9.3. Limiting Access
Defining users is the necessary precursor for providing differential access to your application. Now that you have different users for your application, you can use this information to limit access to the application or its components.
9.3.1. Authorization
Authorization defines what type of access a particular user or user group will have to various application components. Most components, from the application itself to shared components, to individual items and buttons, allow you to define which users are authorized to use that component.
Authorizations are implemented by means of authorization schemes. As with authentication, the authorization scheme is used to associate users with a particular type of authorization.
Oracle APEX gives you an easy way to define and implement authorization schemes through the use of Access Control Lists, or ACLs. Although ACLs are not the only way to limit access to components, most applications can put this capability to good use.
9.3.2. ACLs
APEX comes with three built-in authorization schemes: view, edit, and administrator. The schemes are a hierarchy, from view to administrator. This hierarchy means that users in the edit ACL automatically have all access privileges of the view ACL, and administrator users have all the privileges of both the view and edit ACLs.
You implement Access Control Lists by creating an ACL page, which lets you specify users for different ACLs as well as how to implement the authorizations defined ...
Get Beginning Oracle® Application Express now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.