively eliminates that element.

However, what if we want to make an item read only for all users and editable to ADMIN? In this case we cannot use the Authorization Scheme drop down because that would make the item disappear. We’ll want to use the “Read Only” condition.

Use the APEX_UTIL.PUBLIC_CHECK_AUTHORIZATION API function call to see if a given Authorization Scheme is available to the current user or not. The function receives a one case sensitive value, the name of the scheme to check.

Set your Read Only condition to “PL/SQL Expression” and the code to

Item Read Only Condition

You can also use this API call in your PL/SQL processes to enhance your logic.

As a quick example, maybe Admin users get a record initialized with a different status than regular users.

Another useful application is when you need to combine multiple Authorization Schemes and it’s not practical to create a new unique Scheme.


Hi, I'm Jorge Rimblas. Father, husband, photographer, Oraclenerd, Oracle APEX expert, Oracle ACE, coffee lover, car guy, gadget addict, etc... I'm a Senior APEX Consultant with Insum Solutions, a consulting firm specialized in Oracle databases and the APEX development tool. I have worked with Oracle since 1995 and done eBusiness Suite implementations and customizations. Nowadays I specialize almost exclusively in Oracle APEX.

  1. nice post, do you know one way to join default user logins with new autorization schemes like Opportunity Tracker application?

  2. dali says:

    Good post,
    I think public_check_authorization was deprecated see :
    Instead use apex_authorization.is_authorized


I love comments, write me a line