Database Reference
In-Depth Information
Figure 9-33.
Ticket record in read-only mode
Figure 9-34.
Ticket record in edit mode
Data Security
At this point, the majority of the application is relatively secure. What you don't have
is data security applied to segregate the data between application users. Any authentic-
ated user can see and make changes to any other user's records. APEX doesn't provide
a built-in construct for securing data. APEX does support and work well with other
Oracle technologies that secure data, such as Virtual Private Database, Oracle Label
Security, and Transparent Data Encryption.
Although there are a number of ways to deal with data segregation and security, one
of the simpler methods is to use a view to enforce the data available to a user in place
of all references to the base table. This method is effective and works with all versions
of the Oracle database. The process works by adding a securing function to the view
that uses the current APEX username, filtering out the data from other users.
To implement this data security, you run a script that creates a new view named
TICKET_SECURE_V
and then re-create the other two views,
TICKET_ACTIVITY_V
and
TICKET_V
, so they point to the secured view rather
than the
TICKETS
table directly. Then you make modifications to the other key com-
ponents of the pages that access ticket data to also use the new secure views. Here are
the steps:
