Databases Reference
In-Depth Information
When you run the application as Martin, information about a ticket on page 210 shows data without the
confusion of form elements. Authenticating as any other user shows the data in form elements and displays the
corresponding buttons. Results of the read-only view are shown in Figure
9-33
; compare them to the form in edit
mode, shown in Figure
9-34
.
Figure 9-33.
Ticket record in read-only mode
Figure 9-34.
Ticket record in edit mode
Data Security
At this point, the majority of the application is relatively secure. What you don't have is data security applied to
segregate the data between application users. Any authenticated user can see and make changes to any other
user's records. APEX doesn't provide a built-in construct for securing data. APEX does support and work well
with other Oracle technologies that secure data, such as Virtual Private Database, Oracle Label Security, and
Transparent Data Encryption.
Although there are a number of ways to deal with data segregation and security, one of the simpler methods is
to use a view to enforce the data available to a user in place of all references to the base table. This method is effective
and works with all versions of the Oracle database. The process works by adding a securing function to the view that
uses the current APEX username, filtering out the data from other users.
