Database Reference
In-Depth Information
Whereas authentication answers the question “Who are you?,” authorization works to
answer the question “What are you allowed to do once logged in?” APEX provides
shared components of an application called
authorization schemes
. These authorization
schemes can be applied to components within the application to tell the APEX engine
when the components should be executed or rendered.
When you created the access-control pages, APEX created three authorization
schemes for you, one for each role available in the edit screens: Admin, Edit and View.
Figure 9-27
shows the Authorization Schemes shared component report.
Figure 9-27.
The authorization schemes created as part of the access-control mechanisms
The last step in this process is to start locking down pages using these authorization
schemes. First let's lock down the Administrator section of the application so that only
a user with ADMIN privileges can use it:
30. Edit
Page 620
.
31. Edit
Page Attributes
by double-clicking the page name.
32. In the
Security
region, set
Authorization Scheme
to
access con-
trol - administrator
, as shown in
Figure 9-28
. Click
Apply Changes
.
Figure 9-28.
Setting the authorization scheme at a page level