Oracle Apex 根据授权方案和角色限制报表数据。

huangapple go评论78阅读模式
英文:

Oracle Apex Restrict Report Data based on Authorization schemes and roles

问题

我有一个包含员工数据的Apex IG。

我还创建了角色和授权方案。

例如,对于销售经理,授权方案是USER_SALES_MANAGER。同样,对于市场营销,我们有USER_MARKETING_MANAGER。

要求是USER_SALES_MANAGER只能查看部门为Sales的行。

类似地,USER_MARKETING_MANAGER只能查看Marketing部门。

因此,数据需要根据授权来限制。

如何实现这一点?

由于限制,我无法发布整个实际数据。即使提供一些想法或指导也将非常有帮助。

英文:

I have an Apex IG with the employee data.

Oracle Apex 根据授权方案和角色限制报表数据。

I also have roles and authorization schemes created.

Ex: For Sales Manager, Authorization scheme is USER_SALES_MANAGER.
Similarly for Marketing we have USER_MARKETING_MANAGER.

Requirement is that USER_SALES_MANAGER can only view rows with Dept as Sales.

Similarly USER_MARKETING_MANAGER can only view Dept as Marketing.

So data is to be restricted on basis of authorization.

How can this be achieved?

I cannot post entire and actual data due to restrictions. Even some idea or guidance would be great here.

答案1

得分: 1

如您所说:思路或指导。

让我们假设授权方案是基于一个接受APP_USER作为参数并返回1(如果该用户是销售(或营销)经理)的函数(否则返回0)。

即使方案不是基于函数的,那么也可以创建一个按照描述进行操作的函数。

然后,您可以修改查询以在其where子句中重用这样一个函数,使用case表达式:

select empid, empname, dept, bu, rank
from your_table
where dept = case when f_user_is_sales_manager(:APP_USER) = 1 then 'Sales'
                  when f_user_is_marketing_manager(:APP_USER) = 1 then 'Marketing'
             end
英文:

As you said: idea or guidance.

Let's presume that authorization scheme is based on a function which accepts APP_USER as a parameter and returns 1 if that user is a sales (or marketing) manager (and 0 otherwise).

Even if scheme isn't based on a function, then create one which does as described.

Then you'd modify query to reuse such a function in its where clause, using case expression:

select empid, empname, dept, bu, rank
from your_table
where dept = case when f_user_is_sales_manager     (:APP_USER) = 1 then 'Sales'
                  when f_user_is_marketing_manager (:APP_USER) = 1 then 'Marketing'
             end

答案2

得分: 1

基于身份验证方案的数据分割在 APEX 中并不是非常直接的。一个解决方案是基于函数创建身份验证方案,就像 @Littlefoot 描述的那样,但另一个选项是使用应用程序项目来实现。

为每个身份验证方案创建一个应用程序项目。以身份验证方案 "USER_SALES_MANAGER" 为例:

  • 创建应用程序项目 F_IS_SALES_MANAGER

  • F_IS_SALES_MANAGER 添加一个应用程序计算。"类型 Function Body",计算点 "On New Instance",源码:

RETURN 
  CASE WHEN APEX_AUTHORIZATION.IS_AUTHORIZED ('USER_SALES_MANAGER') THEN 1 ELSE 0 END;
  • 查询源码(假设您已经按上述说明创建了2个应用程序项目):
select empid, empname, dept, bu, rank
from your_table
where dept = case when :F_IS_SALES_MANAGER = 1 then 'Sales'
                  when :F_IS_MARKETING_MANAGER = 1 then 'Marketing'
             end
英文:

Data striping based on auth schemes isn't very straightforward in APEX. One solution is to base your auth schemes on functions as @Littlefoot describes but another option is to use application items for that.

Create one application item per auth scheme. Let's take the one for auth scheme "USER_SALES_MANAGER" as example.

  • Create Application item F_IS_SALES_MANAGER
  • Add and application computations for F_IS_SALES_MANAGER. "Type Function Body", Computation Point "On New Instance", Source:
RETURN 
  CASE WHEN APEX_AUTHORIZATION.IS_AUTHORIZED ('USER_SALES_MANAGER') THEN 1 ELSE 0 END;
  • Query source (assuming you created 2 application items as described above):
select empid, empname, dept, bu, rank
from your_table
where dept = case when :F_IS_SALES_MANAGER = 1 then 'Sales'
                  when :F_IS_MARKETING_MANAGER = 1 then 'Marketing'
             end

huangapple
  • 本文由 发表于 2023年6月26日 14:17:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/76553973.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定