当前位置: 文江博客话题详情

Oracle Apex 中的授权和用户角色?

发布于 2024-12-11 18:43:40 字数 251 浏览 2 评论 0原文

因此,Apex 具有“工作区”,它允许您创建三种类型的用户 - 所有这些用户本质上都是组织内部的。此外,Apex 上单个网站的开发人员似乎无法为他的网站拥有“用户”。

我错过了什么吗?

我需要能够让外部(业务)用户能够访问网站的某些功能,例如,会计只能看到页面 A 和 B,而管理人员可以看到 A、B 和 C。

我需要有能力让几组人具有不同的访问程度。

这只能通过创建工作区/组来完成吗?或者可以在我的网站内部完成此操作吗?

原文

So Apex has "workspaces", which let you create users of three types - all of which are internal to the organization in nature. Also, there seems to be no way for a developer of an individual site on Apex to have "users" just for his site.

Am I missing something?

I need to be able to have external (business) users to be able to get access to just some features of the site, for example, accounting can only see pages A and B while executives can see A,B, and C.

I need to have ability to have several groups of people with difference degrees of access.

Can this only be done by creating workspaces/groups? Or can that be done internally on just my site?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

岁吢 2024-12-18 18:43:41

我只是想扩展托尼的答案,它本身是正确的。我只是想向您展示另一种方法,我认为这对于初学者来说会更容易,并且省略了表格的创建。

如果您的应用程序使用 Apex 作为身份验证方案,则您的用户将通过工作区本身的管理进行管理。您可以创建、编辑和删除用户,但也可以定义组,并将用户链接到组。您可以创建多个“最终用户”类型的用户,并定义几个组,例如“高管”。

Apex 用户和组
创建群组
创建组后,转到要分配该组的用户,然后将该组添加到该用户的组中

“向用户添加组”

设置完成后,您仍然需要授权方案。事实上,您在这里需要一些 pl/sql 知识,但由于一些方便的 api 工作,可以将编码保持在最低限度。
基于 apex 组定义授权
current_user_in_group 的作用它说:它检查当前用户是否分配了所述组。通过使用一些简单的 IF 结构进行一些扩展,您可以将其提升一点!

并不是说我完全推荐这种方法,我自己发现它有点乏味,并且您需要有人进入 APEX 来实际维护用户及其组,但这很可能在您的环境中是可以接受的。不过,您可以使用它来开始。您可以非常轻松地切换身份验证方案,并通过更改授权方案使它们符合新的身份验证方案,您可以随后轻松快速地进行调整。当然,这取决于您的优先事项和目标。

I just wish to expand on Tony's answer, which by itself is correct. I just want to show you another way, which i think would be easier on a total beginner and omits the creation of tables.

If your application uses Apex as authentication scheme, then your users are managed through the administration of the workspace itself. You can create, edit and delete users, but you can also define groups, and link users to groups. It is possible for you to create several "end user" type of users, and define a couple of groups, like "Executives".

Apex users and groups
Creation of a group
When you have created your group, go to the user you wish to assign this group to, and add the group to the groups of that user

Adding a group to a user

Once you have that set up, you still need the authorization schemes. The fact remains you need some pl/sql knowledge here, but it is possible to keep the coding to a minimum, thanks to some handy api-work.
Defining an authorization based on apex groups
The current_user_in_group does what it says: it checks for the current user if he has said group assigned. With some expanding using some simple IF-structures, you can ramp it up a bit!

Not that i'd totally recommend this method, i find it a bit tedious myself, and you need someone to go into APEX to actually maintain users and their groups, but it could well be that this is acceptable in your environment. You could use it to start out with however. You can very easily switch out authentication schemes, and with altering your authorization schemes so they comply with the new auth scheme, you can easily and quickly adjust this afterward. It depends on your priorities and goals of course.

回复 原文
煮茶煮酒煮时光 2024-12-18 18:43:41

授权是确定是否允许经过身份验证/识别的人员访问资源或执行操作的过程。它基于分配给用户的一组权限或角色。例如,在Oracle数据库中,管理员有调度作业的权限,而用户则没有。
授权与身份验证有何不同?
身份验证和授权通常一起工作。换句话说,授权遵循身份验证。
身份验证决定你是谁?
授权决定你可以做什么?

Authorization is a process of determining whether an authenticated/identified person is permitted to access a resource or do an operation. It is based on set of privileges or roles assigned to the user. For Example, In Oracle database, Administrator have privilege to schedule jobs, while an user cannot.
How is Authorization different from Authentication?
Often Authentication and Authorization work together. In other words, Authorization follows Authentication.
Authentication determines Who are you?
Authorization determines What you are allowed to do?

回复 原文
梦忆晨望 2024-12-18 18:43:41

我知道这已经很老了,但是谷歌把我带到了这里,所以我会尽力带上我的五美分。 Tom 的回答对我帮助很大,但我想利用 APEX 的团体资助。例如,我有用户组:基本用户、高级用户和管理员用户。较高的用户级别也应该可以访问较低级别的应用程序/页面。如果我使用 APEX_UTIL.CURRENT_USER_IN_GROUP 我需要检查所有应该具有访问权限的组。如果我添加另一个用户组,我必须将该组添加到每个应用程序上的授权方案中。而且所有用户都需要属于他们有权访问的所有组。

我的解决方案是还检查 APEX 中的团体补助金。首先,我将用户添加到管理员用户组。之后,我将基本用户组和高级用户组添加到管理员用户组。这还不够,APEX 不会授予基本用户应用程序的管理员用户访问权限,并且 APEX_UTIL.CURRENT_USER_IN_GROUP 也不知道这些。所以我对 PL/SQL 做了一些调整,我的授权方案如下:

