英文:
Oracle Apex Restrict Report Data based on Authorization schemes and roles
问题
我有一个包含员工数据的Apex IG。
我还创建了角色和授权方案。
例如,对于销售经理,授权方案是USER_SALES_MANAGER。同样,对于市场营销,我们有USER_MARKETING_MANAGER。
要求是USER_SALES_MANAGER只能查看部门为Sales的行。
类似地,USER_MARKETING_MANAGER只能查看Marketing部门。
因此,数据需要根据授权来限制。
如何实现这一点?
由于限制,我无法发布整个实际数据。即使提供一些想法或指导也将非常有帮助。
英文:
I have an Apex IG with the employee data.
I also have roles and authorization schemes created.
Ex: For Sales Manager, Authorization scheme is USER_SALES_MANAGER.
Similarly for Marketing we have USER_MARKETING_MANAGER.
Requirement is that USER_SALES_MANAGER can only view rows with Dept as Sales.
Similarly USER_MARKETING_MANAGER can only view Dept as Marketing.
So data is to be restricted on basis of authorization.
How can this be achieved?
I cannot post entire and actual data due to restrictions. Even some idea or guidance would be great here.
答案1
得分: 1
如您所说:思路或指导。
让我们假设授权方案是基于一个接受APP_USER作为参数并返回1(如果该用户是销售(或营销)经理)的函数(否则返回0)。
即使方案不是基于函数的,那么也可以创建一个按照描述进行操作的函数。
然后,您可以修改查询以在其where子句中重用这样一个函数,使用case表达式:
select empid, empname, dept, bu, rank
from your_table
where dept = case when f_user_is_sales_manager(:APP_USER) = 1 then 'Sales'
when f_user_is_marketing_manager(:APP_USER) = 1 then 'Marketing'
end
英文:
As you said: idea or guidance.
Let's presume that authorization scheme is based on a function which accepts APP_USER as a parameter and returns 1 if that user is a sales (or marketing) manager (and 0 otherwise).
Even if scheme isn't based on a function, then create one which does as described.
Then you'd modify query to reuse such a function in its where clause, using case expression:
select empid, empname, dept, bu, rank
from your_table
where dept = case when f_user_is_sales_manager (:APP_USER) = 1 then 'Sales'
when f_user_is_marketing_manager (:APP_USER) = 1 then 'Marketing'
end
答案2
得分: 1
基于身份验证方案的数据分割在 APEX 中并不是非常直接的。一个解决方案是基于函数创建身份验证方案,就像 @Littlefoot 描述的那样,但另一个选项是使用应用程序项目来实现。
为每个身份验证方案创建一个应用程序项目。以身份验证方案 "USER_SALES_MANAGER" 为例:
-
创建应用程序项目
F_IS_SALES_MANAGER -
为
F_IS_SALES_MANAGER添加一个应用程序计算。"类型 Function Body",计算点 "On New Instance",源码:
RETURN
CASE WHEN APEX_AUTHORIZATION.IS_AUTHORIZED ('USER_SALES_MANAGER') THEN 1 ELSE 0 END;
- 查询源码(假设您已经按上述说明创建了2个应用程序项目):
select empid, empname, dept, bu, rank
from your_table
where dept = case when :F_IS_SALES_MANAGER = 1 then 'Sales'
when :F_IS_MARKETING_MANAGER = 1 then 'Marketing'
end
英文:
Data striping based on auth schemes isn't very straightforward in APEX. One solution is to base your auth schemes on functions as @Littlefoot describes but another option is to use application items for that.
Create one application item per auth scheme. Let's take the one for auth scheme "USER_SALES_MANAGER" as example.
- Create Application item
F_IS_SALES_MANAGER - Add and application computations for
F_IS_SALES_MANAGER. "Type Function Body", Computation Point "On New Instance", Source:
RETURN
CASE WHEN APEX_AUTHORIZATION.IS_AUTHORIZED ('USER_SALES_MANAGER') THEN 1 ELSE 0 END;
- Query source (assuming you created 2 application items as described above):
select empid, empname, dept, bu, rank
from your_table
where dept = case when :F_IS_SALES_MANAGER = 1 then 'Sales'
when :F_IS_MARKETING_MANAGER = 1 then 'Marketing'
end
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论