DECLARE
    isInGroup BOOLEAN;
    userID    NUMBER(30);
    authGroup VARCHAR2(40);
    
    BEGIN
        authGroup := 'Basic User';                  -- User group to look for
        isInGroup := false;
        userID    := APEX_UTIL.GET_CURRENT_USER_ID;
    
        FOR a IN (
            SELECT wf.group_name AS group FROM wwv_flow_group_users wf WHERE wf.user_id = userID
            UNION
            SELECT gg.group_name FROM wwv_flow_group_users gu 
            RIGHT JOIN apex_workspace_group_groups gg ON gg.grantee_name = gu.group_name
            WHERE user_id = userID) 
        LOOP
            IF a.group = authGroup THEN
                isInGroup := true;
            END IF;
        END LOOP;
    
    RETURN isInGroup;
    END;

首先在 UNION 之前进行 SELECT 获取当前用户所属的所有组的名称,在我的例子中只有管理员用户。 UNION 之后的第二个 SELECT 是第一个选择中的组授予访问权限的所有组的列表。就我而言,基本用户和高级用户。这整个组在循环中迭代,如果其中一个组等于开头定义的 authGroup,则返回 true。

通过这种方式,我可以将新用户仅添加到适当的组中,并且他们还可以访问较低级别的应用程序。

I know this is quite old, but Google brought me here so I'll try to bring in my five cents. Tom's answer helped me a lot, but I wanted to make use of the APEX's Group Grants. For example I have user groups: Basic User, Advanced User and Admin User. Higher user level should bring access also to lower lever apps/pages. If I use APEX_UTIL.CURRENT_USER_IN_GROUP I need to check all groups that should have access. If I add another user group, I would have to add that group to Authorization Scheme on every app. And also all users need to be in all of the groups that they have access to.

My solution was to check also the Group Grants in APEX. First I added user to Admin User Group. After that I added Basic User and Advanced User Groups to Admin User Group. This isn't enough and APEX won't give access to Admin User for Apps that are for Basic Users and APEX_UTIL.CURRENT_USER_IN_GROUP doesn't know about those either. So I did some adjustments to the PL/SQL and my Authorization Scheme is as follows:

DECLARE
    isInGroup BOOLEAN;
    userID    NUMBER(30);
    authGroup VARCHAR2(40);
    
    BEGIN
        authGroup := 'Basic User';                  -- User group to look for
        isInGroup := false;
        userID    := APEX_UTIL.GET_CURRENT_USER_ID;
    
        FOR a IN (
            SELECT wf.group_name AS group FROM wwv_flow_group_users wf WHERE wf.user_id = userID
            UNION
            SELECT gg.group_name FROM wwv_flow_group_users gu 
            RIGHT JOIN apex_workspace_group_groups gg ON gg.grantee_name = gu.group_name
            WHERE user_id = userID) 
        LOOP
            IF a.group = authGroup THEN
                isInGroup := true;
            END IF;
        END LOOP;
    
    RETURN isInGroup;
    END;

First SELECT before UNION gets the name of all groups the current user is a member of, in my case only Admin Users. Second SELECT after UNION is a list of all groups that the groups in the first select give access to. In my case Basic User and Advanced User. This whole bunch is iterated in the LOOP and if one of the groups equals authGroup defined in the beginning, return true.

This way I can add new users to only their appropriate group and they get access also to lower lever apps.

回复 原文
绮筵 2024-12-18 18:43:40

虽然 APEX 有一个名为“组”的内置用户管理概念,但我必须承认我从未使用过它,并且快速阅读文档并不能让我清楚如何使用它们来控制访问(但请参阅汤姆的回答在这里)。

您可能需要在数据库中创建用户/角色表,并将它们与 APEX 授权方案结合使用来控制对页面的访问。可以使用函数体创建“返回布尔值的 PL/SQL 函数”类型的单个授权方案:

return my_auth_pkg.is_authorized (p_user    => :app_user,
                                  p_app_id  => :app_id
                                  p_page_id => :app_page_id);

然后,您将实现该包来查找用户的权限并决定是否为应用程序和页面 ID 返回 TRUE 或 FALSE。
在此处输入图像描述

或者,您可以直接在授权方案中执行 SQL 来检查访问权限:
在此处输入图像描述

(注意“user_roles”和“role_pages”是我编的名称,代表你的< /em> 表)

Although APEX has a built-in user management concept called "Groups" I must confess I have never used it, and a quick perusal of the documentation doesn't make it clear to me how you use these to control access (but see Tom's answer here for that).

You will probably need to create user/role tables within your database and use these in conjunction with APEX Authorization Schemes to control access to pages. A single Authorization Scheme of type "PL/SQL Function returning Boolean" could be created with the function body:

return my_auth_pkg.is_authorized (p_user    => :app_user,
                                  p_app_id  => :app_id
                                  p_page_id => :app_page_id);

You would then implement the package to look up the user's privileges and decide whether to return TRUE or FALSE for the application and page id.
enter image description here

Alternatively you could just perform the SQL to check for access directly in the Authorization Scheme:
enter image description here

(NB "user_roles" and "role_pages" are names I made up, to represent your tables)

回复 原文
~没有更多了~

关于作者

哑剧

暂无简介

文章
评论
627 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Promise

文章 0 评论 0

qq_lbRlsh

文章 0 评论 0

待"谢繁草

文章 0 评论 0

yy2010hell

文章 0 评论 0

漫无边际

文章 0 评论 0

傲娇萝莉攻

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文